Buffer Overflow
Monthly
Vulnerability of insufficient data length verification in the HVB module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
:Vulnerability of insufficient data length verification in the DFA module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write vulnerability in the skia module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the devicemanager module. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Stack-based buffer overflow vulnerability in the dms_fwk module. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access vulnerability in the ArkUI framework. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. Rated low severity (CVSS 1.0), this vulnerability is no authentication required. No vendor patch available.
CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required.
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
Squid is a caching proxy for the Web. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In bootloader, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds memory access in Apple media processing components affects iOS, iPadOS, macOS, tvOS, and visionOS, allowing local attackers to crash applications or corrupt memory via malicious media files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, and visionOS 2.6. EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation probability, and no public exploit identified at time of analysis, suggesting lower immediate risk despite CVSS 7.1 rating.
Out-of-bounds read vulnerability in Apple media processing frameworks allows local attackers to cause application crashes or disclose sensitive process memory by tricking users into opening malicious media files. Affects iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, and visionOS 2.x prior to July 2025 security updates. No public exploit identified at time of analysis, with EPSS score of 0.02% indicating minimal observed exploitation activity. User interaction required (opening crafted file) reduces immediate risk despite 7.1 CVSS score.
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.
A buffer overflow vulnerability exists in the web service of multiple TP-Link router models including TL-WR841N v11, TL-WR842ND v2, and TL-WR494N v3, caused by missing input validation in /userRpm/WlanNetworkRpm.htm. An unauthenticated remote attacker can exploit this to crash the web service and cause a denial-of-service condition. The vulnerability has a low exploitation likelihood with EPSS score of 0.06% and affects products that are no longer supported by TP-Link.
A vulnerability in the Linux kernel's HID (Human Interface Device) core subsystem allows local attackers with low privileges to bypass input validation checks when interacting with HID devices. The flaw occurs because certain code paths directly call low-level transport driver functions instead of using the hid_hw_raw_request() function, which performs critical buffer and length validation. With an EPSS score of only 0.01% and no known exploitation in the wild, this represents a local privilege escalation risk primarily concerning systems with untrusted local users.
Memory corruption in Firefox 140 and Thunderbird 140 enables remote code execution without authentication. Mozilla confirmed multiple memory safety bugs with evidence of corruption, collectively presumed exploitable for arbitrary code execution. Fixed in Firefox 141 and Thunderbird 141. CVSS 9.8 critical severity with network-accessible attack vector requiring no user interaction. EPSS data not provided; no public exploit identified at time of analysis.
Memory corruption in Mozilla Firefox 140 and Thunderbird 140 (including ESR versions) allows remote code execution when users interact with malicious web content. Affected versions include Firefox ESR 140.0, Firefox 140, Thunderbird ESR 140.0, and Thunderbird 140. With CVSS 8.8 and requiring only user interaction (no authentication), this represents a significant threat to enterprise and consumer users. No public exploit identified at time of analysis, though Mozilla confirmed memory corruption evidence suggesting exploitability with sufficient attacker effort. Vendor-released patches available in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
Remote code execution in Mozilla Firefox (ESR 128.12, 140.0, Firefox 140) and Thunderbird (ESR 128.12, 140.0, Thunderbird 140) allows unauthenticated remote attackers to execute arbitrary code via memory corruption vulnerabilities classified as buffer overflow (CWE-119). User interaction is required. Mozilla has released patches for all affected products (Firefox 141, ESR 128.13, ESR 140.1, Thunderbird 141, 128.13, 140.1). No public exploit identified at time of analysis, though CVSS score of 8.8 reflects high severity with complete compromise potential.
