Total
3451 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5905 | 1 Totolink | 2 T10, T10 Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6090 | 2025-06-16 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical. This issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation. | |||||
| CVE-2025-6098 | 2025-06-16 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6091 | 2025-06-16 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation. | |||||
| CVE-2025-5222 | 2025-06-15 | N/A | 7.0 HIGH | ||
| A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. | |||||
| CVE-2023-50991 | 1 Tenda | 2 I29, I29 Firmware | 2025-06-13 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. | |||||
| CVE-2024-53425 | 1 Assimp | 1 Assimp | 2025-06-13 | N/A | 6.2 MEDIUM |
| A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash. | |||||
| CVE-2025-45779 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-06-13 | N/A | 9.8 CRITICAL |
| Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. | |||||
| CVE-2025-44175 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-06-13 | N/A | 5.4 MEDIUM |
| Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. | |||||
| CVE-2025-5593 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-06-13 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5594 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-06-13 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-30799 | 1 Dronecode | 1 Px4 Drone Autopilot | 2025-06-12 | N/A | 4.4 MEDIUM |
| An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function. | |||||
| CVE-2025-4871 | 1 Pcman | 1 Ftp Server | 2025-06-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4872 | 1 Freefloat | 1 Ftp Server | 2025-06-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5792 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-12 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5793 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-12 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-27628 | 1 Offis | 1 Dcmtk | 2025-06-11 | N/A | 8.1 HIGH |
| Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. | |||||
| CVE-2024-41588 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-11 | N/A | 8.0 HIGH |
| The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. | |||||
| CVE-2024-41596 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-11 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | |||||
| CVE-2025-5053 | 1 Freefloat | 1 Ftp Server | 2025-06-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||