Total
14128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29979 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-06-17 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29967 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29966 | 1 Microsoft | 17 Remote Desktop, Windows 10 1507, Windows 10 1607 and 14 more | 2026-06-17 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29964 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-06-17 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29963 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-06-17 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29962 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29949 | 2026-06-17 | N/A | N/A | ||
| Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service. | |||||
| CVE-2025-29935 | 2026-06-17 | N/A | N/A | ||
| An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability. | |||||
| CVE-2025-29933 | 1 Amd | 1 Uprof | 2026-06-17 | N/A | 5.5 MEDIUM |
| Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service | |||||
| CVE-2025-29912 | 1 Nasa | 1 Cryptolib | 2026-06-17 | N/A | 9.8 CRITICAL |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the `Crypto_TC_ProcessSecurity` function of CryptoLib leads to a heap buffer overflow. The vulnerability is triggered when the `fl` (frame length) field in a Telecommand (TC) packet is set to 0. This underflow causes the frame length to be interpreted as 65535, resulting in out-of-bounds memory access. This critical vulnerability can be exploited to cause a denial of service (DoS) or potentially achieve remote code execution. Users of CryptoLib are advised to apply the recommended patch or avoid processing untrusted TC packets until a fix is available. | |||||
| CVE-2025-29911 | 1 Nasa | 1 Cryptolib | 2026-06-17 | N/A | 9.8 CRITICAL |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer overflow vulnerability was identified in the `Crypto_AOS_ProcessSecurity` function of CryptoLib versions 1.3.3 and prior. This vulnerability allows an attacker to trigger a Denial of Service (DoS) or potentially execute arbitrary code (RCE) by providing a maliciously crafted AOS frame with an insufficient length. The vulnerability lies in the function `Crypto_AOS_ProcessSecurity`, specifically during the processing of the Frame Error Control Field (FECF). The affected code attempts to read from the `p_ingest` buffer at indices `current_managed_parameters_struct.max_frame_size - 2` and `current_managed_parameters_struct.max_frame_size - 1` without verifying if `len_ingest` is sufficiently large. This leads to a heap buffer overflow when `len_ingest` is smaller than `max_frame_size`. As of time of publication, no known patched versions exist. | |||||
| CVE-2025-29909 | 1 Nasa | 1 Cryptolib | 2026-06-17 | N/A | 9.8 CRITICAL |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap buffer overflow vulnerability in CryptoLib's `Crypto_TC_ApplySecurity()` allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). Any application or system that relies on CryptoLib for Telecommand (TC) processing and does not strictly validate incoming TC frames is at risk. This includes satellite ground stations or mission control software where attackers can inject malformed frames. A patch is available at commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc. | |||||
| CVE-2025-29840 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2026-06-17 | N/A | 8.8 HIGH |
| Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29387 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | N/A | 7.1 HIGH |
| In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||||
| CVE-2025-29386 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||||
| CVE-2025-29385 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||||
| CVE-2025-29384 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||||
| CVE-2025-29365 | 1 Spimsimulator | 1 Spim | 2026-06-17 | N/A | 9.8 CRITICAL |
| spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL. | |||||
| CVE-2025-29031 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. | |||||
| CVE-2025-29030 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. | |||||
