Total
1379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46373 | 2025-11-19 | N/A | 7.8 HIGH | ||
| A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections | |||||
| CVE-2025-55118 | 2025-11-18 | N/A | 8.9 HIGH | ||
| Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n" | |||||
| CVE-2025-63701 | 2025-11-18 | N/A | 6.8 MEDIUM | ||
| A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffer size, leading to invalid memory operations and heap corruption. This vulnerability can cause denial of service through application crashes and potentially lead to code execution in user space. Local access is required to exploit this vulnerability. | |||||
| CVE-2015-3113 | 8 Adobe, Apple, Hp and 5 more | 18 Flash Player, Mac Os X, Insight Orchestration and 15 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. | |||||
| CVE-2025-62201 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-17 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-60714 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2025-11-17 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-60715 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-11-17 | N/A | 8.0 HIGH |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-59504 | 1 Microsoft | 1 Azure Monitor Agent | 2025-11-17 | N/A | 7.3 HIGH |
| Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-60724 | 1 Microsoft | 16 Office, Office Long Term Servicing Channel, Windows 10 1607 and 13 more | 2025-11-17 | N/A | 9.8 CRITICAL |
| Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-62689 | 1 Gnu | 1 Libmicrohttpd | 2025-11-14 | N/A | 7.5 HIGH |
| NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition. | |||||
| CVE-2025-63927 | 2025-11-14 | N/A | 4.0 MEDIUM | ||
| A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). During multi-threaded client execution, the function Iec10x_Scheduled can access memory that has already been freed, potentially causing program crashes or undefined behavior. This may be exploited to trigger a denial-of-service or memory corruption. | |||||
| CVE-2025-62220 | 1 Microsoft | 1 Windows Subsystem For Linux | 2025-11-14 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-62452 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-11-14 | N/A | 8.0 HIGH |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | |||||
| CVE-2024-23154 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-37001 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-12670 | 1 Autodesk | 1 Navisworks | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-11205 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-13 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-11206 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-13 | N/A | 7.1 HIGH |
| Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-61837 | 1 Adobe | 1 Format Plugins | 2025-11-13 | N/A | 7.8 HIGH |
| Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-61838 | 1 Adobe | 1 Format Plugins | 2025-11-13 | N/A | 7.8 HIGH |
| Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||