Export limit exceeded: 21918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4069 | 1 Code-projects | 1 Product Management System | 2025-05-28 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-51138 | 1 Draytek | 46 Vigor1000b, Vigor1000b Firmware, Vigor2133 and 43 more | 2025-05-28 | 9.8 Critical |
| Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges. | ||||
| CVE-2024-51139 | 1 Draytek | 46 Vigor1000b, Vigor1000b Firmware, Vigor2133 and 43 more | 2025-05-28 | 9.8 Critical |
| Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests. | ||||
| CVE-2022-35087 | 1 Swftools | 1 Swftools | 2025-05-28 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c. | ||||
| CVE-2022-32788 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-28 | 9.8 Critical |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution. | ||||
| CVE-2022-2881 | 1 Isc | 1 Bind | 2025-05-28 | 5.5 Medium |
| The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. | ||||
| CVE-2020-36602 | 1 Huawei | 16 576up005 Hota-cm-h-shark-bd, 576up005 Hota-cm-h-shark-bd Firmware, 577hota-cm-h-shark-bd and 13 more | 2025-05-28 | 6.1 Medium |
| There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write. | ||||
| CVE-2025-4114 | 1 Netgear | 2 Jwnr2000, Jwnr2000 Firmware | 2025-05-28 | 8.8 High |
| A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4892 | 1 Fabian | 1 Police Station Management System | 2025-05-28 | 5.3 Medium |
| A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function criminal::remove of the file source.cpp of the component Delete Record. The manipulation of the argument No leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4888 | 1 Code-projects | 1 Pharmacy Management System | 2025-05-28 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order of the component Add Order Details. The manipulation leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-40911 | 2025-05-28 | 6.5 Medium | ||
| Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation. Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154. | ||||
| CVE-2025-2826 | 2025-05-28 | 2.6 Low | ||
| n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted. | ||||
| CVE-2025-41650 | 2025-05-28 | 7.5 High | ||
| An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. | ||||
| CVE-2024-52274 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-05-28 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | ||||
| CVE-2024-52273 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-05-28 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | ||||
| CVE-2024-52272 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-05-28 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | ||||
| CVE-2024-52275 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-05-28 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. | ||||
| CVE-2025-3160 | 1 Assimp | 1 Assimp | 2025-05-28 | 3.3 Low |
| A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-3713 | 2025-05-28 | 7.5 High | ||
| The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack. | ||||
| CVE-2025-3711 | 2025-05-28 | 9.8 Critical | ||
| The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | ||||