Buffer Overflow
Monthly
Multiple memory safety bugs affecting Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR allow remote attackers to achieve arbitrary code execution through memory corruption vulnerabilities. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are confirmed affected, with evidence suggesting these memory corruption issues could be exploited under sufficient effort. The vulnerability class encompasses buffer overflow and memory safety defects that demonstrate exploitation potential, though no active public exploitation has been documented at this time.
An incorrect boundary conditions vulnerability exists in Firefox and Firefox ESR's Audio/Video component that enables information disclosure attacks. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. Attackers can exploit improper boundary validation in audio/video processing to leak sensitive information from the browser process.
A boundary condition vulnerability combined with an integer overflow flaw exists in the Graphics component of Mozilla Firefox, affecting Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. This vulnerability could allow an attacker to trigger a buffer overflow through specially crafted graphics data, potentially leading to memory corruption and arbitrary code execution. While no CVSS score or EPSS data is currently available, the Mozilla security advisories confirm the vulnerability affects multiple product lines across different release channels.
A sandbox escape vulnerability exists in Mozilla Firefox due to incorrect boundary conditions and integer overflow within the XPCOM component, allowing attackers to break out of the browser's security sandbox and potentially execute arbitrary code with elevated privileges. Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9 are affected. An attacker capable of triggering the integer overflow in XPCOM can exploit the boundary condition flaw to escape the sandbox, potentially leading to full system compromise depending on browser privilege level and operating system context.
A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system.
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Local buffer overflow in River Past Cam Do 3.7.6's activation code field enables arbitrary code execution with SYSTEM privileges through specially crafted 608-byte input followed by shellcode and SEH chain overwrite. While exploitation requires local access and a publicly available exploit exists (Exploit-DB 46670), EPSS score of 0.01% indicates minimal real-world exploitation activity. The vulnerability affects a legacy multimedia application with no confirmed vendor patch, making it primarily relevant for environments still running this discontinued software.
Memory corruption through out-of-bounds writes in Android-ImageMagick7 prior to version 7.1.2-11 enables local attackers to achieve arbitrary code execution with user interaction. The vulnerability affects Google's implementation of ImageMagick and carries a CVSS score of 7.8, indicating high severity with complete confidentiality, integrity, and availability impact. A patch is available for affected users.
Android-ImageMagick7 versions prior to 7.1.2-11 are vulnerable to integer overflow that allows local attackers with user interaction to cause a denial of service condition. The vulnerability requires local access and user interaction to trigger, making it a lower-risk but still exploitable flaw in image processing operations. A patch is available for affected installations.
Memory corruption through out-of-bounds write in Android-ImageMagick7 before version 7.1.2-10 enables remote code execution when a user processes a malicious image file. An attacker can exploit this vulnerability over the network without authentication to achieve complete system compromise including data theft, modification, and denial of service. A patch is available for affected Android devices running vulnerable versions of the ImageMagick library.
This is a memory buffer boundary restriction vulnerability (buffer overflow) in LinkingVision RapidVMS that allows an attacker with local access to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of RapidVMS prior to PR#96 and has been patched by the vendor via GitHub pull request #98. While the CVSS score is 7.8 (high severity), the local attack vector and required user interaction reduce the immediate remote exploitation risk, and there is no evidence of active exploitation or public proof-of-concept at this time.
RapidVMS before PR#96 contains a buffer overflow vulnerability that allows unauthenticated remote attackers to achieve code execution, data theft, or system compromise with minimal user interaction. The flaw stems from improper memory bounds checking and carries a high CVSS score of 8.8 with network-based attack vectors. A patch is available to address this critical memory safety issue.
RapidVMS before patch PR#96 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication or user interaction. The high CVSS score (8.8) reflects the critical nature of this network-accessible flaw affecting confidentiality, integrity, and availability of affected systems. A patch is available and should be prioritized immediately given the severe exploitation potential.
Buffer overflow in doslib versions prior to 20250729 allows local attackers with user interaction to achieve full system compromise including code execution, data theft, and denial of service. The vulnerability requires local access and user interaction to trigger, but once exploited grants complete control over affected systems.
WujekFoliarz DualSenseY-v2 versions prior to 54 contain an out-of-bounds write vulnerability that allows local attackers with user interaction to achieve arbitrary code execution with full system compromise. The CVSS 7.8 rating reflects the high impact on confidentiality, integrity, and availability through memory corruption exploitation. A patch is available for affected users to mitigate this local privilege escalation risk.
