Export limit exceeded: 19584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19584 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40900 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. | ||||
| CVE-2023-40899 | 1 Tenda | 3 Ac8, Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. | ||||
| CVE-2023-40898 | 1 Tenda | 3 Ac8, Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg. | ||||
| CVE-2023-40897 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo. | ||||
| CVE-2023-40896 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. | ||||
| CVE-2023-40895 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. | ||||
| CVE-2023-40893 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. | ||||
| CVE-2023-40892 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi. | ||||
| CVE-2023-40891 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | 9.8 Critical |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg. | ||||
| CVE-2024-45539 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-12-05 | 7.5 High |
| Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. | ||||
| CVE-2024-27124 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-12-05 | 7.5 High |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2017-1000235 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 9.8 Critical |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | ||||
| CVE-2025-58477 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-05 | 4.3 Medium |
| Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||
| CVE-2025-58478 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-05 | 4.3 Medium |
| Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||
| CVE-2025-58480 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-05 | 4.3 Medium |
| Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||
| CVE-2024-27920 | 1 Projectdiscovery | 1 Nuclei | 2025-12-05 | 7.4 High |
| projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This advisory outlines the impacted users, provides details on the security patch, and suggests mitigation strategies. The vulnerability is addressed in Nuclei v3.2.0. Users are strongly recommended to update to this version to mitigate the security risk. Users should refrain from using custom workflows if unable to upgrade immediately. Only trusted, verified workflows should be executed. | ||||
| CVE-2021-39261 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2025-12-05 | 6.7 Medium |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | ||||
| CVE-2025-64333 | 1 Oisf | 1 Suricata | 2025-12-05 | 7.5 High |
| Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves limiting stream.reassembly.depth to less then half the stack size. Increasing the process stack size makes it less likely the bug will trigger. | ||||
| CVE-2025-64332 | 1 Oisf | 1 Suricata | 2025-12-05 | 7.5 High |
| Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling SWF decompression (swf-decompression in suricata.yaml), it is disabled by default; set decompress-depth to lower than half your stack size if swf-decompression must be enabled. | ||||
| CVE-2025-65202 | 1 Trendnet | 2 Tew-657brm, Tew-657brm Firmware | 2025-12-05 | 8 High |
| TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges. | ||||