Total
13807 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29557 | 1 Dlink | 6 Dir-825, Dir-825\/a, Dir-825\/ac and 3 more | 2025-11-07 | 9.8 Critical |
| An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. | ||||
| CVE-2025-12875 | 2025-11-07 | 5.3 Medium | ||
| A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue. | ||||
| CVE-2019-16928 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2025-11-07 | 9.8 Critical |
| Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | ||||
| CVE-2018-7445 | 1 Mikrotik | 1 Routeros | 2025-11-07 | 9.8 Critical |
| A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. | ||||
| CVE-2025-2915 | 1 Hdfgroup | 1 Hdf5 | 2025-11-07 | 3.3 Low |
| A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-40661 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2025-11-06 | 5.4 Medium |
| Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. | ||||
| CVE-2024-37006 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2025-11-06 | 7.8 High |
| A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. | ||||
| CVE-2025-26597 | 3 Redhat, Tigervnc, X.org | 9 Enterprise Linux, Rhel Aus, Rhel E4s and 6 more | 2025-11-06 | 7.8 High |
| A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. | ||||
| CVE-2024-12085 | 8 Almalinux, Archlinux, Gentoo and 5 more | 28 Almalinux, Arch Linux, Linux and 25 more | 2025-11-06 | 7.5 High |
| A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. | ||||
| CVE-2025-9338 | 1 Asus | 1 Armoury Crate | 2025-11-06 | N/A |
| A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory. | ||||
| CVE-2025-12745 | 1 Quickjs-ng | 1 Quickjs | 2025-11-06 | 5.3 Medium |
| A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2019-8720 | 3 Redhat, Webkitgtk, Wpewebkit | 24 Codeready Linux Builder, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 21 more | 2025-11-06 | 8.8 High |
| A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | ||||
| CVE-2025-43441 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2025-11-05 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43435 | 1 Apple | 10 Ios, Ipad Os, Ipados and 7 more | 2025-11-05 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43429 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-11-05 | 4.3 Medium |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43398 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2025-11-05 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-12611 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-05 | 8.8 High |
| A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2025-12596 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-11-05 | 8.8 High |
| A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-12595 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-11-05 | 8.8 High |
| A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-43424 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-11-05 | 4.3 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious HID device may cause an unexpected process crash. | ||||