RetroDebugger versions before 0.64.72 contain an out-of-bounds read vulnerability that allows remote attackers to cause denial of service and potentially disclose sensitive information without authentication or user interaction. The network-accessible vulnerability has a CVSS score of 9.1 and a patch is available.
Out-of-bounds read in woof before version 15.3.0 allows remote attackers to trigger information disclosure and denial of service without authentication or user interaction. This critical vulnerability affects Debian systems and can be exploited over the network to leak sensitive data or crash the application. A patch is available and should be applied immediately.
Out-of-bounds write vulnerability in Proton versions before 1.6.16 allows remote attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the inflate.C module within the base/poco/Foundation components and can be exploited over the network without authentication or user interaction. A patch is available to remediate this critical flaw.
Out-of-bounds read vulnerability in Notepad3's Oniguruma regex engine (regcomp.C) allows local attackers with user interaction to trigger memory disclosure or potential code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions before 6.25.714.1 and has a critical CVSS score of 9.3. A patch is available and users should update immediately.
Integer overflow in the Expat XML parser module within InsightSoftwareConsortium ITK before version 2.7.1 allows remote attackers to cause denial of service or potentially execute arbitrary code through specially crafted XML input. The vulnerability affects all users of vulnerable ITK versions and requires only network access and user interaction to exploit. A patch is available in ITK 2.7.1 and later.
A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers to achieve arbitrary code execution or cause denial of service through specially crafted compressed data. The vulnerability requires user interaction to trigger but has a network attack vector with no authentication needed. A patch is available and should be applied immediately to affected GDAL installations.
A buffer overflow vulnerability in Modizer before v4.3 allows remote attackers to execute arbitrary code with high privileges by sending specially crafted input that bypasses memory boundary restrictions in the IMAP module. The network-accessible flaw requires minimal user interaction and affects the integrated libopenmpt curl library. A patch is available and should be applied immediately given the critical severity and confirmed attack vector.
Out-of-bounds read in Furnace before version 0.7 allows local attackers to read sensitive memory contents through a crafted FLAC file processed by the modified libsndfile module. This vulnerability could enable information disclosure or potentially facilitate further exploitation of the audio processing application.
Integer overflow in ART's rtengine dcraw.C module before version 1.25.12 allows local attackers with user interaction to achieve high-impact compromise of confidentiality, integrity, and availability. This vulnerability requires local access and user interaction to trigger, making it exploitable primarily through malicious image files or project files opened by victims.
Mod_gnutls, a TLS module for Apache HTTPD, contains a stack-based buffer overflow vulnerability in its client certificate verification code. Versions prior to 0.12.3 and 0.13.0 fail to validate the length of client-provided certificate chains before writing pointers to a fixed-size array, typically causing segmentation faults (denial of service) and theoretically enabling stack corruption. Only configurations explicitly requiring client certificate verification are affected; default configurations using 'GnuTLSClientVerify ignore' are not vulnerable.
Out-of-bounds memory write in Google Chrome's font handling prior to version 146.0.7680.165 enables remote code execution when users visit malicious HTML pages. An unauthenticated attacker can exploit an integer overflow vulnerability to achieve complete system compromise with high integrity and confidentiality impact. Patches are available for Chrome and affected Debian systems.
This vulnerability is an out-of-bounds memory read flaw in the WebAudio API implementation within Google Chrome prior to version 146.0.7680.165. A remote attacker can craft a malicious HTML page to trigger the vulnerability and read sensitive memory contents, leading to information disclosure. Although no CVSS score or EPSS data is provided, the Chromium security severity is rated as High, and the vulnerability affects all users of vulnerable Chrome versions until patching.
Google Chrome's WebGL implementation contains a heap buffer overflow that enables remote attackers to read arbitrary memory by serving a specially crafted HTML page to users prior to version 146.0.7680.165. This network-based vulnerability requires only user interaction and affects Chrome on all platforms, granting attackers access to sensitive data in the browser's memory. A patch is available and should be applied immediately given the high severity and potential for exploitation.
Out of bounds memory read in Google Chrome's CSS parser prior to version 146.0.7680.165 allows remote attackers to access sensitive memory contents through a malicious HTML page. The vulnerability requires user interaction and affects Chrome on multiple platforms including Debian systems, enabling attackers to potentially leak confidential data with high impact on confidentiality and integrity.