Remote code execution in Mozilla Firefox (ESR 115.x through 115.25, 128.x through 128.12, 140.0, regular 140) and Thunderbird (ESR 128.12, 140.0, regular 140) via memory safety bugs (CWE-119 buffer overflow). Attackers can execute arbitrary code by delivering crafted web content that triggers memory corruption when a user interacts with malicious pages or emails. CVSS 8.8 (High) reflects network-based attack requiring user interaction but no authentication. Vendor-released patches available: Firefox 141, Firefox ESR 115.26/128.13/140.1, Thunderbird 141/128.13/140.1. EPSS data not provided; no public exploit identified at time of analysis, though Mozilla notes evidence of memory corruption suggesting exploitability with effort.
Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggregate queries causing integrity impacts. The vulnerability stems from improper validation of aggregate terms against available columns (CWE-197), leading to buffer overflow conditions. CVSS 7.2 (High) with network attack vector but high complexity and partial attack complexity requirements. Vendor-released patch available in SQLite 3.50.2. No confirmed active exploitation (not in CISA KEV), though multiple security advisories from Siemens and OSS-security mailing lists indicate broad downstream impact across industrial control systems and embedded products using SQLite.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
A vulnerability, which was classified as critical, has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthread_cond_destroy of the component Public API. The manipulation leads to memory corruption. The exploit has been disclosed to the public and may be used.
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
CVE-2025-7603 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1, affecting the HTTP Request Handler component (/jingx.asp file). An authenticated remote attacker with high privileges can exploit this vulnerability to achieve complete compromise of the device, including code execution, data theft, and denial of service. A public proof-of-concept exploit exists, increasing real-world exploitation risk.
CVE-2025-7602 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1 affecting the /arp_sys.asp HTTP endpoint. An authenticated remote attacker with high privileges can exploit this vulnerability to achieve arbitrary code execution, potentially compromising device integrity, confidentiality, and availability. Public exploit code is available, elevating real-world risk despite the CVSS 7.2 score.
CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router (version 1.0.0.1) affecting the WiFi MAC filter configuration endpoint. An authenticated remote attacker can exploit improper input validation in the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). Public exploit code has been disclosed and the vulnerability may be actively exploited.
CVE-2025-7597 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router firmware (version 1.0.0.1) affecting the MAC filter configuration function. An authenticated attacker can remotely exploit this via the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). A public exploit has been disclosed and the vulnerability may be actively exploited.
A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
A critical buffer overflow vulnerability exists in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspApBasicConfigUrcp endpoint's Username parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Public proof-of-concept code is available, and the vendor has not responded to early disclosure attempts, indicating no official patch is available.
CVE-2025-7570 is a critical remote buffer overflow vulnerability in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspRemoteApConfTempSend endpoint via the remoteSrcTemp parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public exploit exists and the vendor has not responded to early disclosure, indicating active exploitation risk.
CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.
CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.
CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.
CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 wireless router firmware version 1.2.0.14(408) affecting the SafeEmailFilter function. An authenticated remote attacker can exploit an improper bounds check on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code exists for this vulnerability, elevating real-world risk significantly.
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
CVE-2025-7544 is a critical stack-based buffer overflow vulnerability in Tenda AC1206 firmware version 15.03.06.23, specifically in the formSetMacFilterCfg function accessible via the /goform/setMacFilterCfg endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the deviceList parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.
CVE-2025-7532 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the webExcptypemanFilter function. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public exploit has been disclosed and the vulnerability meets criteria for active exploitation risk.
CVE-2025-7531 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP user settings function. An authenticated remote attacker can exploit improper input validation on the 'delno' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and represents active exploitation risk.
CVE-2025-7530 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit this vulnerability by supplying a malicious Username argument to the /goform/PPTPDClient endpoint, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
CVE-2025-7529 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) that allows authenticated remote attackers to achieve complete system compromise through manipulation of the 'page' parameter in the /goform/Natlimit endpoint. With a CVSS score of 8.8, public exploit disclosure, and confirmation of active exploitation potential, this vulnerability poses significant real-world risk to deployed Tenda router installations.
CVE-2025-7528 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'dips' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit code available and meets criteria for active exploitation risk.
