Total
13297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15189 | 1 Dlink | 2 Dwr-m920, Dwr-m920 Firmware | 2025-12-30 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-14861 | 1 Mozilla | 1 Firefox | 2025-12-30 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146.0.1. | |||||
| CVE-2025-14709 | 1 Sgwbox | 2 N3, N3 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/http_eshell_server of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15047 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-15046 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15045 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-15044 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. | |||||
| CVE-2025-14958 | 1 Floooh | 1 Sokol | 2025-12-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue. | |||||
| CVE-2025-14956 | 1 Webassembly | 1 Binaryen | 2025-12-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-14964 | 1 Totolink | 2 T10, T10 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote. | |||||
| CVE-2025-12771 | 1 Ibm | 1 Concert | 2025-12-29 | N/A | 7.8 HIGH |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | |||||
| CVE-2024-9684 | 2025-12-29 | N/A | 7.5 HIGH | ||
| FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences. | |||||
| CVE-2025-14879 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-24 | 10.0 HIGH | 9.8 CRITICAL |
| A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-14878 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-24 | 10.0 HIGH | 9.8 CRITICAL |
| A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-15013 | 2025-12-23 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2025-14015 | 1 H3c | 2 Magic B0, Magic B0 Firmware | 2025-12-23 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14665 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-14526 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-12-19 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-14654 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-19 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-14655 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-19 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | |||||