Total
12733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5302 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22918. | |||||
| CVE-2024-5303 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | N/A | 7.8 HIGH |
| Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22919. | |||||
| CVE-2024-5304 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | N/A | 7.8 HIGH |
| Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22920. | |||||
| CVE-2024-58264 | 1 Cosmwasm | 1 Serde-json-wasm | 2025-08-06 | N/A | 3.2 LOW |
| The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data. | |||||
| CVE-2025-41431 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-08-06 | N/A | 7.5 HIGH |
| When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-46715 | 1 Sandboxie-plus | 1 Sandboxie | 2025-08-04 | N/A | 7.8 HIGH |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue. | |||||
| CVE-2020-25412 | 1 Gnuplot | 1 Gnuplot | 2025-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution. | |||||
| CVE-2025-48499 | 2025-08-04 | N/A | 5.3 MEDIUM | ||
| Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition. | |||||
| CVE-2024-20375 | 1 Cisco | 1 Unified Communications Manager | 2025-08-01 | N/A | 8.6 HIGH |
| A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices. | |||||
| CVE-2025-20182 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-08-01 | N/A | 8.6 HIGH |
| A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when processing IKEv2 messages. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition on the affected device. | |||||
| CVE-2025-0143 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Workplace Desktop | 2025-07-31 | N/A | 4.3 MEDIUM |
| Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access. | |||||
| CVE-2025-4422 | 2025-07-31 | N/A | 8.2 HIGH | ||
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | |||||
| CVE-2025-4421 | 2025-07-31 | N/A | 8.2 HIGH | ||
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | |||||
| CVE-2025-0649 | 1 Google | 1 Tensorflow Serving | 2025-07-31 | N/A | 7.5 HIGH |
| Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash. | |||||
| CVE-2025-8168 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2025-07-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file /goform/formSetWanPPPoE. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-8169 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2025-07-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-8184 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2025-07-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-1252 | 1 Rti | 1 Connext Professional | 2025-07-31 | N/A | 7.1 HIGH |
| Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.4d before 5.2.*. | |||||
| CVE-2025-1254 | 1 Rti | 1 Connext Professional | 2025-07-31 | N/A | 7.4 HIGH |
| Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42. | |||||
| CVE-2024-7305 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2025-07-30 | N/A | 7.8 HIGH |
| A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |||||