Total
1288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6258 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 6.8 MEDIUM |
| BT: Missing length checks of net_buf in rfcomm_handle_data | |||||
| CVE-2023-40222 | 1 Ashlar | 1 Cobalt | 2025-09-16 | N/A | 7.8 HIGH |
| In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2024-48075 | 2025-09-15 | N/A | 5.3 MEDIUM | ||
| A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message. | |||||
| CVE-2024-33428 | 1 Stsaz | 1 Phiola | 2025-09-15 | N/A | 8.8 HIGH |
| Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | |||||
| CVE-2025-8843 | 1 Nasm | 1 Netwide Assembler | 2025-09-15 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-54244 | 1 Adobe | 1 Substance 3d Viewer | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54910 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-09-12 | N/A | 8.4 HIGH |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54907 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-09-12 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54900 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-12 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-9019 | 1 Broadcom | 1 Tcpreplay | 2025-09-11 | 2.6 LOW | 3.1 LOW |
| A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2." | |||||
| CVE-2025-57807 | 1 Imagemagick | 1 Imagemagick | 2025-09-10 | N/A | 3.8 LOW |
| ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2. | |||||
| CVE-2025-8302 | 1 Realtek | 2 Rtl8811au, Wi-fi Usb Driver | 2025-09-10 | N/A | 8.8 HIGH |
| Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the N6CSet_DOT11_CIPHER_DEFAULT_KEY function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26553. | |||||
| CVE-2025-8300 | 1 Realtek | 2 Rtl8811au, Wi-fi Usb Driver | 2025-09-10 | N/A | 8.8 HIGH |
| Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the N6CSet_DOT11_CIPHER_DEFAULT_KEY function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26552. | |||||
| CVE-2025-8301 | 1 Realtek | 2 Rtl8811au, Wi-fi Usb Driver | 2025-09-10 | N/A | 7.8 HIGH |
| Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the N6CSet_DOT11_CIPHER_DEFAULT_KEY function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24786. | |||||
| CVE-2025-8299 | 1 Realtek | 2 Rtl8811au, Wi-fi Usb Driver | 2025-09-10 | N/A | 8.8 HIGH |
| Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the MgntActSet_TEREDO_SET_RS_PACKET function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25857. | |||||
| CVE-2025-5830 | 1 Autel | 18 Maxicharger Ac Elite Business C50, Maxicharger Ac Elite Business C50 Firmware, Maxicharger Ac Pro and 15 more | 2025-09-10 | N/A | 8.8 HIGH |
| Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DLB_SlaveRegister messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26327. | |||||
| CVE-2025-9951 | 2025-09-09 | N/A | N/A | ||
| A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. | |||||
| CVE-2025-58050 | 1 Pcre | 1 Pcre2 | 2025-09-09 | N/A | 9.1 CRITICAL |
| The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46. | |||||
| CVE-2025-34522 | 1 Arcserve | 1 Udp | 2025-09-09 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory, potentially leading to application crashes or remote code execution. Exploitation occurs in the context of the affected process and does not require user interaction. The vulnerability poses a high risk due to its pre-authentication nature and potential for full compromise. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. | |||||
| CVE-2025-34523 | 1 Arcserve | 1 Udp | 2025-09-09 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted data, a remote attacker can corrupt heap memory, potentially causing a denial of service or enabling arbitrary code execution depending on the memory layout and exploitation techniques used. This vulnerability is similar in nature to CVE-2025-34522 but affects a separate code path or component. No user interaction is required, and exploitation occurs in the context of the vulnerable process. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. | |||||