Total
1821 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43031 | 1 Autman | 1 Autman | 2025-09-03 | N/A | 4.3 MEDIUM |
| autMan v2.9.6 was discovered to contain an access control issue. | |||||
| CVE-2024-43032 | 1 Autman | 1 Autman | 2025-09-03 | N/A | 4.3 MEDIUM |
| autMan v2.9.6 allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2025-32387 | 1 Helm | 1 Helm | 2025-09-03 | N/A | 6.5 MEDIUM |
| Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3. | |||||
| CVE-2025-57217 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 5.3 MEDIUM |
| Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. | |||||
| CVE-2025-57218 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 5.3 MEDIUM |
| Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. | |||||
| CVE-2025-57215 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 7.5 HIGH |
| Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. | |||||
| CVE-2025-9605 | 1 Tenda | 4 Ac21, Ac21 Firmware, Ac23 and 1 more | 2025-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-6021 | 2025-09-03 | N/A | 7.5 HIGH | ||
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | |||||
| CVE-2025-9297 | 1 Tenda | 2 I22, I22 Firmware | 2025-09-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2012-10023 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-09-03 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication. | |||||
| CVE-2025-55564 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-09-03 | N/A | 7.5 HIGH |
| Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. | |||||
| CVE-2025-9250 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9251 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the argument Ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9252 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation of the argument hint can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9253 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9249 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument enable_group/name_group/ip_group/mac_group causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9248 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ssidhex results in stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9247 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9246 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9245 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||