Total
3648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43370 | 1 Apple | 1 Xcode | 2025-11-03 | N/A | 4.0 MEDIUM |
| A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | |||||
| CVE-2022-34973 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2025-11-03 | N/A | 7.5 HIGH |
| D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. | |||||
| CVE-2025-7345 | 2025-11-03 | N/A | 7.5 HIGH | ||
| A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. | |||||
| CVE-2025-41707 | 2025-11-03 | N/A | 5.3 MEDIUM | ||
| The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality. | |||||
| CVE-2025-41706 | 2025-11-03 | N/A | 5.3 MEDIUM | ||
| The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality. | |||||
| CVE-2022-39377 | 3 Debian, Fedoraproject, Sysstat Project | 3 Debian Linux, Fedora, Sysstat | 2025-11-03 | N/A | 7.0 HIGH |
| sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. | |||||
| CVE-2021-30481 | 1 Valvesoftware | 1 Steam Client | 2025-11-03 | 6.0 MEDIUM | 8.0 HIGH |
| Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. | |||||
| CVE-2020-5135 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2025-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
| CVE-2025-12322 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-30 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12142 | 2025-10-30 | N/A | 6.1 MEDIUM | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33. | |||||
| CVE-2025-60340 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-28 | N/A | 7.5 HIGH |
| Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters. | |||||
| CVE-2025-20333 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-10-28 | N/A | 9.9 CRITICAL |
| A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device. | |||||
| CVE-2025-60548 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings. | |||||
| CVE-2025-60553 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52. | |||||
| CVE-2025-60554 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard. | |||||
| CVE-2025-12232 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-12265 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-12271 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12272 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12273 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | |||||