Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-125106

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Jun, 2023 | 00:00
Updated At-17 Dec, 2024 | 15:49
Rejected At-
Credits

Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Jun, 2023 | 00:00
Updated At:17 Dec, 2024 | 15:49
Rejected At:
â–¼CVE Numbering Authority (CNA)

Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168
N/A
https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt
N/A
https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1
N/A
Hyperlink: https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168
Resource: N/A
Hyperlink: https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt
Resource: N/A
Hyperlink: https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168
x_transferred
https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt
x_transferred
https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1
x_transferred
Hyperlink: https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168
Resource:
x_transferred
Hyperlink: https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt
Resource:
x_transferred
Hyperlink: https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:17 Jun, 2023 | 22:15
Updated At:17 Dec, 2024 | 16:15

Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

nanopb_project
nanopb_project
>>nanopb>>Versions before 0.3.1(exclusive)
cpe:2.3:a:nanopb_project:nanopb:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txtcve@mitre.org
Release Notes
https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168cve@mitre.org
Patch
https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1cve@mitre.org
Patch
https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txtaf854a3a-2127-422b-91ae-364da2661108
Release Notes
https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1af854a3a-2127-422b-91ae-364da2661108
Patch
Hyperlink: https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://github.com/nanopb/nanopb/blob/master/CHANGELOG.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/nanopb/nanopb/compare/nanopb-0.3.0...nanopb-0.3.1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

2255Records found

CVE-2020-5235
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.73% / 74.76%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 03:00
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-memory condition in Nanopb is potentially exploitable

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. This problem is fixed in nanopb-0.4.1, nanopb-0.3.9.5, nanopb-0.2.9.4.

Action-Not Available
Vendor-nanopb_projectnanopb
Product-nanopbNanopb
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-44202
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.19% / 64.20%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-878dir-878_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25742
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 43.39%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-05 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-853_firmwaredir-853n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 61.34%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2618
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.85% / 76.48%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 13:31
Updated-26 Mar, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1620 Path api set_ws_action heap-based overflow

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1620dap-1620_firmwareDAP-1620
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.19% / 64.20%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 00:00
Updated-07 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816dir-816_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 41.88%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-853_firmwaredir-853n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1514
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.09% / 92.54%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2621
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.91% / 77.31%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 16:31
Updated-26 Mar, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1620 storage check_dws_cookie stack-based overflow

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1620dap-1620_firmwareDAP-1620
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25249
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.4||HIGH
EPSS-0.75% / 50.30%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:32
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

Action-Not Available
Vendor-Fortinet, Inc.Siemens AG
Product-fortisasefortiosfortiswitchmanagerFortiOSFortiSwitchManagerRUGGEDCOM APE1808
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25744
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 41.88%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-05 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-853_firmwaredir-853n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43260
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 53.33%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-12 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18ac18_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26336
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.59% / 43.92%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 02:23
Updated-27 Mar, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-chassis_management_controller_for_poweredge_fx2chassis_management_controller_for_poweredge_vrtx_firmwarechassis_management_controller_for_poweredge_fx2_firmwarechassis_management_controller_for_poweredge_vrtxDell Chassis Management Controller (CMC) for PowerEdge VRTXDell Chassis Management Controller (CMC) for Dell PowerEdge FX2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43102
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 56.17%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-05 May, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac23ac23_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.47% / 70.64%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 13:51
Updated-06 Aug, 2024 | 09:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

centurystar 7.12 ActiveX Control has a Stack Buffer Overflow

Action-Not Available
Vendor-centurystar_projectn/a
Product-centurystarn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43467
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 53.45%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 20:25
Updated-03 Aug, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-openbabelOpen Babelopenbabel
Product-open_babelOpen Babelopen_babel
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2619
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-1.85% / 76.48%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 14:00
Updated-26 Mar, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1620 Cookie storage check_dws_cookie stack-based overflow

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1620dap-1620_firmwareDAP-1620
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26508
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-8.3||HIGH
EPSS-0.90% / 55.16%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 17:03
Updated-15 Jan, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Action-Not Available
Vendor-HP Inc.
Product-4y279al3u43a499q4f3qa75a7ps96a3sj34a4ra84a7h5w6aj7z12a4ra86ez8z05a4ra88f3pz95a5rc87a5fm77aj8j65a4pz46ab5l48at3u66a49k98aj8a16a5hh52a_firmware74t92a_firmware3sj03a1pv49a5hh59a5hh48vj8j72a4ra87f_firmware499q5f5hh51a_firmwareb5l38a3gy16am0p32az8z07a5zp01az8z12a7ps85a4ra82f5hh67a_firmware4ra84e_firmwarex3a59a7h5w7a49k97avg1w40ay3z63a4ra84f_firmware4pz47a1pv87ad7p70a499q9e7e357a74p27a4ra81e5cm69a5cm59ax3a90a759v0ej7z11a4ra85v4ra83ay3z60aj7z99a499q3e_firmwarel3u42a5rc84a499n1a_firmware6qn30a5cm64a3gy19ax3a89a7ps84az8z08a5hh66a4ra85a499q7f_firmware5hh53a_firmware499q9f6qp98af2a66a3pz75a5qj94aj8j73a49k86aj8j78a499q7acf236aj8a13af2a68a3gn19aj8a04a8pe97a1ps55a4ra86a4ra87a499q5a74p25a_firmware4ra83fg1w46am0p35a58r10a5hh72a_firmware3sj19ax3a62a4pa44a4ra84e4ra80e_firmware5hh64ek0q17ab5l23a3sj13a3gy09a8gs15a2gp26a1pv64a4ra84a_firmware1pu52a8gr96a2gp25a74t92e_firmware6qn37a5hh64a5hh53a4ra83f_firmware1ps54a6bs57a3gy14az8z00ax3a72a4ra86f759v1e8gs00aj8j80a4ra89a_firmwarej8j63aj7z07a8gs27a4ra84f499q5f_firmware74t92f5qj87a5hh65aj7z13a3sj38a7ps86a499r0f_firmware499n4a_firmwarecz245ak0q15a4ra80f_firmwaret3u44a499n0ay3z66a499m6ak0q21a7ps97a5hh73a115p9awe6b73a9rt92a499q7a_firmware58m42ab5l24ax3a74a8pe95a3sj12ab5l49az8z14ax3a75a1pu51ax3a84a2gp23af2a70a4ra80e3sj36a499n6aj7z98aj7z05aj7z14a3sj37a499m7a8gs14a3sj04ab5l54a4ra81f_firmware4ra83a_firmware1pv65a5rc90a5hh64f_firmware759v2e7zu86a4ra81f759v0f_firmware8gs36aa8zq5a4ra82a_firmware3gy03a74p26a_firmware759v2f_firmware8d7l1a7ps87acz244a4ra87f7ps81a7zu79al3u65ax3a87al3u70a8d7l0a_firmware6qn38a3gy20ax3a65a5qj81a74p28ax3a86aj7z09a6bs58a4ra88f_firmwarey3z62a499m9a_firmware5cm68aj8j76a17f27aw3sj11aj8a06a499q4e_firmwarecf367aj8a05a5fm78az8z19j8j64ax3a77a499n0a_firmware4ra82fr_firmwarek0q19a3sj29a499r0a_firmwarej8a11ax3a71a5qk18a499q7f7ps94a3gy17a499r0e_firmwareb5l47a4ra81frf2a67a*a2w76ax3a81al3u66a4ra82f_firmware5cm77a4ra88a_firmware4ra85e_firmware4ra85ef2a69az8z04a4pz45aj7z06a4ra87a_firmware8gs44a5qk20a8gs13aa8zq7acf067a499q4e499m7a_firmware4ra81ag1w47az8z09a3sj33aj8j79a4ra82e_firmware1pv88a5qk15al3u67aa2w75a499q3f499n5a6bs59ax3a92a7pt01a6qn33a499q9e_firmwarez8z01a3gy04a3sj21a499n1a499q9f_firmwarey3z68a499q6em0p36aa8zq6a5rc85acf235a3gy10a499q5fr_firmwaree6b72a5cm63