Total
13147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13120 | 2025-11-14 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2025-10942 | 2025-11-14 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList/EditMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-37000 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. | |||||
| CVE-2024-23157 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. | |||||
| CVE-2024-23148 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. | |||||
| CVE-2024-23147 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. | |||||
| CVE-2025-6436 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-11-13 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2020-29557 | 1 Dlink | 6 Dir-825, Dir-825\/a, Dir-825\/ac and 3 more | 2025-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. | |||||
| CVE-2018-7445 | 1 Mikrotik | 1 Routeros | 2025-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. | |||||
| CVE-2025-2915 | 1 Hdfgroup | 1 Hdf5 | 2025-11-07 | 1.7 LOW | 3.3 LOW |
| A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-37006 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-06 | N/A | 7.8 HIGH |
| A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. | |||||
| CVE-2025-12745 | 2025-11-06 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2025-9338 | 2025-11-06 | N/A | N/A | ||
| A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory. | |||||
| CVE-2025-43441 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2025-11-05 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43435 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-11-05 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43429 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-11-05 | N/A | 4.3 MEDIUM |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43398 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-05 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-12611 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-05 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2025-12596 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-11-05 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-12595 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-11-05 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | |||||