A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/AdvSetWan endpoint. An authenticated remote attacker can overflow the PPPOEPassword parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
CVE-2025-7506 is a critical stack-based buffer overflow vulnerability in Tenda FH451 router firmware version 1.0.0.9, exploitable via the HTTP POST parameter 'page' in the /goform/Natlimit endpoint. An authenticated remote attacker can achieve complete system compromise (code execution, data exfiltration, denial of service) without user interaction. Public exploit code is available, indicating active disclosure and likely exploitation in the wild.
CVE-2025-7505 is a critical stack-based buffer overflow vulnerability in Tenda FH451 v1.0.0.9 affecting the HTTP POST request handler's L7 protocol filter functionality. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'page' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed and the vulnerability meets CISA KEV criteria for active exploitation risk.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.
A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.
A critical buffer overflow vulnerability exists in Tenda FH1201 wireless router firmware version 1.2.0.14, located in the HTTP POST handler for wireless safety settings. An authenticated attacker can remotely exploit this vulnerability by sending a crafted request with an oversized 'mit_ssid' parameter to the /goform/AdvSetWrlsafeset endpoint, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit is available, and this vulnerability meets CISA KEV criteria for active exploitation in the wild.
CVE-2023-38036 is a critical unauthenticated buffer overflow vulnerability in Ivanti Avalanche Manager prior to version 6.4.1 that allows remote attackers to cause denial of service or achieve arbitrary code execution without authentication. With a CVSS score of 9.8 and network-based attack vector, this vulnerability has significant real-world exploitability risk and affects all organizations deploying vulnerable Avalanche Manager instances.
CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.
CVE-2025-30403 is a heap buffer overflow vulnerability in Meta's mvfst QUIC implementation that allows remote attackers without privileges to trigger memory corruption and cause denial of service or potentially read sensitive data from heap memory. The vulnerability affects mvfst versions prior to v2025.07.07.00 and requires user interaction (opening a malicious QUIC connection), with a high CVSS score of 8.1 reflecting the severity of memory safety issues, though KEV status and EPSS probability data are not currently available in public disclosures.
CVE-2025-7029 is a critical SMRAM corruption vulnerability in software SMI handlers that allows local attackers with high privileges to achieve arbitrary memory writes and potential SMM privilege escalation. The vulnerability exists in SwSmiInputValue 0xB2 handler where attacker-controlled RBX register values are used to derive unvalidated pointers for power and thermal configuration operations. This affects firmware-level security boundaries and could enable complete system compromise, though exploitation requires elevated privileges and no public exploit code or active KEV exploitation has been reported at this time.
An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart. Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved: * All versions of 21.2-EVO, * All versions of 21.4-EVO, * All versions of 22.2-EVO, * from 22.4 before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.
An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
CVE-2025-7434 is a critical stack-based buffer overflow vulnerability in Tenda FH451 wireless routers (versions up to 1.0.0.9) affecting the POST request handler for the /goform/addressNat endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to overflow the stack, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability may be actively exploited in the wild.
CVE-2025-7423 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the WiFi MAC filter functionality. An authenticated attacker can remotely exploit this vulnerability by sending a malicious macList parameter to the /goform/setWrlFilterList endpoint, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and may be actively exploited in the wild.
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.
A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 firmware version 1.0.0.12(3880) in the MAC filter modification function. An authenticated remote attacker can exploit improper input validation of the 'mac' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and demonstrates high real-world exploitability.
CVE-2025-7420 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the httpd component's WiFi configuration handler. An authenticated remote attacker can overflow the stack via the 'extChannel' parameter in the /goform/setWrlBasicInfo endpoint, achieving complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code has been disclosed and the vulnerability meets CVSS 8.8 severity criteria, indicating high real-world risk for affected router deployments.
