Vulnerabilities (CVE)

Filtered by CWE-121
Total 2809 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-2370 1 Totolink 2 Ex1800t, Ex1800t Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2369 1 Totolink 2 Ex1800t, Ex1800t Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2263 1 Santesoft 1 Sante Pacs Server 2026-06-17 N/A 9.8 CRITICAL
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.
CVE-2025-2151 1 Assimp 1 Assimp 2026-06-17 7.5 HIGH 6.3 MEDIUM
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2097 1 Totolink 2 Ex1800t, Ex1800t Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-29988 1 Dell 522 14 Plus 2-in-1 Db04250, 14 Plus 2-in-1 Db04250 Firmware, 14 Plus Db14250 and 519 more 2026-06-17 N/A 6.9 MEDIUM
Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
CVE-2025-29951 2026-06-17 N/A N/A
A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
CVE-2025-29840 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2026-06-17 N/A 8.8 HIGH
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29387 1 Tenda 2 Ac9, Ac9 Firmware 2026-06-17 N/A 7.1 HIGH
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-29364 1 Spimsimulator 1 Spim 2026-06-17 N/A 6.5 MEDIUM
spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and WRITE_SYSCALL system calls. The application verifies the legitimacy of the starting and ending addresses for memory read/write operations. By configuring the starting and ending addresses for memory read/write to point to distinct memory segments within the virtual machine, it is possible to circumvent these checks.
CVE-2025-29218 1 Tenda 2 W18e, W18e Firmware 2026-06-17 N/A 6.5 MEDIUM
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2025-29215 1 Tenda 2 Ax12, Ax12 Firmware 2026-06-17 N/A 6.5 MEDIUM
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
CVE-2025-29214 1 Tenda 2 Ax12, Ax12 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
CVE-2025-29149 1 Tenda 2 I12, I12 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.
CVE-2025-29135 1 Tenda 2 Ac7, Ac7 Firmware 2026-06-17 N/A 9.8 CRITICAL
A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.
CVE-2025-29121 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow.
CVE-2025-29118 1 Tenda 2 Ac8, Ac8 Firmware 2026-06-17 N/A 6.5 MEDIUM
Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878.
CVE-2025-29101 1 Tenda 2 Ac8, Ac8 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function.
CVE-2025-29100 1 Tenda 2 Ac8, Ac8 Firmware 2026-06-17 N/A 9.8 CRITICAL
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.
CVE-2025-28344 2026-06-17 N/A 7.5 HIGH
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.