a5cm79az8z010a8gr98ax3a60a4ra80aj7z10az8z18a5qj90a4ra89v7ps83a4pz43at3u55a5hh48a_firmwarez8z02ax3a63a3gx98ag1w46v4y280a7pt00aa91s3a6qp99a3gy12aj8j67a499q6f_firmwarefuturesmart_5l2762ad7p71a49l02a5zn99a4ra83e499q6e_firmwarex3a78a5hh72a499q5e_firmwarex3a69ab5l39al3u57a4ra86f_firmware8pe98a7ps99a8gs50a759v0f759v1e_firmware759v2e_firmware5cm71a5fm76a3qa55a5qk08a499q3a_firmware49k84az8z17a499m8a4ra85v_firmwarem0p39af2a71at3u64a8pe94a5hh67a7ps88aa91s1a4ra85f499q8e_firmware499q5e1pv89aa91s5a4ra86e_firmwarez8z011az8z06acf068a5fm80a5hh48v_firmware6qq00a3gy15a4ra89v_firmwarel3u51a499m9a3sj00afuturesmart_4b5l46a4ra81fr_firmware5rc88a8gs37a499n5a_firmwareb5l50a5zp00a5cm65az5g77a115q0aw499r0f6qq01a3gy18a5cm75a5cm58a1pv66a8gs28a4ra85f_firmwarez8z23a74p26a74p28a_firmware3gy32a5cm76a74p27a_firmware5fm81a4ra81a_firmware5hh64f1pv67a499q7e499q6a_firmware4ra87el3u64a3pz16a74t92f_firmware5fm82a4ra88e5hh51a8gr95ax3a93a3pz35a8gs26aj8a10aj8j74a2gp22a4ra82e5hh66a_firmwarej8j66a5qk13a8d7l2a4ra81e_firmware499q7e_firmwarek0q14aaz8z20ab5l25a49l04al3u56aj8j71a8d7l1a_firmwarez8z22a6qn28afuturesmart_3t3u56a8gs01a499q8aa8zq4a499r0e6qn35a8d7l2a_firmware3sj35a6qn31al3u55a8gs29acf238a499q4f_firmware49l00a6qn36aj7z08a3qa35a3pz56a759v1ff2a80a49k96av499q6f5rc86a7ps82a3sj02a5rc92al2763ag1w47v3sj01a4ra86a_firmware5zn98aj7z03a5qj83ag1w41aj8j70a19gsawy3z64a5hh64a_firmware5qj98a49k90a8gs43a499q8a_firmware5qk02al3u52aa8zq3a5cm78a5cm66ax3a82a74t92a499q9a_firmware5qk03a6qp97aj7z04az8z0ax3a68a5hh48a4ra87e_firmware1pv86at3u43abl27ax3a80a499r0a3pz55a7ps95a3pz15a499q9al3u63a3sj32am0p40a4ra89a499q5fr4ra82fr8gs30a5hh73a_firmware3sj30a499q8f49k99a3gy31af2a79az8z16a8gs25ax3a83a759v1f_firmwarek0q20a7zu81a4ra83e_firmware5cm72a4ra80f8pe96a499q3e499q8e499n6a_firmware8gs12a7zu88a3sj28a499q3a4ra80a_firmwarel3u69a7zu87a9rt91a499q6az8z13a3sj22a499q3f_firmware5hh52a3gy26ay3z61a5rc91a7zu78aa91s7a499n4ak0q22a3gy25ax3a79a4ra82a5rc89a8gr94a5hh59a_firmware4ra85a_firmwarey3z49ab5l26ag1w39aj8a12am0p33a5cm61az5g79a74t92ecf069a7ps98a7zu85a8gr97a499q5a_firmware759v2fcf066a8gr99a5hh65a_firmware4ra88e_firmware8d7l0a5hh64e_firmwarez8z15aa8zq2a499q8f_firmware5cm70a74p25a759v0e_firmwarek0q18a4ra88a5rc83ax3a66a6qn29aj8a17a3sj20a499m6a_firmware499m8a_firmwarey3z65aCertain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 39.78%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 00:00
Updated-17 Mar, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac8_firmwareac8n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44255
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.17% / 80.08%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.

