Total
12882 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51968 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-16 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. | ||||
| CVE-2023-51960 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-16 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | ||||
| CVE-2023-51889 | 1 Ctan | 1 Mathtex | 2025-06-16 | 9.8 Critical |
| Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. | ||||
| CVE-2024-0992 | 1 Tenda | 2 I6, I6 Firmware | 2025-06-16 | 7.2 High |
| A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as critical. This issue affects the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-33032 | 1 Qualcomm | 234 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 231 more | 2025-06-16 | 9.3 Critical |
| Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | ||||
| CVE-2023-52307 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-06-16 | 8.2 High |
| Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | ||||
| CVE-2025-0690 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-06-16 | 6.1 Medium |
| The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence. | ||||
| CVE-2025-1268 | 2025-06-16 | 9.4 Critical | ||
| Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / PDF Driver | ||||
| CVE-2024-0533 | 1 Tenda | 2 A15, A15 Firmware | 2025-06-13 | 7.2 High |
| A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2025-06-13 | 9.3 Critical |
| An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | ||||
| CVE-2025-23099 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-13 | 9.1 Critical |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | ||||
| CVE-2023-6779 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Glibc, Enterprise Linux | 2025-06-13 | 8.2 High |
| An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. | ||||
| CVE-2024-34199 | 1 Ritlabs | 1 Tinyweb | 2025-06-13 | 8.6 High |
| TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line. | ||||
| CVE-2024-48241 | 1 Radare | 1 Radare2 | 2025-06-13 | 5.5 Medium |
| An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. | ||||
| CVE-2021-20587 | 1 Mitsubishielectric | 41 C Controller Module Setting And Monitoring Tool, Cpu Module Logging Configuration Tool, Cw Configurator and 38 more | 2025-06-13 | 7.5 High |
| Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) versions 1.003D and prior, iQ Monozukuri Process Remote Monitoring (Data Transfer) versions 1.002C and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior, and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition on the software products, and possibly to execute a malicious code on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. | ||||
| CVE-2025-47814 | 1 Gnu | 1 Pspp | 2025-06-12 | 4.5 Medium |
| libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c. | ||||
| CVE-2025-47815 | 1 Gnu | 1 Pspp | 2025-06-12 | 4.5 Medium |
| libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c. | ||||
| CVE-2024-25446 | 1 Hugin Project | 1 Hugin | 2025-06-12 | 7.8 High |
| An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | ||||
| CVE-2024-25442 | 1 Hugin Project | 1 Hugin | 2025-06-12 | 7.8 High |
| An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | ||||
| CVE-2023-20213 | 1 Cisco | 1 Identity Services Engine | 2025-06-12 | 4.3 Medium |
| A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode. | ||||