Total
3331 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6939 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6940 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-50258 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 8.1 HIGH |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter. | |||||
| CVE-2025-50262 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 7.5 HIGH |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter. | |||||
| CVE-2025-50263 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 8.1 HIGH |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter. | |||||
| CVE-2025-50641 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 6.5 MEDIUM |
| Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId. | |||||
| CVE-2025-6953 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-23973 | 1 Silabs | 1 Gecko Os | 2025-07-07 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. | |||||
| CVE-2024-24731 | 1 Silabs | 1 Gecko Os | 2025-07-07 | N/A | 7.5 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. | |||||
| CVE-2024-41435 | 1 Yugabyte | 1 Yugabytedb | 2025-07-03 | N/A | 7.5 HIGH |
| YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. | |||||
| CVE-2024-41436 | 1 Clickhouse | 1 Clickhouse | 2025-07-03 | N/A | 7.5 HIGH |
| ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. | |||||
| CVE-2024-34198 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-03 | N/A | 9.8 CRITICAL |
| TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. | |||||
| CVE-2024-31670 | 1 Rizin | 1 Rizin | 2025-07-02 | N/A | 6.3 MEDIUM |
| rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. | |||||
| CVE-2025-6129 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-07-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-57376 | 1 Dlink | 12 Dsr-1000n, Dsr-1000n Firmware, Dsr-150 and 9 more | 2025-07-01 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution. | |||||
| CVE-2024-29645 | 1 Radare | 1 Radare2 | 2025-07-01 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. | |||||
| CVE-2025-1864 | 1 Radare | 1 Radare2 | 2025-07-01 | N/A | 9.8 CRITICAL |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9. | |||||
| CVE-2024-46657 | 1 Artifex | 1 Mupdf | 2025-07-01 | N/A | 5.5 MEDIUM |
| Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2025-6824 | 1 Totolink | 2 X15, X15 Firmware | 2025-07-01 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-28904 | 2025-06-30 | N/A | 5.2 MEDIUM | ||
| A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process. | |||||