Total
13298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3409 | 1 Nothings | 1 Stb Image.h | 2025-10-16 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3407 | 1 Nothings | 1 Stb Image.h | 2025-10-16 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3406 | 1 Nothings | 1 Stb Image.h | 2025-10-16 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3845 | 1 Markparticle | 1 Webserver | 2025-10-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical. Affected by this vulnerability is the function Buffer::HasWritten of the file code/buffer/buffer.cpp. The manipulation of the argument writePos_ leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-11389 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-10-15 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-11721 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-10-15 | N/A | 9.8 CRITICAL |
| Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144. | |||||
| CVE-2024-47046 | 1 Siemens | 1 Simcenter Nastran | 2025-10-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2025-11423 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-14 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-11444 | 1 Totolink | 2 N600r, N600r Firmware | 2025-10-14 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-11652 | 2025-10-14 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in UTT 进取 518G up to V3v3.2.7-210919-161313. This issue affects some unknown processing of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11651 | 2025-10-14 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11653 | 2025-10-14 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11495 | 1 Gnu | 1 Binutils | 2025-10-14 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2025-11494 | 1 Gnu | 1 Binutils | 2025-10-14 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue. | |||||
| CVE-2025-11414 | 1 Gnu | 1 Binutils | 2025-10-14 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component. | |||||
| CVE-2025-11413 | 1 Gnu | 1 Binutils | 2025-10-14 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised. | |||||
| CVE-2025-11527 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-10-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-11526 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-10-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-11412 | 1 Gnu | 1 Binutils | 2025-10-14 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2025-10948 | 2025-10-13 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.20.1 and 7.21beta2 mitigates this issue. You should upgrade the affected component. The vendor replied: "Our bug tracker reports that your issue has been fixed. This means that we plan to release a RouterOS update with this fix. Make sure to upgrade to the next release when it comes out." | |||||