Unauthenticated remote attackers can exploit a heap buffer overflow in Google Chrome's WebAudio component (versions prior to 146.0.7680.165) by hosting malicious HTML pages that trigger out-of-bounds memory writes. This vulnerability enables arbitrary code execution with full system compromise potential. A patch is available from Google and Debian.
Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an integer overflow in the `ggml_nbytes` function, causing heap buffer overflow during tensor processing. An attacker can bypass memory validation by specifying tensor dimensions that cause the size calculation to underflow dramatically, allowing memory corruption and potential code execution. The vulnerability affects Debian and other systems running vulnerable versions of llama.cpp, with no patch currently available.
FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. No CVSS score, EPSS data, or public exploitation confirmation is currently available, but the vulnerabilities are documented in Savannah bug reports with clear technical details.
A security vulnerability in An incomplete fix for CVE-2024-47778 (CVSS 5.1) that allows an out-of-bounds read. Remediation should follow standard vulnerability management procedures.
An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.
A specially crafted XCOFF object file can trigger an out-of-bounds memory read in the GNU Binutils BFD library due to improper validation of relocation type values. This affects Red Hat Enterprise Linux versions 6 through 10 and Red Hat OpenShift Container Platform 4, potentially allowing local attackers with user interaction to crash affected tools or disclose sensitive memory contents. While not currently listed in CISA KEV as actively exploited, the vulnerability is tracked across Red Hat, Sourceware, and Bugzilla with upstream references indicating visibility and likely patch development.
Stack-based buffer overflow in Tenda A15 router firmware version 15.13.07.13 allows unauthenticated remote attackers to achieve complete system compromise through a malicious file upload to the UploadCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with trivial complexity.
Stack-based buffer overflow in Belkin F9K1122 firmware version 1.00.33 allows authenticated remote attackers to achieve complete system compromise through manipulation of the webpage parameter in the formWISP5G function. Public exploit code exists for this vulnerability and the vendor has not provided patches or responded to disclosure attempts. An attacker with network access can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).
Buffer overflow in Tenda AC21 firmware version 16.03.08.16 allows authenticated remote attackers to achieve complete system compromise through crafted QoS configuration requests to the SetNetControlList endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).
XnSoft NConvert version 7.230 contains a stack buffer overflow vulnerability triggered by specially crafted TIFF files, allowing an attacker to overwrite stack memory and potentially execute arbitrary code or cause denial of service. The vulnerability affects the image conversion functionality of NConvert, a widely-used command-line image conversion tool. A proof-of-concept exploit has been documented on GitHub (PassMoon/Nconvert_Vul), indicating public awareness and potential active exploitation risk.
Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.
Tenda F453 1.0.0.3 contains a stack-based buffer overflow in the Natlimit parameter handler that allows authenticated remote attackers to achieve full system compromise through a malicious page argument. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow to execute arbitrary code with high integrity and confidentiality impact.
Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access can execute arbitrary code with high impact on confidentiality, integrity, and availability.
Tenda F453 version 1.0.0.3 contains a stack-based buffer overflow in the SafeClientFilter parameter handler that allows authenticated remote attackers to execute arbitrary code by manipulating the manufacturer/Go argument. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field.
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field.
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values.
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers.
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename.
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files.
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string.
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field.
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers with valid credentials to execute arbitrary code with full system privileges.
Stack overflow in Tenda FH451 firmware version 1.0.0.9 allows authenticated remote attackers to execute arbitrary code through improper input validation in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires network access and valid credentials but can completely compromise the affected device's confidentiality, integrity, and availability.
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in D-Link DHP-1320 PowerLine AV adapter (firmware 1.00WWB04) allows remote authenticated attackers to execute arbitrary code with full device control via malformed SOAP requests to the redirect_count_down_page function. Publicly available exploit code exists on GitHub (confirmed by VulDB). EPSS score of 0.04% (14th percentile) indicates low observed exploitation in the wild despite POC availability. Product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices.
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.
A malformed H.265 PPS (Picture Parameter Set) NAL unit in libde265 prior to version 1.0.17 triggers a segmentation fault in the pic_parameter_set::set_derived_values() function, causing denial of service. Any application using affected versions of libde265 to decode H.265 video streams is vulnerable to crash via specially crafted video files or streams. The vulnerability has been patched in version 1.0.17, and a GitHub security advisory documents the issue.
