Total
3902 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7490 | 1 Microchip | 1 Advanced Software Framework | 2025-09-29 | 9.8 Critical |
| Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework. | ||||
| CVE-2025-36525 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-09-29 | 7.5 High |
| When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-10034 | 2 D-link, Dlink | 3 Dir-825, Dir-825, Dir-825 Firmware | 2025-09-29 | 8.8 High |
| A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-0762 | 3 Intel, Phoenix, Phoenixtech | 582 300, 300t, Atom X7211e and 579 more | 2025-09-29 | 7.5 High |
| Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15. | ||||
| CVE-2024-39750 | 1 Ibm | 1 Analytics Content Hub | 2025-09-29 | 8.8 High |
| IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | ||||
| CVE-2025-57632 | 2025-09-26 | 7.5 High | ||
| libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation. | ||||
| CVE-2023-52868 | 1 Linux | 1 Linux Kernel | 2025-09-26 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. | ||||
| CVE-2025-10953 | 1 Utt | 2 1200gw, 1250gw | 2025-09-26 | 8.8 High |
| A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10942 | 1 H3c | 1 Magic | 2025-09-26 | 8.8 High |
| A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-20149 | 1 Cisco | 2 Ios, Ios Xe Software | 2025-09-26 | 6.5 Medium |
| A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2025-55611 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2025-09-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter. | ||||
| CVE-2025-55606 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | 9.8 Critical |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. | ||||
| CVE-2025-55605 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | 9.8 Critical |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. | ||||
| CVE-2025-55603 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | 9.8 Critical |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. | ||||
| CVE-2025-55602 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2025-09-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter. | ||||
| CVE-2025-55599 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2025-09-26 | 9.8 Critical |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey. | ||||
| CVE-2025-9007 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-26 | 8.8 High |
| A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9006 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-26 | 8.8 High |
| A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1277 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2025-09-25 | 7.8 High |
| A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-5038 | 1 Autodesk | 17 3ds Max, Advance Steel, Autocad and 14 more | 2025-09-25 | 7.8 High |
| A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||