Vulnerabilities (CVE)

Filtered by CWE-121
Total 2809 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-1187 1 Code-projects 1 Police Fir Record Management System 2026-06-17 4.3 MEDIUM 5.3 MEDIUM
A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Delete Record Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2025-1164 1 Code-projects 1 Police Fir Record Management System 2026-06-17 4.3 MEDIUM 5.3 MEDIUM
A vulnerability, which was classified as problematic, has been found in code-projects Police FIR Record Management System 1.0. This issue affects some unknown processing of the component Add Record Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-1163 1 Code-projects 1 Vehicle Parking Management System 2026-06-17 4.3 MEDIUM 5.3 MEDIUM
A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. This vulnerability affects the function login of the component Authentication. The manipulation of the argument username leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-15608 1 Tp-link 2 Archer Ax53, Archer Ax53 Firmware 2026-06-17 N/A 9.8 CRITICAL
This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.
CVE-2025-15555 1 Open5gs 1 Open5gs 2026-06-17 7.5 HIGH 7.3 HIGH
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.
CVE-2025-15273 1 Fontforge 1 Fontforge 2026-06-17 N/A 8.8 HIGH
FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PFB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28546.
CVE-2025-15255 1 Tenda 2 W6-s, W6-s Firmware 2026-06-17 10.0 HIGH 9.8 CRITICAL
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-15253 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-15252 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2025-15232 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2025-15231 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-15216 1 Tenda 2 Ac23, Ac23 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVE-2025-15194 1 Dlink 2 Dir-600, Dir-600 Firmware 2026-06-17 10.0 HIGH 9.8 CRITICAL
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-15190 1 Dlink 2 Dwr-m920, Dwr-m920 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-15180 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2025-15179 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-15178 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
CVE-2025-15177 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-15164 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVE-2025-15163 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.