Vulnerabilities (CVE)

Filtered by CWE-121
Total 2809 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-28343 2026-06-17 N/A 7.5 HIGH
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.
CVE-2025-28144 1 Edimax 2 Br-6478ac V3, Br-6478ac V3 Firmware 2026-06-17 N/A 6.5 MEDIUM
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function.
CVE-2025-28136 1 Totolink 2 A800r, A800r Firmware 2026-06-17 N/A 6.5 MEDIUM
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi.
CVE-2025-28135 1 Totolink 2 A810r, A810r Firmware 2026-06-17 N/A 7.5 HIGH
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2025-28033 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2026-06-17 N/A 7.3 HIGH
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.
CVE-2025-28032 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2026-06-17 N/A 7.3 HIGH
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.
CVE-2025-28030 1 Totolink 2 A810r, A810r Firmware 2026-06-17 N/A 8.8 HIGH
TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.
CVE-2025-28029 1 Totolink 8 A3000ru, A3000ru Firmware, A3100r and 5 more 2026-06-17 N/A 7.3 HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in cstecgi.cgi
CVE-2025-28027 1 Totolink 8 A3000ru, A3000ru Firmware, A3100r and 5 more 2026-06-17 N/A 7.3 HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 was found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2025-28026 1 Totolink 8 A3000ru, A3000ru Firmware, A3100r and 5 more 2026-06-17 N/A 7.3 HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2025-27481 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2026-06-17 N/A 8.8 HIGH
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27168 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2026-06-17 N/A 7.8 HIGH
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27151 1 Redis 1 Redis 2026-06-17 N/A 4.7 MEDIUM
Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.
CVE-2025-26688 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2026-06-17 N/A 7.8 HIGH
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
CVE-2025-26507 1 Hp 403 115p9aw, 115q0aw, 17f27aw and 400 more 2026-06-17 N/A 9.8 CRITICAL
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2025-26506 1 Hp 190 499m6a, 499m6a Firmware, 499m7a and 187 more 2026-06-17 N/A 9.8 CRITICAL
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2025-26386 2026-06-17 N/A N/A
Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.
CVE-2025-26382 2026-06-17 N/A N/A
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
CVE-2025-26336 1 Dell 4 Chassis Management Controller For Poweredge Fx2, Chassis Management Controller For Poweredge Fx2 Firmware, Chassis Management Controller For Poweredge Vrtx and 1 more 2026-06-17 N/A 8.3 HIGH
Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
CVE-2025-25896 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2026-06-17 N/A 5.7 MEDIUM
A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.