Total
2103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15178 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-15177 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15164 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-15163 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-15162 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15161 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-15160 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15190 | 1 Dlink | 2 Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-15047 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-15046 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15045 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-15044 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. | |||||
| CVE-2025-14964 | 1 Totolink | 2 T10, T10 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote. | |||||
| CVE-2025-14879 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-24 | 10.0 HIGH | 9.8 CRITICAL |
| A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-14878 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-24 | 10.0 HIGH | 9.8 CRITICAL |
| A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-64469 | 1 Ni | 1 Labview | 2025-12-24 | N/A | 7.8 HIGH |
| There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions. | |||||
| CVE-2025-27151 | 1 Redis | 1 Redis | 2025-12-23 | N/A | 4.7 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2. | |||||
| CVE-2025-15013 | 2025-12-23 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2025-34457 | 2025-12-23 | N/A | N/A | ||
| wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition. | |||||
| CVE-2025-14665 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | |||||