Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47814 | 1 Gnu | 1 Pspp | 2025-06-12 | N/A | 9.8 CRITICAL |
| libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c. | |||||
| CVE-2025-47815 | 1 Gnu | 1 Pspp | 2025-06-12 | N/A | 9.8 CRITICAL |
| libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c. | |||||
| CVE-2024-25446 | 1 Hugin Project | 1 Hugin | 2025-06-12 | N/A | 7.8 HIGH |
| An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2024-25442 | 1 Hugin Project | 1 Hugin | 2025-06-12 | N/A | 7.8 HIGH |
| An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2023-6340 | 1 Sonicwall | 2 Capture Client, Netextender | 2025-06-11 | N/A | 5.5 MEDIUM |
| SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. | |||||
| CVE-2025-5297 | 1 Razormist | 1 Simple Computer Store System | 2025-06-10 | N/A | 6.6 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5943 | 2025-06-10 | N/A | N/A | ||
| MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the user must either visit a malicious website or open a malicious DICOM file locally. | |||||
| CVE-2025-5600 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-10 | N/A | N/A |
| A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5685 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-06-10 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-31200 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-09 | N/A | N/A |
| A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. | |||||
| CVE-2025-5847 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-09 | N/A | 8.8 HIGH |
| A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5853 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-09 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5855 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-09 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5863 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-06-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-49350 | 1 Ibm | 1 Db2 | 2025-06-09 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2024-53901 | 1 Tonycoz | 1 Imager | 2025-06-09 | N/A | 5.5 MEDIUM |
| The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image. | |||||
| CVE-2024-24188 | 1 Jsish | 1 Jsish | 2025-06-09 | N/A | 9.8 CRITICAL |
| Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. | |||||
| CVE-2019-12900 | 6 Bzip, Canonical, Debian and 3 more | 6 Bzip2, Ubuntu Linux, Debian Linux and 3 more | 2025-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | |||||
| CVE-2022-29072 | 2 7-zip, Microsoft | 2 7-zip, Windows | 2025-06-09 | 7.2 HIGH | 7.8 HIGH |
| 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur | |||||
| CVE-2025-5527 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-09 | N/A | N/A |
| A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||