Vulnerabilities (CVE)

Filtered by CWE-121
Total 2849 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-52539 2026-06-17 N/A 7.3 HIGH
A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability.
CVE-2025-52292 1 Gpac 1 Gpac 2026-06-17 N/A 7.5 HIGH
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
CVE-2025-52194 1 Libsndfile Project 1 Libsndfile 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.
CVE-2025-52082 1 Netgear 2 Xr300, Xr300 Firmware 2026-06-17 N/A 6.5 MEDIUM
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter.
CVE-2025-52081 1 Netgear 2 Xr300, Xr300 Firmware 2026-06-17 N/A 6.5 MEDIUM
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.
CVE-2025-52080 1 Netgear 2 Xr300, Xr300 Firmware 2026-06-17 N/A 6.5 MEDIUM
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter.
CVE-2025-51385 1 Dlink 2 Di-8200, Di-8200 Firmware 2026-06-17 N/A 3.5 LOW
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.
CVE-2025-51384 1 Dlink 2 Di-8200, Di-8200 Firmware 2026-06-17 N/A 3.5 LOW
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
CVE-2025-51383 1 Dlink 2 Di-8200, Di-8200 Firmware 2026-06-17 N/A 3.5 LOW
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.
CVE-2025-50671 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, user_id, shibie_name, time, act, log, and rpri.
CVE-2025-50664 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr.
CVE-2025-50663 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.
CVE-2025-50662 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.
CVE-2025-50661 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log.
CVE-2025-50660 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint.
CVE-2025-50659 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint.
CVE-2025-50657 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.
CVE-2025-50655 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-06-17 N/A 7.5 HIGH
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint.
CVE-2025-50528 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.3 HIGH
A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.
CVE-2025-50464 1 Iptime 2 Nas, Nas Firmware 2026-06-17 N/A 6.5 MEDIUM
A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication.