Total
3787 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14709 | 1 Sgwbox | 2 N3, N3 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/http_eshell_server of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-36377 | 1 Osslsigncode Project | 1 Osslsigncode | 2025-12-30 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. | |||||
| CVE-2025-47372 | 1 Qualcomm | 46 Qam8255p, Qam8255p Firmware, Qam8620p and 43 more | 2025-12-23 | N/A | 9.0 CRITICAL |
| Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. | |||||
| CVE-2025-65404 | 1 Live555 | 1 Streaming Media | 2025-12-23 | N/A | 6.5 MEDIUM |
| A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream. | |||||
| CVE-2025-14015 | 1 H3c | 2 Magic B0, Magic B0 Firmware | 2025-12-23 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-50401 | 1 Mercurycom | 2 D196g, D196g Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
| Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password. | |||||
| CVE-2025-50398 | 1 Mercurycom | 2 D196g, D196g Firmware | 2025-12-22 | N/A | 9.8 CRITICAL |
| Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password. | |||||
| CVE-2025-66287 | 2025-12-22 | N/A | 8.8 HIGH | ||
| A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. | |||||
| CVE-2025-14526 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-12-19 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10886 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2025-12-19 | N/A | 7.8 HIGH |
| A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2025-10887 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2025-12-19 | N/A | 7.8 HIGH |
| A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2025-10889 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2025-12-19 | N/A | 7.8 HIGH |
| A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2025-14656 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-19 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2023-53874 | 1 Gomlab | 1 Gom Player | 2025-12-18 | N/A | 9.8 CRITICAL |
| GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability. | |||||
| CVE-2025-50361 | 1 Smallbasic | 1 Smallbasic | 2025-12-18 | N/A | 5.1 MEDIUM |
| Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash. | |||||
| CVE-2023-4582 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2025-12-18 | N/A | 8.8 HIGH |
| Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | |||||
| CVE-2023-41913 | 1 Strongswan | 1 Strongswan | 2025-12-18 | N/A | 9.8 CRITICAL |
| strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. | |||||
| CVE-2021-3177 | 5 Debian, Fedoraproject, Netapp and 2 more | 10 Debian Linux, Fedora, Active Iq Unified Manager and 7 more | 2025-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | |||||
| CVE-2025-43532 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 2.8 LOW |
| A memory corruption issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing malicious data may lead to unexpected app termination. | |||||
| CVE-2024-29195 | 1 Microsoft | 1 Azure C Shared Utility | 2025-12-15 | N/A | 6.0 MEDIUM |
| The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2. | |||||