Total
3035 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15008 | 1 Tenda | 1 Wh450 | 2025-12-23 | 7.3 High |
| A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-15010 | 1 Tenda | 1 Wh450 | 2025-12-23 | 9.8 Critical |
| A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-11542 | 2025-12-23 | N/A | ||
| Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs. | ||||
| CVE-2025-15006 | 1 Tenda | 1 Wh450 | 2025-12-23 | 9.8 Critical |
| A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-15007 | 1 Tenda | 1 Wh450 | 2025-12-23 | 9.8 Critical |
| A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-15013 | 1 Floooh | 1 Sokol | 2025-12-23 | 5.3 Medium |
| A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue. | ||||
| CVE-2025-11541 | 2025-12-23 | N/A | ||
| Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs. | ||||
| CVE-2025-14665 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-22 | 9.8 Critical |
| A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-66635 | 1 Seiko Epson Corporation | 1 Web Config | 2025-12-22 | N/A |
| Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References]. | ||||
| CVE-2025-34450 | 2025-12-20 | N/A | ||
| merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations. | ||||
| CVE-2025-34451 | 2025-12-20 | 5.0 Medium | ||
| rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations. | ||||
| CVE-2025-41732 | 1 Wago | 5 0852-1322, 0852-1322 Firmware, 0852-1328 and 2 more | 2025-12-19 | 9.8 Critical |
| An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise. | ||||
| CVE-2025-41730 | 1 Wago | 5 0852-1322, 0852-1322 Firmware, 0852-1328 and 2 more | 2025-12-19 | 9.8 Critical |
| An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise. | ||||
| CVE-2025-14654 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-19 | 8.8 High |
| A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-14655 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-19 | 8.8 High |
| A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2023-53879 | 1 Eyemaxsystems | 1 Nvclient | 2025-12-18 | 5.5 Medium |
| NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition. | ||||
| CVE-2023-53886 | 1 Xlightftpd | 1 Xlight Ftp Server | 2025-12-18 | 7.5 High |
| Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition. | ||||
| CVE-2017-9048 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2025-12-18 | 7.5 High |
| libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. | ||||
| CVE-2024-30083 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2025-12-17 | 7.5 High |
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | ||||
| CVE-2018-1125 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2025-12-17 | 7.5 High |
| procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. | ||||