A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
Multiple memory safety bugs affecting Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR allow remote attackers to achieve arbitrary code execution through memory corruption vulnerabilities. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are confirmed affected, with evidence suggesting these memory corruption issues could be exploited under sufficient effort. The vulnerability class encompasses buffer overflow and memory safety defects that demonstrate exploitation potential, though no active public exploitation has been documented at this time.
An incorrect boundary conditions vulnerability exists in Firefox and Firefox ESR's Audio/Video component that enables information disclosure attacks. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. Attackers can exploit improper boundary validation in audio/video processing to leak sensitive information from the browser process.
A boundary condition vulnerability combined with an integer overflow flaw exists in the Graphics component of Mozilla Firefox, affecting Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. This vulnerability could allow an attacker to trigger a buffer overflow through specially crafted graphics data, potentially leading to memory corruption and arbitrary code execution. While no CVSS score or EPSS data is currently available, the Mozilla security advisories confirm the vulnerability affects multiple product lines across different release channels.
A sandbox escape vulnerability exists in Mozilla Firefox due to incorrect boundary conditions and integer overflow within the XPCOM component, allowing attackers to break out of the browser's security sandbox and potentially execute arbitrary code with elevated privileges. Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9 are affected. An attacker capable of triggering the integer overflow in XPCOM can exploit the boundary condition flaw to escape the sandbox, potentially leading to full system compromise depending on browser privilege level and operating system context.
A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system.
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Local buffer overflow in River Past Cam Do 3.7.6's activation code field enables arbitrary code execution with SYSTEM privileges through specially crafted 608-byte input followed by shellcode and SEH chain overwrite. While exploitation requires local access and a publicly available exploit exists (Exploit-DB 46670), EPSS score of 0.01% indicates minimal real-world exploitation activity. The vulnerability affects a legacy multimedia application with no confirmed vendor patch, making it primarily relevant for environments still running this discontinued software.
Memory corruption through out-of-bounds writes in Android-ImageMagick7 prior to version 7.1.2-11 enables local attackers to achieve arbitrary code execution with user interaction. The vulnerability affects Google's implementation of ImageMagick and carries a CVSS score of 7.8, indicating high severity with complete confidentiality, integrity, and availability impact. A patch is available for affected users.
Android-ImageMagick7 versions prior to 7.1.2-11 are vulnerable to integer overflow that allows local attackers with user interaction to cause a denial of service condition. The vulnerability requires local access and user interaction to trigger, making it a lower-risk but still exploitable flaw in image processing operations. A patch is available for affected installations.
Memory corruption through out-of-bounds write in Android-ImageMagick7 before version 7.1.2-10 enables remote code execution when a user processes a malicious image file. An attacker can exploit this vulnerability over the network without authentication to achieve complete system compromise including data theft, modification, and denial of service. A patch is available for affected Android devices running vulnerable versions of the ImageMagick library.
This is a memory buffer boundary restriction vulnerability (buffer overflow) in LinkingVision RapidVMS that allows an attacker with local access to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of RapidVMS prior to PR#96 and has been patched by the vendor via GitHub pull request #98. While the CVSS score is 7.8 (high severity), the local attack vector and required user interaction reduce the immediate remote exploitation risk, and there is no evidence of active exploitation or public proof-of-concept at this time.
RapidVMS before PR#96 contains a buffer overflow vulnerability that allows unauthenticated remote attackers to achieve code execution, data theft, or system compromise with minimal user interaction. The flaw stems from improper memory bounds checking and carries a high CVSS score of 8.8 with network-based attack vectors. A patch is available to address this critical memory safety issue.
RapidVMS before patch PR#96 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication or user interaction. The high CVSS score (8.8) reflects the critical nature of this network-accessible flaw affecting confidentiality, integrity, and availability of affected systems. A patch is available and should be prioritized immediately given the severe exploitation potential.
Buffer overflow in doslib versions prior to 20250729 allows local attackers with user interaction to achieve full system compromise including code execution, data theft, and denial of service. The vulnerability requires local access and user interaction to trigger, but once exploited grants complete control over affected systems.
WujekFoliarz DualSenseY-v2 versions prior to 54 contain an out-of-bounds write vulnerability that allows local attackers with user interaction to achieve arbitrary code execution with full system compromise. The CVSS 7.8 rating reflects the high impact on confidentiality, integrity, and availability through memory corruption exploitation. A patch is available for affected users to mitigate this local privilege escalation risk.
