Total
6807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20931 | 1 Samsung | 1 Notes | 2025-07-16 | N/A | 7.3 HIGH |
| Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. | |||||
| CVE-2025-3538 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-07-16 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-34488 | 1 Emqx | 1 Nanomq | 2025-07-15 | N/A | 7.8 HIGH |
| NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages. | |||||
| CVE-2025-48805 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. | |||||
| CVE-2025-21006 | 1 Samsung | 1 Android | 2025-07-15 | N/A | 7.0 HIGH |
| Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory. | |||||
| CVE-2025-47998 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-07-15 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2023-50805 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2025-07-14 | N/A | 8.1 HIGH |
| A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth). | |||||
| CVE-2025-2288 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-2293 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-2829 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-3289 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-47108 | 1 Adobe | 1 Substance 3d Painter | 2025-07-14 | N/A | 7.8 HIGH |
| Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43581 | 1 Adobe | 1 Substance 3d Sampler | 2025-07-14 | N/A | 7.8 HIGH |
| Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-43588 | 1 Adobe | 1 Substance 3d Sampler | 2025-07-14 | N/A | 7.8 HIGH |
| Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-52727 | 1 Linuxfoundation | 1 Onos-lib-go | 2025-07-14 | N/A | 8.1 HIGH |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits. | |||||
| CVE-2023-52724 | 1 Linuxfoundation | 1 Onos-kpimon | 2025-07-14 | N/A | 8.1 HIGH |
| Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function. | |||||
| CVE-2025-6376 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | N/A | 7.8 HIGH |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | |||||
| CVE-2025-6377 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | N/A | 7.8 HIGH |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | |||||
| CVE-2024-12835 | 1 Deltaww | 1 Drasimucad | 2025-07-11 | N/A | 7.8 HIGH |
| Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22415. | |||||
| CVE-2025-47727 | 1 Deltaww | 1 Cncsoft | 2025-07-11 | N/A | 7.3 HIGH |
| Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||