Total
13630 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50187 | 1 Trimble | 1 Sketchup Viewer | 2025-07-08 | N/A |
| Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20789. | ||||
| CVE-2025-6818 | 1 Hdfgroup | 1 Hdf5 | 2025-07-08 | 3.3 Low |
| A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6825 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-08 | 8.8 High |
| A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6856 | 1 Hdfgroup | 1 Hdf5 | 2025-07-08 | 3.3 Low |
| A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6857 | 1 Hdfgroup | 1 Hdf5 | 2025-07-08 | 3.3 Low |
| A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6881 | 2 D-link, Dlink | 3 Di-8100, Di-8100, Di-8100 Firmware | 2025-07-08 | 8.8 High |
| A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoe_base.asp of the component jhttpd. The manipulation of the argument mschap_en leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-35003 | 1 Apache | 1 Nuttx | 2025-07-08 | 9.8 Critical |
| Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. This issue affects Apache NuttX: from 7.25 before 12.9.0. | ||||
| CVE-2025-6487 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-07-07 | 8.8 High |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6486 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-07-07 | 8.8 High |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6939 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6940 | 1 Totolink | 2 A702r, A702r Firmware | 2025-07-07 | 8.8 High |
| A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6953 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-07 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39133 | 1 Zziplib Project | 1 Zziplib | 2025-07-07 | 4.3 Medium |
| Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c. | ||||
| CVE-2025-6565 | 1 Netgear | 1 Wnce3001 | 2025-07-06 | 8.8 High |
| A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6824 | 1 Totolink | 2 X15, X15 Firmware | 2025-07-06 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6816 | 1 Hdfgroup | 1 Hdf5 | 2025-07-06 | 3.3 Low |
| A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6751 | 1 Linksys | 1 E8450 | 2025-07-06 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6887 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-06 | 8.8 High |
| A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6886 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-06 | 8.8 High |
| A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1246 | 1 Arm | 3 5th Gen Gpu Architecture Userspace Driver, Bifrost Gpu Userspace Driver, Valhall Gpu Userspace Driver | 2025-07-02 | 7.8 High |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0. | ||||