Export limit exceeded: 42196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0753 | 1 Ecava | 1 Integraxor | 2025-08-26 | N/A |
| Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. | ||||
| CVE-2024-8105 | 2025-08-25 | 6.4 Medium | ||
| A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised. | ||||
| CVE-2024-9448 | 1 Arista | 1 Eos | 2025-08-25 | 7.5 High |
| On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations. | ||||
| CVE-2025-1049 | 1 Sonos | 3 Era 300, S1, S2 | 2025-08-25 | N/A |
| Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ID3 data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25601. | ||||
| CVE-2023-35709 | 2 Ashlar, Ashlar Vellum | 2 Cobalt, Cobalt | 2025-08-25 | N/A |
| Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19928. | ||||
| CVE-2025-29361 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-25 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-29362 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-25 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-29363 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-25 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-9299 | 1 Tenda | 2 M3, M3 Firmware | 2025-08-25 | 8.8 High |
| A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9298 | 1 Tenda | 2 M3, M3 Firmware | 2025-08-25 | 8.8 High |
| A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-55482 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-25 | 7.5 High |
| Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. | ||||
| CVE-2025-55498 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-25 | 7.5 High |
| Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. | ||||
| CVE-2010-20045 | 1 Cursorarts | 1 Filewrangler | 2025-08-24 | N/A |
| FileWrangler <= 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires passive user interaction—simply connecting to the server—without further input. Successful exploitation may lead to arbitrary code execution. | ||||
| CVE-2025-25020 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-24 | 6.5 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input. | ||||
| CVE-2025-1991 | 1 Ibm | 1 Informix Dynamic Server | 2025-08-24 | 7.5 High |
| IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets. | ||||
| CVE-2025-36027 | 1 Ibm | 2 Datacap, Datacap Navigator | 2025-08-24 | 5.4 Medium |
| IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||||
| CVE-2024-56468 | 1 Ibm | 1 Infosphere Data Replication | 2025-08-24 | 7.5 High |
| IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service. | ||||
| CVE-2025-41452 | 1 Danfoss | 1 Ak-sm8xxa Series | 2025-08-23 | N/A |
| Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions | ||||
| CVE-2010-20114 | 1 Varicad | 1 Varicad | 2025-08-23 | N/A |
| VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution. | ||||
| CVE-2009-20003 | 2 Microsoft, Xenorate | 2 Windows, Xenorate | 2025-08-23 | N/A |
| Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file. | ||||