Total
13221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4029 | 1 Fabian | 1 Personal Diary Management System | 2025-05-10 | 5.3 Medium |
| A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record Handler. The manipulation of the argument filename leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4038 | 1 Fabian | 1 Train Ticket Reservation System | 2025-05-10 | 5.3 Medium |
| A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2015-0240 | 4 Canonical, Novell, Redhat and 1 more | 9 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 6 more | 2025-05-09 | N/A |
| The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. | ||||
| CVE-2025-4061 | 1 Fabian | 1 Clothing Store Management System | 2025-05-09 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4062 | 1 Fabian | 1 Theater Seat Booking System | 2025-05-09 | 5.3 Medium |
| A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4090 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | 6.5 Medium |
| A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-4091 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-05-09 | 6.5 Medium |
| Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. | ||||
| CVE-2025-4092 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | 6.5 Medium |
| Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-4093 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-05-09 | 6.5 Medium |
| Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10. | ||||
| CVE-2024-45570 | 1 Qualcomm | 116 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 113 more | 2025-05-09 | 6.6 Medium |
| Memory corruption may occur during IO configuration processing when the IO port count is invalid. | ||||
| CVE-2024-24921 | 1 Siemens | 1 Simcenter Femap | 2025-05-08 | 7.8 High |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712) | ||||
| CVE-2024-0771 | 1 Nsasoft | 1 Product Key Explorer | 2025-05-08 | 5.3 Medium |
| A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-46757 | 1 Amd | 20 Ryzen Embedded 5600e, Ryzen Embedded 5600e Firmware, Ryzen Embedded 5800e and 17 more | 2025-05-07 | 7.8 High |
| Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | ||||
| CVE-2023-45230 | 2 Redhat, Tianocore | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-05-07 | 8.3 High |
| EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. | ||||
| CVE-2022-27625 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-05-07 | 10 Critical |
| A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | ||||
| CVE-2024-26889 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2025-05-07 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy. | ||||
| CVE-2025-3988 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-07 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-25029 | 1 Ibm | 1 Personal Communications | 2025-05-07 | 9 Critical |
| IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619. | ||||
| CVE-2025-3148 | 1 Code-projects | 1 Product Management System | 2025-05-07 | 3.3 Low |
| A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-27624 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-05-07 | 10 Critical |
| A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | ||||