Total
2051 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64657 | 2025-11-26 | N/A | 9.8 CRITICAL | ||
| Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-43374 | 2025-11-25 | N/A | 4.3 MEDIUM | ||
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory. | |||||
| CVE-2025-62691 | 2025-11-25 | N/A | 9.8 CRITICAL | ||
| Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege. | |||||
| CVE-2025-59365 | 2025-11-25 | N/A | N/A | ||
| A stack buffer overflow vulnerability has been identified in certain router models. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. | |||||
| CVE-2025-52539 | 2025-11-25 | N/A | 7.3 HIGH | ||
| A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability. | |||||
| CVE-2025-60684 | 1 Totolink | 4 Lr1200gb, Lr1200gb Firmware, Nr1800x and 1 more | 2025-11-24 | N/A | 6.5 MEDIUM |
| A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication. | |||||
| CVE-2025-44893 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-11-24 | N/A | 9.8 CRITICAL |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function. | |||||
| CVE-2025-13445 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2025-13446 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-65220 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. | |||||
| CVE-2025-65221 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. | |||||
| CVE-2025-65222 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. | |||||
| CVE-2025-65223 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. | |||||
| CVE-2025-40601 | 2025-11-21 | N/A | 7.5 HIGH | ||
| A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | |||||
| CVE-2025-58413 | 1 Fortinet | 2 Fortios, Fortisase | 2025-11-21 | N/A | 7.5 HIGH |
| A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets | |||||
| CVE-2025-53843 | 1 Fortinet | 1 Fortios | 2025-11-21 | N/A | 7.5 HIGH |
| A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets | |||||
| CVE-2025-13188 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2025-11-20 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-13189 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2025-11-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-13190 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2025-11-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-59251 | 1 Microsoft | 1 Edge Chromium | 2025-11-20 | N/A | 7.6 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||