Vulnerabilities (CVE)

Filtered by CWE-121
Total 2805 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-12213 1 Tenda 2 O3, O3 Firmware1.0.0.10\(2478\) 2026-06-17 9.0 HIGH 8.8 HIGH
A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument lan leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-12212 1 Tenda 2 O3, O3 Firmware1.0.0.10\(2478\) 2026-06-17 9.0 HIGH 8.8 HIGH
A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2025-12211 1 Tenda 2 O3, O3 Firmware1.0.0.10\(2478\) 2026-06-17 9.0 HIGH 8.8 HIGH
A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2025-12210 1 Tenda 2 O3, O3 Firmware1.0.0.10\(2478\) 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2025-12209 1 Tenda 2 O3, O3 Firmware1.0.0.10\(2478\) 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing a manipulation of the argument dhcpEn can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2025-12143 2026-06-17 N/A 6.1 MEDIUM
Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
CVE-2025-11918 1 Rockwellautomation 1 Arena 2026-06-17 N/A 7.3 HIGH
Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.
CVE-2025-11786 1 Circutor 4 Sge-plc1000, Sge-plc1000 Firmware, Sge-plc50 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.
CVE-2025-11785 1 Circutor 4 Sge-plc1000, Sge-plc1000 Firmware, Sge-plc50 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
CVE-2025-11784 1 Circutor 4 Sge-plc1000, Sge-plc1000 Firmware, Sge-plc50 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
CVE-2025-11783 1 Circutor 4 Sge-plc1000, Sge-plc1000 Firmware, Sge-plc50 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.
CVE-2025-11782 1 Circutor 4 Sge-plc1000, Sge-plc1000 Firmware, Sge-plc50 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.
CVE-2025-11779 1 Circutor 4 Sge-plc1000, Sge-plc1000 Firmware, Sge-plc50 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.
CVE-2025-11678 2026-06-17 N/A N/A
Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer than the maximum.
CVE-2025-11586 1 Tenda 2 Ac7, Ac7 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-11549 1 Tenda 2 W12, W12 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-11542 1 Sharp 52 Np-cr5450h, Np-cr5450h Firmware, Np-cr5450hl and 49 more 2026-06-17 N/A 9.8 CRITICAL
Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
CVE-2025-11541 1 Sharp 52 Np-cr5450h, Np-cr5450h Firmware, Np-cr5450hl and 49 more 2026-06-17 N/A 9.8 CRITICAL
Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
CVE-2025-11528 1 Tenda 2 Ac7, Ac7 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVE-2025-11527 1 Tenda 2 Ac7, Ac7 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.