RetroDebugger versions before 0.64.72 contain an out-of-bounds read vulnerability that allows remote attackers to cause denial of service and potentially disclose sensitive information without authentication or user interaction. The network-accessible vulnerability has a CVSS score of 9.1 and a patch is available.
Out-of-bounds read in woof before version 15.3.0 allows remote attackers to trigger information disclosure and denial of service without authentication or user interaction. This critical vulnerability affects Debian systems and can be exploited over the network to leak sensitive data or crash the application. A patch is available and should be applied immediately.
Out-of-bounds write vulnerability in Proton versions before 1.6.16 allows remote attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the inflate.C module within the base/poco/Foundation components and can be exploited over the network without authentication or user interaction. A patch is available to remediate this critical flaw.
Out-of-bounds read vulnerability in Notepad3's Oniguruma regex engine (regcomp.C) allows local attackers with user interaction to trigger memory disclosure or potential code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions before 6.25.714.1 and has a critical CVSS score of 9.3. A patch is available and users should update immediately.
Integer overflow in the Expat XML parser module within InsightSoftwareConsortium ITK before version 2.7.1 allows remote attackers to cause denial of service or potentially execute arbitrary code through specially crafted XML input. The vulnerability affects all users of vulnerable ITK versions and requires only network access and user interaction to exploit. A patch is available in ITK 2.7.1 and later.
A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers to achieve arbitrary code execution or cause denial of service through specially crafted compressed data. The vulnerability requires user interaction to trigger but has a network attack vector with no authentication needed. A patch is available and should be applied immediately to affected GDAL installations.
A buffer overflow vulnerability in Modizer before v4.3 allows remote attackers to execute arbitrary code with high privileges by sending specially crafted input that bypasses memory boundary restrictions in the IMAP module. The network-accessible flaw requires minimal user interaction and affects the integrated libopenmpt curl library. A patch is available and should be applied immediately given the critical severity and confirmed attack vector.
Out-of-bounds read in Furnace before version 0.7 allows local attackers to read sensitive memory contents through a crafted FLAC file processed by the modified libsndfile module. This vulnerability could enable information disclosure or potentially facilitate further exploitation of the audio processing application.
Integer overflow in ART's rtengine dcraw.C module before version 1.25.12 allows local attackers with user interaction to achieve high-impact compromise of confidentiality, integrity, and availability. This vulnerability requires local access and user interaction to trigger, making it exploitable primarily through malicious image files or project files opened by victims.
Mod_gnutls, a TLS module for Apache HTTPD, contains a stack-based buffer overflow vulnerability in its client certificate verification code. Versions prior to 0.12.3 and 0.13.0 fail to validate the length of client-provided certificate chains before writing pointers to a fixed-size array, typically causing segmentation faults (denial of service) and theoretically enabling stack corruption. Only configurations explicitly requiring client certificate verification are affected; default configurations using 'GnuTLSClientVerify ignore' are not vulnerable.
Out-of-bounds memory write in Google Chrome's font handling prior to version 146.0.7680.165 enables remote code execution when users visit malicious HTML pages. An unauthenticated attacker can exploit an integer overflow vulnerability to achieve complete system compromise with high integrity and confidentiality impact. Patches are available for Chrome and affected Debian systems.
This vulnerability is an out-of-bounds memory read flaw in the WebAudio API implementation within Google Chrome prior to version 146.0.7680.165. A remote attacker can craft a malicious HTML page to trigger the vulnerability and read sensitive memory contents, leading to information disclosure. Although no CVSS score or EPSS data is provided, the Chromium security severity is rated as High, and the vulnerability affects all users of vulnerable Chrome versions until patching.
Google Chrome's WebGL implementation contains a heap buffer overflow that enables remote attackers to read arbitrary memory by serving a specially crafted HTML page to users prior to version 146.0.7680.165. This network-based vulnerability requires only user interaction and affects Chrome on all platforms, granting attackers access to sensitive data in the browser's memory. A patch is available and should be applied immediately given the high severity and potential for exploitation.
Out of bounds memory read in Google Chrome's CSS parser prior to version 146.0.7680.165 allows remote attackers to access sensitive memory contents through a malicious HTML page. The vulnerability requires user interaction and affects Chrome on multiple platforms including Debian systems, enabling attackers to potentially leak confidential data with high impact on confidentiality and integrity.
