Total
4012 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3177 | 6 Debian, Fedoraproject, Netapp and 3 more | 12 Debian Linux, Fedora, Active Iq Unified Manager and 9 more | 2025-12-18 | 9.8 Critical |
| Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | ||||
| CVE-2025-50401 | 1 Mercusys | 2 Mercury D196g, Mercury D196g Firmware | 2025-12-18 | 9.8 Critical |
| Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password. | ||||
| CVE-2025-65834 | 1 Meltytech | 1 Shotcut | 2025-12-18 | 9.8 Critical |
| Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image processing, triggering a buffer overflow in the mlt_image_fill_white function. | ||||
| CVE-2025-50398 | 1 Mercusys | 2 Mercury D196g, Mercury D196g Firmware | 2025-12-18 | 9.8 Critical |
| Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password. | ||||
| CVE-2025-47372 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 9 Critical |
| Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | ||||
| CVE-2025-47321 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 7.8 High |
| Memory corruption while copying packets received from unix clients. | ||||
| CVE-2025-66647 | 1 Riot-os | 1 Riot | 2025-12-18 | N/A |
| RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first fragment (offset=0) into the reassembly buffer, no size check is performed. It is possible to force the creation of a small reassembly buffer by first sending a shorter fragment (also with offset=0). Overflowing the reassembly buffer corrupts the state of other packet buffers which an attacker might be able to used to achieve further memory corruption (potentially resulting in remote code execution). To trigger the vulnerability, the `gnrc_ipv6_ext_frag` module must be included and the attacker must be able to send arbitrary IPv6 packets to the victim. Version 2025.10 fixes the issue. | ||||
| CVE-2025-67073 | 1 Tenda | 2 Ac10v4, Ac10v4 Firmware | 2025-12-18 | 9.8 Critical |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan. | ||||
| CVE-2025-66287 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-12-18 | 8.8 High |
| A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. | ||||
| CVE-2021-47347 | 1 Linux | 1 Linux Kernel | 2025-12-18 | 8.8 High |
| In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251_cmd_scan Function wl1251_cmd_scan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size. | ||||
| CVE-2025-43532 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 2.8 Low |
| A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination. | ||||
| CVE-2025-43431 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-12-17 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2025-43429 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-12-17 | 4.3 Medium |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-59947 | 1 Emqx | 1 Nanomq | 2025-12-16 | N/A |
| NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription. | ||||
| CVE-2023-43525 | 1 Qualcomm | 80 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 77 more | 2025-12-16 | 6.7 Medium |
| Memory corruption while copying the sound model data from user to kernel buffer during sound model register. | ||||
| CVE-2023-33055 | 1 Qualcomm | 304 Apq5053-aa, Apq5053-aa Firmware, Aqt1000 and 301 more | 2025-12-16 | 7.8 High |
| Memory Corruption in Audio while invoking callback function in driver from ADSP. | ||||
| CVE-2023-33031 | 1 Qualcomm | 330 Apq5053-aa, Apq5053-aa Firmware, Apq8009 and 327 more | 2025-12-16 | 7.8 High |
| Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. | ||||
| CVE-2024-22039 | 1 Siemens | 14 Cerberus Pro En Engineering Tool, Cerberus Pro En Fire Panel Fc72x, Cerberus Pro En X200 Cloud Distribution and 11 more | 2025-12-16 | 10 Critical |
| A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges. | ||||
| CVE-2025-1253 | 1 Rti | 1 Connext Professional | 2025-12-16 | 7.8 High |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3.*, from 4.5c before 5.2.*. | ||||
| CVE-2024-29195 | 1 Microsoft | 1 Azure C Shared Utility | 2025-12-15 | 6 Medium |
| The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2. | ||||