Total
1728 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7505 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-07-15 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function frmL7ProtForm of the file /goform/L7Prot of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7506 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-07-15 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-4171 | 1 Tenda | 2 W30e, W30e Firmware | 2025-07-15 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-58117 | 1 Huawei | 1 Harmonyos | 2025-07-15 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-5228 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-07-15 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5451 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 4.9 MEDIUM |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service. | |||||
| CVE-2025-53171 | 1 Huawei | 1 Harmonyos | 2025-07-14 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53172 | 1 Huawei | 1 Harmonyos | 2025-07-14 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53173 | 1 Huawei | 1 Harmonyos | 2025-07-14 | N/A | 5.3 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53174 | 1 Huawei | 1 Harmonyos | 2025-07-14 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-6617 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-07-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-6616 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-07-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-6615 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-07-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-53175 | 1 Huawei | 1 Harmonyos | 2025-07-14 | N/A | 4.0 MEDIUM |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-53176 | 1 Huawei | 1 Harmonyos | 2025-07-14 | N/A | 3.3 LOW |
| Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | |||||
| CVE-2025-7194 | 1 Dlink | 2 Di-500wf, Di-500wf Firmware | 2025-07-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file ip_position.asp of the component jhttpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7206 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2025-07-14 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-6334 | 1 Dlink | 2 Dir-867, Dir-867 Firmware | 2025-07-11 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-6328 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2025-07-11 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3484 | 1 Meddream | 1 Pacs Server | 2025-07-11 | N/A | 9.8 CRITICAL |
| MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25853. | |||||