Unauthenticated remote attackers can exploit a heap buffer overflow in Google Chrome's WebAudio component (versions prior to 146.0.7680.165) by hosting malicious HTML pages that trigger out-of-bounds memory writes. This vulnerability enables arbitrary code execution with full system compromise potential. A patch is available from Google and Debian.
Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an integer overflow in the `ggml_nbytes` function, causing heap buffer overflow during tensor processing. An attacker can bypass memory validation by specifying tensor dimensions that cause the size calculation to underflow dramatically, allowing memory corruption and potential code execution. The vulnerability affects Debian and other systems running vulnerable versions of llama.cpp, with no patch currently available.
FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. No CVSS score, EPSS data, or public exploitation confirmation is currently available, but the vulnerabilities are documented in Savannah bug reports with clear technical details.
A security vulnerability in An incomplete fix for CVE-2024-47778 (CVSS 5.1) that allows an out-of-bounds read. Remediation should follow standard vulnerability management procedures.
An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.
A specially crafted XCOFF object file can trigger an out-of-bounds memory read in the GNU Binutils BFD library due to improper validation of relocation type values. This affects Red Hat Enterprise Linux versions 6 through 10 and Red Hat OpenShift Container Platform 4, potentially allowing local attackers with user interaction to crash affected tools or disclose sensitive memory contents. While not currently listed in CISA KEV as actively exploited, the vulnerability is tracked across Red Hat, Sourceware, and Bugzilla with upstream references indicating visibility and likely patch development.
Stack-based buffer overflow in Tenda A15 router firmware version 15.13.07.13 allows unauthenticated remote attackers to achieve complete system compromise through a malicious file upload to the UploadCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with trivial complexity.
Stack-based buffer overflow in Belkin F9K1122 firmware version 1.00.33 allows authenticated remote attackers to achieve complete system compromise through manipulation of the webpage parameter in the formWISP5G function. Public exploit code exists for this vulnerability and the vendor has not provided patches or responded to disclosure attempts. An attacker with network access can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).
Buffer overflow in Tenda AC21 firmware version 16.03.08.16 allows authenticated remote attackers to achieve complete system compromise through crafted QoS configuration requests to the SetNetControlList endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).
XnSoft NConvert version 7.230 contains a stack buffer overflow vulnerability triggered by specially crafted TIFF files, allowing an attacker to overwrite stack memory and potentially execute arbitrary code or cause denial of service. The vulnerability affects the image conversion functionality of NConvert, a widely-used command-line image conversion tool. A proof-of-concept exploit has been documented on GitHub (PassMoon/Nconvert_Vul), indicating public awareness and potential active exploitation risk.
Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.
Tenda F453 1.0.0.3 contains a stack-based buffer overflow in the Natlimit parameter handler that allows authenticated remote attackers to achieve full system compromise through a malicious page argument. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow to execute arbitrary code with high integrity and confidentiality impact.
Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access can execute arbitrary code with high impact on confidentiality, integrity, and availability.
Tenda F453 version 1.0.0.3 contains a stack-based buffer overflow in the SafeClientFilter parameter handler that allows authenticated remote attackers to execute arbitrary code by manipulating the manufacturer/Go argument. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field.
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field.
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values.
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers.
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename.
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files.
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string.
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field.
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers with valid credentials to execute arbitrary code with full system privileges.
Stack overflow in Tenda FH451 firmware version 1.0.0.9 allows authenticated remote attackers to execute arbitrary code through improper input validation in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires network access and valid credentials but can completely compromise the affected device's confidentiality, integrity, and availability.
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in D-Link DHP-1320 PowerLine AV adapter (firmware 1.00WWB04) allows remote authenticated attackers to execute arbitrary code with full device control via malformed SOAP requests to the redirect_count_down_page function. Publicly available exploit code exists on GitHub (confirmed by VulDB). EPSS score of 0.04% (14th percentile) indicates low observed exploitation in the wild despite POC availability. Product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices.
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.
A malformed H.265 PPS (Picture Parameter Set) NAL unit in libde265 prior to version 1.0.17 triggers a segmentation fault in the pic_parameter_set::set_derived_values() function, causing denial of service. Any application using affected versions of libde265 to decode H.265 video streams is vulnerable to crash via specially crafted video files or streams. The vulnerability has been patched in version 1.0.17, and a GitHub security advisory documents the issue.
A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.