Total
12403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5847 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5853 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5855 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5863 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-49350 | 1 Ibm | 1 Db2 | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2024-21175 | 1 Oracle | 1 Weblogic Server | 2025-06-09 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2024-53901 | 1 Tonycoz | 1 Imager | 2025-06-09 | N/A | 5.5 MEDIUM |
| The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image. | |||||
| CVE-2024-24188 | 1 Jsish | 1 Jsish | 2025-06-09 | N/A | 9.8 CRITICAL |
| Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. | |||||
| CVE-2019-12900 | 6 Bzip, Canonical, Debian and 3 more | 6 Bzip2, Ubuntu Linux, Debian Linux and 3 more | 2025-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | |||||
| CVE-2022-29072 | 2 7-zip, Microsoft | 2 7-zip, Windows | 2025-06-09 | 7.2 HIGH | 7.8 HIGH |
| 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur | |||||
| CVE-2025-5527 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5619 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-06-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-23103 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-06 | N/A | 8.6 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | |||||
| CVE-2025-23107 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-06 | N/A | 8.6 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | |||||
| CVE-2025-5572 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-23097 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-06-06 | N/A | 9.1 CRITICAL |
| An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes. | |||||
| CVE-2023-51955 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-06 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. | |||||
| CVE-2025-5502 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5624 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-06 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-5622 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-06 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||