Total
2613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63152 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-60674 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2025-11-17 | N/A | 6.8 MEDIUM |
| A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow. An attacker with physical access or control over a USB device can exploit this vulnerability to potentially execute arbitrary code on the device. | |||||
| CVE-2025-63153 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63154 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-11-17 | N/A | 7.5 HIGH |
| TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2025-60679 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-11-17 | N/A | 8.8 HIGH |
| A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potentially execute arbitrary code on the device. | |||||
| CVE-2025-11918 | 1 Rockwellautomation | 1 Arena | 2025-11-17 | N/A | 7.3 HIGH |
| Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file. | |||||
| CVE-2025-40843 | 1 Ericsson | 1 Codechecker | 2025-11-14 | N/A | 5.9 MEDIUM |
| CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1. | |||||
| CVE-2021-4464 | 2025-11-14 | N/A | N/A | ||
| FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow. | |||||
| CVE-2025-7704 | 2025-11-14 | N/A | 5.4 MEDIUM | ||
| Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability | |||||
| CVE-2025-60696 | 2025-11-14 | N/A | 8.4 HIGH | ||
| A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code. | |||||
| CVE-2024-37003 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-11-13 | N/A | 7.8 HIGH |
| A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-54526 | 1 Fujielectric | 1 Monitouch V-sft | 2025-11-12 | N/A | 7.8 HIGH |
| Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2025-33202 | 2025-11-12 | N/A | 6.5 MEDIUM | ||
| NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2025-64096 | 1 Nasa | 1 Cryptolib | 2025-11-11 | N/A | 8.8 HIGH |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, there is a missing bounds check in Crypto_Key_update() (crypto_key_mgmt.c) which allows a remote attacker to trigger a stack-based buffer overflow by supplying a TLV packet with a spoofed length field. The function calculates the number of keys from an attacker-controlled field (pdu_len), which may exceed the static array size (kblk[98]), leading to an out-of-bounds write and potential memory corruption. This vulnerability is fixed in 1.4.2. | |||||
| CVE-2025-62507 | 2025-11-06 | N/A | N/A | ||
| Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command. | |||||
| CVE-2025-63468 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63466 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63467 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63469 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-63460 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-11-05 | N/A | 7.5 HIGH |
| Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||