Total
6811 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5943 | 2025-06-12 | N/A | 8.8 HIGH | ||
| MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the user must either visit a malicious website or open a malicious DICOM file locally. | |||||
| CVE-2024-25446 | 1 Hugin Project | 1 Hugin | 2025-06-12 | N/A | 7.8 HIGH |
| An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2024-25442 | 1 Hugin Project | 1 Hugin | 2025-06-12 | N/A | 7.8 HIGH |
| An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2025-5272 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-06-11 | N/A | 7.3 HIGH |
| Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Thunderbird < 139. | |||||
| CVE-2025-5685 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-06-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5847 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5853 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5855 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5863 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-21175 | 1 Oracle | 1 Weblogic Server | 2025-06-09 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2022-29072 | 2 7-zip, Microsoft | 2 7-zip, Windows | 2025-06-09 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur. | |||||
| CVE-2025-5527 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5619 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-06-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-23103 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-06 | N/A | 8.6 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | |||||
| CVE-2025-23107 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-06 | N/A | 8.6 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | |||||
| CVE-2025-5572 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-39151 | 1 Siemens | 2 Parasolid, Simcenter Femap | 2025-06-05 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17736) | |||||
| CVE-2024-22911 | 1 Swftools | 1 Swftools | 2025-06-05 | N/A | 7.8 HIGH |
| A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. | |||||
| CVE-2025-5215 | 1 Dlink | 2 Dcs-5020l, Dcs-5020l Firmware | 2025-06-05 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01_B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-41201 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-06-05 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||