Total
3395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55605 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. | |||||
| CVE-2025-55603 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. | |||||
| CVE-2025-55602 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-09-26 | N/A | 7.5 HIGH |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter. | |||||
| CVE-2025-55599 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-09-26 | N/A | 7.5 HIGH |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey. | |||||
| CVE-2025-9007 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-26 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9006 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-26 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8892 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2025-09-25 | N/A | 7.8 HIGH |
| A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2025-10815 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-09-25 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-21476 | 1 Qualcomm | 84 Qca6391, Qca6391 Firmware, Qca6698aq and 81 more | 2025-09-25 | N/A | 7.8 HIGH |
| Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake. | |||||
| CVE-2025-21481 | 1 Qualcomm | 498 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 495 more | 2025-09-25 | N/A | 7.8 HIGH |
| Memory corruption while performing private key encryption in trusted application. | |||||
| CVE-2025-25723 | 1 Gpac | 1 Gpac | 2025-09-25 | N/A | 8.4 HIGH |
| Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code. | |||||
| CVE-2025-10803 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-09-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-48984 | 1 Arm | 1 Mbed Os | 2025-09-24 | N/A | 9.8 CRITICAL |
| An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the second report, etc. In doing this, it tracks the largest report so it can later allocate a buffer that fits every individual report (but only one at a time). It does not, however, validate that these addresses are all contained within the buffer passed to hciEvtProcessLeExtAdvReport. It is then possible, though unlikely, that the buffer designated to hold the reports is allocated in such a way that one of these out-of-bounds length fields is contained within the new buffer. When the (n-1)th report is copied, it overwrites the length field of the nth report. This now corrupted length field is then used for a memcpy into the new buffer, which may lead to a buffer overflow. | |||||
| CVE-2025-9962 | 2025-09-24 | N/A | N/A | ||
| A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2. | |||||
| CVE-2025-9390 | 1 Vim | 1 Vim | 2025-09-24 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component. | |||||
| CVE-2025-24956 | 1 Siemens | 1 Openv2g | 2025-09-24 | N/A | 6.2 MEDIUM |
| A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. | |||||
| CVE-2024-56590 | 1 Linux | 1 Linux Kernel | 2025-09-23 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet This fixes not checking if skb really contains an ACL header otherwise the code may attempt to access some uninitilized/invalid memory past the valid skb->data. | |||||
| CVE-2024-56805 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 5.4 MEDIUM |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | |||||
| CVE-2024-37047 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 6.5 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | |||||
| CVE-2024-37049 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 6.5 MEDIUM |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | |||||