Vulnerabilities (CVE)

Filtered by CWE-787
Total 14076 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-47126 2 Adobe, Microsoft 2 Framemaker, Windows 2026-06-17 N/A 7.8 HIGH
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47124 2 Adobe, Microsoft 2 Framemaker, Windows 2026-06-17 N/A 7.8 HIGH
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47108 1 Adobe 1 Substance 3d Painter 2026-06-17 N/A 7.8 HIGH
Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-46715 1 Sandboxie-plus 1 Sandboxie 2026-06-17 N/A 7.8 HIGH
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue.
CVE-2025-46643 1 Dell 1 Data Domain Operating System 2026-06-17 N/A 2.3 LOW
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
CVE-2025-46585 1 Huawei 1 Harmonyos 2026-06-17 N/A 7.5 HIGH
Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-46152 1 Linuxfoundation 1 Pytorch 2026-06-17 N/A 5.3 MEDIUM
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
CVE-2025-45845 1 Totolink 2 Nr1800x, Nr1800x Firmware 2026-06-17 N/A 8.8 HIGH
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.
CVE-2025-45844 1 Totolink 2 Nr1800x, Nr1800x Firmware 2026-06-17 N/A 8.8 HIGH
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.
CVE-2025-45843 1 Totolink 2 Nr1800x, Nr1800x Firmware 2026-06-17 N/A 8.8 HIGH
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.
CVE-2025-45842 1 Totolink 2 Nr1800x, Nr1800x Firmware 2026-06-17 N/A 8.8 HIGH
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.
CVE-2025-45841 1 Totolink 2 Nr1800x, Nr1800x Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
CVE-2025-45797 1 Totolink 2 A950rg, A950rg Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.
CVE-2025-45790 1 Totolink 2 A3100r, A3100r Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.
CVE-2025-45789 1 Totolink 2 A3100r, A3100r Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.
CVE-2025-45788 1 Totolink 2 A3100r, A3100r Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.
CVE-2025-45787 1 Totolink 2 A3100r, A3100r Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
CVE-2025-44014 1 Qnap 1 Qsync Central 2026-06-17 N/A 8.8 HIGH
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
CVE-2025-43594 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2026-06-17 N/A 7.8 HIGH
InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-43593 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2026-06-17 N/A 7.8 HIGH
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.