Total
1296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11608 | 1 Autodesk | 1 Revit | 2025-09-26 | N/A | 7.8 HIGH |
| A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-8879 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-26 | N/A | 8.8 HIGH |
| Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) | |||||
| CVE-2025-47981 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-26 | N/A | 9.8 CRITICAL |
| Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-11014 | 2025-09-26 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-11010 | 2025-09-26 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3549 | 1 Assimp | 1 Assimp | 2025-09-26 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-27243 | 1 Zoom | 4 Meeting Software Development Kit, Virtual Desktop Infrastructure, Workplace and 1 more | 2025-09-26 | N/A | 6.5 MEDIUM |
| Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2014-0789 | 1 Schneider-electric | 5 Opc Factory Server Tlxcdlfofs, Opc Factory Server Tlxcdltofs, Opc Factory Server Tlxcdluofs and 2 more | 2025-09-25 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. | |||||
| CVE-2014-0781 | 1 Yokogawa | 1 Centum Cs 3000 | 2025-09-25 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets. | |||||
| CVE-2025-57638 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-09-25 | N/A | 7.5 HIGH |
| Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value. | |||||
| CVE-2025-57637 | 1 Dlink | 2 Di-7100g, Di-7100g Firmware | 2025-09-25 | N/A | 7.5 HIGH |
| Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2025-10502 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-09-25 | N/A | 8.8 HIGH |
| Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | |||||
| CVE-2023-34488 | 1 Emqx | 1 Nanomq | 2025-09-24 | N/A | 7.8 HIGH |
| NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages. | |||||
| CVE-2025-56394 | 2025-09-24 | N/A | 7.5 HIGH | ||
| Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow. | |||||
| CVE-2025-51005 | 2025-09-24 | N/A | 7.5 HIGH | ||
| A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay in tcpliveplay.c, leading to a possible denial of service. | |||||
| CVE-2025-23308 | 2025-09-24 | N/A | 3.3 LOW | ||
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm. | |||||
| CVE-2025-5462 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-09-23 | N/A | 7.5 HIGH |
| A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. | |||||
| CVE-2024-56805 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 5.4 MEDIUM |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | |||||
| CVE-2024-37041 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 7.2 HIGH |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | |||||
| CVE-2025-7983 | 1 Ashlar | 1 Graphite | 2025-09-22 | N/A | 7.8 HIGH |
| Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25477. | |||||