Vulnerability of insufficient data length verification in the HVB module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
:Vulnerability of insufficient data length verification in the DFA module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write vulnerability in the skia module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read vulnerability in the devicemanager module. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Stack-based buffer overflow vulnerability in the dms_fwk module. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds array access vulnerability in the ArkUI framework. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds access vulnerability in the audio codec module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. Rated low severity (CVSS 1.0), this vulnerability is no authentication required. No vendor patch available.
CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In Power HAL, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required.
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.
Squid is a caching proxy for the Web. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In bootloader, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds memory access in Apple media processing components affects iOS, iPadOS, macOS, tvOS, and visionOS, allowing local attackers to crash applications or corrupt memory via malicious media files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, and visionOS 2.6. EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation probability, and no public exploit identified at time of analysis, suggesting lower immediate risk despite CVSS 7.1 rating.
Out-of-bounds read vulnerability in Apple media processing frameworks allows local attackers to cause application crashes or disclose sensitive process memory by tricking users into opening malicious media files. Affects iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, and visionOS 2.x prior to July 2025 security updates. No public exploit identified at time of analysis, with EPSS score of 0.02% indicating minimal observed exploitation activity. User interaction required (opening crafted file) reduces immediate risk despite 7.1 CVSS score.
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.
A buffer overflow vulnerability exists in the web service of multiple TP-Link router models including TL-WR841N v11, TL-WR842ND v2, and TL-WR494N v3, caused by missing input validation in /userRpm/WlanNetworkRpm.htm. An unauthenticated remote attacker can exploit this to crash the web service and cause a denial-of-service condition. The vulnerability has a low exploitation likelihood with EPSS score of 0.06% and affects products that are no longer supported by TP-Link.
A vulnerability in the Linux kernel's HID (Human Interface Device) core subsystem allows local attackers with low privileges to bypass input validation checks when interacting with HID devices. The flaw occurs because certain code paths directly call low-level transport driver functions instead of using the hid_hw_raw_request() function, which performs critical buffer and length validation. With an EPSS score of only 0.01% and no known exploitation in the wild, this represents a local privilege escalation risk primarily concerning systems with untrusted local users.
Memory corruption in Firefox 140 and Thunderbird 140 enables remote code execution without authentication. Mozilla confirmed multiple memory safety bugs with evidence of corruption, collectively presumed exploitable for arbitrary code execution. Fixed in Firefox 141 and Thunderbird 141. CVSS 9.8 critical severity with network-accessible attack vector requiring no user interaction. EPSS data not provided; no public exploit identified at time of analysis.
Memory corruption in Mozilla Firefox 140 and Thunderbird 140 (including ESR versions) allows remote code execution when users interact with malicious web content. Affected versions include Firefox ESR 140.0, Firefox 140, Thunderbird ESR 140.0, and Thunderbird 140. With CVSS 8.8 and requiring only user interaction (no authentication), this represents a significant threat to enterprise and consumer users. No public exploit identified at time of analysis, though Mozilla confirmed memory corruption evidence suggesting exploitability with sufficient attacker effort. Vendor-released patches available in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.
Remote code execution in Mozilla Firefox (ESR 128.12, 140.0, Firefox 140) and Thunderbird (ESR 128.12, 140.0, Thunderbird 140) allows unauthenticated remote attackers to execute arbitrary code via memory corruption vulnerabilities classified as buffer overflow (CWE-119). User interaction is required. Mozilla has released patches for all affected products (Firefox 141, ESR 128.13, ESR 140.1, Thunderbird 141, 128.13, 140.1). No public exploit identified at time of analysis, though CVSS score of 8.8 reflects high severity with complete compromise potential.
