Total
2524 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-53180 | 1 Huawei | 1 Harmonyos | 2025-07-09 | 6.5 Medium |
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
CVE-2025-20686 | 2 Mediatek, Openwrt | 7 Mt6890, Mt7915, Mt7916 and 4 more | 2025-07-09 | 8.8 High |
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404. | ||||
CVE-2025-27752 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | 7.8 High |
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
CVE-2025-26666 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-09 | 7.8 High |
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. | ||||
CVE-2025-26674 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-09 | 7.8 High |
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally. | ||||
CVE-2025-26668 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-09 | 7.5 High |
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
CVE-2025-27478 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 7 High |
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | ||||
CVE-2025-27477 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 8.8 High |
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | ||||
CVE-2025-27490 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-07-08 | 7.8 High |
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
CVE-2023-50229 | 2 Bluez, Redhat | 2 Bluez, Enterprise Linux | 2025-07-08 | 8.0 High |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936. | ||||
CVE-2023-50230 | 2 Bluez, Redhat | 2 Bluez, Enterprise Linux | 2025-07-08 | 8.0 High |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938. | ||||
CVE-2023-51596 | 2 Bluez, Redhat | 2 Bluez, Enterprise Linux | 2025-07-08 | 7.1 High |
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939. | ||||
CVE-2025-50130 | 2025-07-08 | 7.8 High | ||
A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execution. | ||||
CVE-2024-49000 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2025-07-08 | 8.8 High |
SQL Server Native Client Remote Code Execution Vulnerability | ||||
CVE-2024-49030 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-07-08 | 7.8 High |
Microsoft Excel Remote Code Execution Vulnerability | ||||
CVE-2024-49017 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2025-07-08 | 8.8 High |
SQL Server Native Client Remote Code Execution Vulnerability | ||||
CVE-2024-49015 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2025-07-08 | 8.8 High |
SQL Server Native Client Remote Code Execution Vulnerability | ||||
CVE-2024-49013 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2025-07-08 | 8.8 High |
SQL Server Native Client Remote Code Execution Vulnerability | ||||
CVE-2024-49012 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2025-07-08 | 8.8 High |
SQL Server Native Client Remote Code Execution Vulnerability | ||||
CVE-2024-49011 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2025-07-08 | 8.8 High |
SQL Server Native Client Remote Code Execution Vulnerability |