Action-Not Available
Vendor-n/aTOTOLINK
Product-lr350_firmwarelr350n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2620
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-7.49% / 93.73%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 14:31
Updated-26 Mar, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1620dap-1620_firmwareDAP-1620
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24273
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 55.10%
||
7 Day CHG+0.04%
Published-31 Mar, 2025 | 22:23
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43107
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 56.17%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-02 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac23_firmwareac23n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-2073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.90% / 91.03%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 15:00
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus."

Action-Not Available
Vendor-n/aDassault Systèmes S.E. (3DS)
Product-catian/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24231
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 60.23%
||
7 Day CHG+0.05%
Published-31 Mar, 2025 | 22:23
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 61.34%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2474
Matching Score-4
Assigner-BlackBerry
ShareView Details
Matching Score-4
Assigner-BlackBerry
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 44.83%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:38
Updated-01 Dec, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in PCX Image Codec Impacts QNX Software Development Platform

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.

Action-Not Available
Vendor-BlackBerry Limited
Product-qnx_software_development_platformQNX Software Development Platform (SDP)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-9698
Matching Score-4
Assigner-CPAN Security Group
ShareView Details
Matching Score-4
Assigner-CPAN Security Group
CVSS Score-7.5||HIGH
EPSS-0.38% / 29.55%
||
7 Day CHG-0.03%
Published-09 Jun, 2026 | 07:22
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

Action-Not Available
Vendor-perlHMBRANDRed Hat, Inc.
Product-dbiDBIRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2370
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.00% / 58.57%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 09:00
Updated-07 Apr, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1800t_firmwareex1800tEX1800T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23318
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8.1||HIGH
EPSS-0.64% / 46.34%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:36
Updated-12 Aug, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2022-43029
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 50.58%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-tx3tx3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 56.17%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-05 May, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac23ac23_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-28592
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-2.54% / 83.09%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 13:40
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-cosorin/a
Product-cs158-af_firmwarecs158-afCosori
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-125026
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-9.8||CRITICAL
EPSS-1.06% / 60.37%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 21:13
Updated-11 Apr, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds write in github.com/cloudflare/golz4

LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-golz4github.com/cloudflare/golz4
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24118
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 88.09%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 21:45
Updated-02 Jun, 2026 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiPadOSmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-16451
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-34.68% / 98.22%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2369
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.00% / 58.57%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 08:31
Updated-07 Apr, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1800T cstecgi.cgi setPasswordCfg stack-based overflow

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1800t_firmwareex1800tEX1800T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-29016
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.30% / 87.02%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 16:04
Updated-25 Oct, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortinet FortiWeb
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22884
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.24%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 07:37
Updated-25 Aug, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-ispsoftISPSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5067
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 39.07%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 06:01
Updated-09 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the input length reaches the buffer size. During upgrade handling the buffer is copied to a local stack buffer and passed to strlen(); if no NUL exists in-bounds, strlen() reads beyond the stack buffer and subsequent concatenation with the WebSocket magic string can write out of bounds. This leads to out-of-bounds read and write on stack memory, resulting in crash (denial of service) and potentially code execution. The path is reachable when CONFIG_HTTP_SERVER_WEBSOCKET is enabled.

Action-Not Available
Vendor-Zephyr Project
Product-Zephyr
CWE ID-CWE-170
Improper Null Termination
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43104
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 56.17%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-05 May, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac23ac23_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43764
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 51.30%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 10:12
Updated-25 Mar, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow when changing configuration on Tbase Server

Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-industrial_automation_aprolB&R APROL
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2263
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 53.70%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:25
Updated-03 Apr, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Stack-based Buffer Overflow

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

Action-Not Available
Vendor-Santesoft LTD
Product-sante_pacs_serverSante PACS Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22883
Matching Score-4
Assigner-759f5e80-c8e1-4224-bead-956d7b33c98b
ShareView Details
Matching Score-4
Assigner-759f5e80-c8e1-4224-bead-956d7b33c98b
CVSS Score-7.8||HIGH
EPSS-0.31% / 22.44%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 07:36
Updated-16 May, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-ispsoftISPSoft
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22457
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-9||CRITICAL
EPSS-99.97% / 99.98%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 15:20
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-04-11||Apply mitigations as set forth in the CISA instructions linked below.

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-policy_secureconnect_securezero_trust_access_gatewayPolicy SecureConnect SecureNeurons for ZTA gatewaysConnect Secure, Policy Secure, and ZTA Gateways
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44199
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.97% / 57.50%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-0011
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.49% / 82.72%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 19:34
Updated-06 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.

Action-Not Available
Vendor-tigervncTigerVNC
Product-tigervncTigerVNC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27297
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.09%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 19:06
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-opc_ua_tunnellerOPC UA Tunneller
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 61.34%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-8263
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-4.55% / 90.44%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 02:00
Updated-12 May, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection

A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10uac10u_firmwareAC6
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 45
  • 46
  • Next
Details not found