Remote code execution in Mozilla Firefox (ESR 115.x through 115.25, 128.x through 128.12, 140.0, regular 140) and Thunderbird (ESR 128.12, 140.0, regular 140) via memory safety bugs (CWE-119 buffer overflow). Attackers can execute arbitrary code by delivering crafted web content that triggers memory corruption when a user interacts with malicious pages or emails. CVSS 8.8 (High) reflects network-based attack requiring user interaction but no authentication. Vendor-released patches available: Firefox 141, Firefox ESR 115.26/128.13/140.1, Thunderbird 141/128.13/140.1. EPSS data not provided; no public exploit identified at time of analysis, though Mozilla notes evidence of memory corruption suggesting exploitability with effort.
Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggregate queries causing integrity impacts. The vulnerability stems from improper validation of aggregate terms against available columns (CWE-197), leading to buffer overflow conditions. CVSS 7.2 (High) with network attack vector but high complexity and partial attack complexity requirements. Vendor-released patch available in SQLite 3.50.2. No confirmed active exploitation (not in CISA KEV), though multiple security advisories from Siemens and OSS-security mailing lists indicate broad downstream impact across industrial control systems and embedded products using SQLite.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
A vulnerability, which was classified as critical, has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthread_cond_destroy of the component Public API. The manipulation leads to memory corruption. The exploit has been disclosed to the public and may be used.
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
CVE-2025-7603 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1, affecting the HTTP Request Handler component (/jingx.asp file). An authenticated remote attacker with high privileges can exploit this vulnerability to achieve complete compromise of the device, including code execution, data theft, and denial of service. A public proof-of-concept exploit exists, increasing real-world exploitation risk.
CVE-2025-7602 is a critical stack-based buffer overflow vulnerability in D-Link DI-8100 firmware version 16.07.26A1 affecting the /arp_sys.asp HTTP endpoint. An authenticated remote attacker with high privileges can exploit this vulnerability to achieve arbitrary code execution, potentially compromising device integrity, confidentiality, and availability. Public exploit code is available, elevating real-world risk despite the CVSS 7.2 score.
CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router (version 1.0.0.1) affecting the WiFi MAC filter configuration endpoint. An authenticated remote attacker can exploit improper input validation in the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). Public exploit code has been disclosed and the vulnerability may be actively exploited.
CVE-2025-7597 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router firmware (version 1.0.0.1) affecting the MAC filter configuration function. An authenticated attacker can remotely exploit this via the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). A public exploit has been disclosed and the vulnerability may be actively exploited.
A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
A critical buffer overflow vulnerability exists in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspApBasicConfigUrcp endpoint's Username parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. Public proof-of-concept code is available, and the vendor has not responded to early disclosure attempts, indicating no official patch is available.
CVE-2025-7570 is a critical remote buffer overflow vulnerability in UTT HiPER 840G devices up to version 3.1.1-190328, affecting the /goform/aspRemoteApConfTempSend endpoint via the remoteSrcTemp parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public exploit exists and the vendor has not responded to early disclosure, indicating active exploitation risk.
CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.
CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.
CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.
CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 wireless router firmware version 1.2.0.14(408) affecting the SafeEmailFilter function. An authenticated remote attacker can exploit an improper bounds check on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code exists for this vulnerability, elevating real-world risk significantly.
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
CVE-2025-7544 is a critical stack-based buffer overflow vulnerability in Tenda AC1206 firmware version 15.03.06.23, specifically in the formSetMacFilterCfg function accessible via the /goform/setMacFilterCfg endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the deviceList parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.
CVE-2025-7532 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the webExcptypemanFilter function. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public exploit has been disclosed and the vulnerability meets criteria for active exploitation risk.
CVE-2025-7531 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP user settings function. An authenticated remote attacker can exploit improper input validation on the 'delno' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and represents active exploitation risk.
CVE-2025-7530 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit this vulnerability by supplying a malicious Username argument to the /goform/PPTPDClient endpoint, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
CVE-2025-7529 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) that allows authenticated remote attackers to achieve complete system compromise through manipulation of the 'page' parameter in the /goform/Natlimit endpoint. With a CVSS score of 8.8, public exploit disclosure, and confirmation of active exploitation potential, this vulnerability poses significant real-world risk to deployed Tenda router installations.
