Total
13174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20357 | 1 Cisco | 36 Ip Phone 6821, Ip Phone 6821 With Multiplatform Firmware, Ip Phone 6841 and 33 more | 2026-01-05 | N/A | 5.9 MEDIUM |
| A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device. | |||||
| CVE-2020-36885 | 1 Sony | 2 Snc-dh120t, Snc-dh120t Firmware | 2026-01-02 | N/A | 9.8 CRITICAL |
| Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service. | |||||
| CVE-2025-66590 | 1 Azeotech | 1 Daqfactory | 2026-01-02 | N/A | 9.8 CRITICAL |
| In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash. | |||||
| CVE-2025-11964 | 2025-12-31 | N/A | 1.9 LOW | ||
| On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer. | |||||
| CVE-2025-15150 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-12-31 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is only possible with local access. The patch is identified as 338595edd1d235efd885fd5e9f45e7f9dcf4013d. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2025-34451 | 1 Proxychains-ng Project | 1 Proxychains-ng | 2025-12-31 | N/A | 7.8 HIGH |
| rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations. | |||||
| CVE-2025-34450 | 1 Rtl 433 Project | 1 Rtl 433 | 2025-12-31 | N/A | 7.8 HIGH |
| merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations. | |||||
| CVE-2022-49950 | 1 Linux | 1 Linux Kernel | 2025-12-31 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow check incremented the session count also when there were no more available sessions so that memory beyond the fixed-size slab-allocated session array could be corrupted in fastrpc_session_alloc() on open(). | |||||
| CVE-2024-23127 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-12-31 | N/A | 7.8 HIGH |
| A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23126 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-12-31 | N/A | 7.8 HIGH |
| A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23125 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-12-31 | N/A | 7.8 HIGH |
| A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-11422 | 1 Autodesk | 1 Navisworks | 2025-12-31 | N/A | 7.8 HIGH |
| A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-23138 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2025-12-31 | N/A | 7.8 HIGH |
| A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-62862 | 1 Amperecomputing | 26 Ampereone A128-34x, Ampereone A128-34x Firmware, Ampereone A144-24x and 23 more | 2025-12-31 | N/A | 4.6 MEDIUM |
| Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager. | |||||
| CVE-2025-14958 | 1 Floooh | 1 Sokol | 2025-12-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue. | |||||
| CVE-2025-43402 | 1 Apple | 1 Macos | 2025-12-30 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt process memory. | |||||
| CVE-2018-25154 | 2025-12-29 | N/A | 9.8 CRITICAL | ||
| GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system. | |||||
| CVE-2025-64461 | 1 Ni | 1 Labview | 2025-12-24 | N/A | 7.8 HIGH |
| There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions. | |||||
| CVE-2025-47350 | 1 Qualcomm | 36 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 33 more | 2025-12-23 | N/A | 7.8 HIGH |
| Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. | |||||
| CVE-2025-47372 | 1 Qualcomm | 46 Qam8255p, Qam8255p Firmware, Qam8620p and 43 more | 2025-12-23 | N/A | 9.0 CRITICAL |
| Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | |||||