Total
14075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57776 | 1 Ni | 1 Dasylab | 2026-06-17 | N/A | 7.8 HIGH |
| There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerability affects all versions of DASYLab. | |||||
| CVE-2025-57775 | 1 Ni | 1 Dasylab | 2026-06-17 | N/A | 7.8 HIGH |
| There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerability affects all versions of DASYLab. | |||||
| CVE-2025-57774 | 1 Ni | 1 Dasylab | 2026-06-17 | N/A | 7.8 HIGH |
| There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerability affects all versions of DASYLab. | |||||
| CVE-2025-57709 | 1 Qnap | 1 Qsync Central | 2026-06-17 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2025-55611 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter. | |||||
| CVE-2025-55602 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter. | |||||
| CVE-2025-55599 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey. | |||||
| CVE-2025-55118 | 2026-06-17 | N/A | 8.9 HIGH | ||
| Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n" | |||||
| CVE-2025-55095 | 1 Eclipse | 1 Threadx Usbx | 2026-06-17 | N/A | 4.2 MEDIUM |
| The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in _ux_host_class_storage_partition_read(), which parses up to four partition entries. If an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED or EXTENDED_LBA_MAPPED), the code invokes: _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...)); There is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs. | |||||
| CVE-2025-55036 | 1 F5 | 1 Big-ip Ssl Orchestrator | 2026-06-17 | N/A | 7.5 HIGH |
| When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-54957 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write. | |||||
| CVE-2025-54820 | 1 Fortinet | 1 Fortimanager | 2026-06-17 | N/A | 8.1 HIGH |
| A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms. | |||||
| CVE-2025-54627 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.8 HIGH |
| Out-of-bounds write vulnerability in the skia module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54616 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.0 MEDIUM |
| Out-of-bounds array access vulnerability in the ArkUI framework. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54574 | 1 Squid-cache | 1 Squid | 2026-06-17 | N/A | 9.3 CRITICAL |
| Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions. | |||||
| CVE-2025-54517 | 2026-06-17 | N/A | N/A | ||
| Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. | |||||
| CVE-2025-54479 | 1 F5 | 3 Big-ip Next Cloud-native Network Functions, Big-ip Next For Kubernetes, Big-ip Policy Enforcement Manager | 2026-06-17 | N/A | 7.5 HIGH |
| When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-54284 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54283 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54280 | 1 Adobe | 1 Substance 3d Viewer | 2026-06-17 | N/A | 7.8 HIGH |
| Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