CVE-2025-7528 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'dips' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit code available and meets criteria for active exploitation risk.
A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/AdvSetWan endpoint. An authenticated remote attacker can overflow the PPPOEPassword parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
CVE-2025-7506 is a critical stack-based buffer overflow vulnerability in Tenda FH451 router firmware version 1.0.0.9, exploitable via the HTTP POST parameter 'page' in the /goform/Natlimit endpoint. An authenticated remote attacker can achieve complete system compromise (code execution, data exfiltration, denial of service) without user interaction. Public exploit code is available, indicating active disclosure and likely exploitation in the wild.
CVE-2025-7505 is a critical stack-based buffer overflow vulnerability in Tenda FH451 v1.0.0.9 affecting the HTTP POST request handler's L7 protocol filter functionality. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'page' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed and the vulnerability meets CISA KEV criteria for active exploitation risk.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.
A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.
A critical buffer overflow vulnerability exists in Tenda FH1201 wireless router firmware version 1.2.0.14, located in the HTTP POST handler for wireless safety settings. An authenticated attacker can remotely exploit this vulnerability by sending a crafted request with an oversized 'mit_ssid' parameter to the /goform/AdvSetWrlsafeset endpoint, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit is available, and this vulnerability meets CISA KEV criteria for active exploitation in the wild.
CVE-2023-38036 is a critical unauthenticated buffer overflow vulnerability in Ivanti Avalanche Manager prior to version 6.4.1 that allows remote attackers to cause denial of service or achieve arbitrary code execution without authentication. With a CVSS score of 9.8 and network-based attack vector, this vulnerability has significant real-world exploitability risk and affects all organizations deploying vulnerable Avalanche Manager instances.
CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.
CVE-2025-30403 is a heap buffer overflow vulnerability in Meta's mvfst QUIC implementation that allows remote attackers without privileges to trigger memory corruption and cause denial of service or potentially read sensitive data from heap memory. The vulnerability affects mvfst versions prior to v2025.07.07.00 and requires user interaction (opening a malicious QUIC connection), with a high CVSS score of 8.1 reflecting the severity of memory safety issues, though KEV status and EPSS probability data are not currently available in public disclosures.
CVE-2025-7029 is a critical SMRAM corruption vulnerability in software SMI handlers that allows local attackers with high privileges to achieve arbitrary memory writes and potential SMM privilege escalation. The vulnerability exists in SwSmiInputValue 0xB2 handler where attacker-controlled RBX register values are used to derive unvalidated pointers for power and thermal configuration operations. This affects firmware-level security boundaries and could enable complete system compromise, though exploitation requires elevated privileges and no public exploit code or active KEV exploitation has been reported at this time.
An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart. Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved: * All versions of 21.2-EVO, * All versions of 21.4-EVO, * All versions of 22.2-EVO, * from 22.4 before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.
An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
CVE-2025-7434 is a critical stack-based buffer overflow vulnerability in Tenda FH451 wireless routers (versions up to 1.0.0.9) affecting the POST request handler for the /goform/addressNat endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to overflow the stack, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability may be actively exploited in the wild.
CVE-2025-7423 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the WiFi MAC filter functionality. An authenticated attacker can remotely exploit this vulnerability by sending a malicious macList parameter to the /goform/setWrlFilterList endpoint, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and may be actively exploited in the wild.
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.
A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 firmware version 1.0.0.12(3880) in the MAC filter modification function. An authenticated remote attacker can exploit improper input validation of the 'mac' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and demonstrates high real-world exploitability.
CVE-2025-7420 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the httpd component's WiFi configuration handler. An authenticated remote attacker can overflow the stack via the 'extChannel' parameter in the /goform/setWrlBasicInfo endpoint, achieving complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code has been disclosed and the vulnerability meets CVSS 8.8 severity criteria, indicating high real-world risk for affected router deployments.