Vulnerabilities (CVE)

Filtered by CWE-121
Total 1818 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-31449 1 Redis 1 Redis 2025-09-04 N/A 7.0 HIGH
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-8816 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8817 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8819 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8820 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8822 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8824 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8826 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8831 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8833 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8832 1 Linksys 12 Re6250, Re6250 Firmware, Re6300 and 9 more 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9748 1 Tenda 2 Ch22, Ch22 Firmware 2025-09-04 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote.
CVE-2025-9791 1 Tenda 2 Ac20, Ac20 Firmware 2025-09-04 9.0 HIGH 8.8 HIGH
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVE-2025-9938 2025-09-04 9.0 HIGH 8.8 HIGH
A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yyxz_dlink_asp of the file /yyxz.asp. This manipulation of the argument ID causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-55852 2025-09-04 N/A 7.5 HIGH
Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.
CVE-2024-43689 1 Elecom 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more 2025-09-04 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.
CVE-2024-43031 1 Autman 1 Autman 2025-09-03 N/A 4.3 MEDIUM
autMan v2.9.6 was discovered to contain an access control issue.
CVE-2024-43032 1 Autman 1 Autman 2025-09-03 N/A 4.3 MEDIUM
autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.
CVE-2025-32387 1 Helm 1 Helm 2025-09-03 N/A 6.5 MEDIUM
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.
CVE-2025-57217 1 Tenda 2 Ac10, Ac10 Firmware 2025-09-03 N/A 5.3 MEDIUM
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.