Total
3613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8140 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8136 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-31701 | 2025-07-25 | N/A | 8.1 HIGH | ||
| A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. | |||||
| CVE-2025-31700 | 2025-07-25 | N/A | 8.1 HIGH | ||
| A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. | |||||
| CVE-2024-47032 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-7758 | 1 Totolink | 2 T6, T6 Firmware | 2025-07-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7837 | 1 Totolink | 2 T6, T6 Firmware | 2025-07-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT Service. The manipulation of the argument dest leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7914 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely. | |||||
| CVE-2025-7913 | 1 Totolink | 2 T6, T6 Firmware | 2025-07-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7912 | 1 Totolink | 2 T6, T6 Firmware | 2025-07-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-33302 | 1 Fortinet | 2 Fortimail, Fortindr | 2025-07-23 | N/A | 4.7 MEDIUM |
| A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2025-29480 | 1 Osgeo | 1 Gdal | 2025-07-23 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced. | |||||
| CVE-2025-7945 | 2025-07-22 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in D-Link DIR-513 up to 20190831. It has been declared as critical. This vulnerability affects the function formSetWanDhcpplus of the file /goform/formSetWanDhcpplus. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-21445 | 1 Qualcomm | 54 Qam8255p, Qam8255p Firmware, Qam8295p and 51 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host. | |||||
| CVE-2025-21444 | 1 Qualcomm | 54 Qam8255p, Qam8255p Firmware, Qam8295p and 51 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption while copying the result to the transmission queue in EMAC. | |||||
| CVE-2025-21426 | 1 Qualcomm | 20 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon Ar1 Gen 1 Platform and 17 more | 2025-07-21 | N/A | 6.6 MEDIUM |
| Memory corruption while processing camera TPG write request. | |||||
| CVE-2025-27058 | 1 Qualcomm | 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption while processing packet data with exceedingly large packet. | |||||
| CVE-2025-25567 | 1 Softether | 1 Vpn | 2025-07-19 | N/A | 9.8 CRITICAL |
| SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI, | |||||
| CVE-2025-25565 | 1 Softether | 1 Vpn | 2025-07-19 | N/A | 9.8 CRITICAL |
| SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line. | |||||
| CVE-2025-51630 | 1 Totolink | 2 N350rt, N350rt Firmware | 2025-07-18 | N/A | 9.8 CRITICAL |
| TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules. | |||||