Buffer Overflow

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.

Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request.

A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument NewDefaultConnectionService leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.

Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26985.

CVE-2025-6660 is a heap-based buffer overflow vulnerability in PDF-XChange Editor's GIF file parsing engine that enables remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious GIF files or visit compromised web pages hosting malicious GIFs, requiring user interaction for exploitation. The flaw stems from inadequate validation of user-supplied data lengths before copying to fixed-length buffers, allowing attackers to overwrite heap memory and execute arbitrary code in the application's context.

CVE-2025-6659 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that allows remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects PDF-XChange Editor users who open malicious PRC files or visit compromised websites, requiring user interaction but no special privileges. While the vulnerability demonstrates significant local exploitation potential, real-world risk depends on KEV/CISA status, EPSS probability data, and proof-of-concept availability, which would indicate active threat actor interest.

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26733.

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26732.

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26731.

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26730.

CVE-2025-6654 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that enables remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor installations when users open malicious PRC files or visit compromised web pages, allowing attackers to execute arbitrary code in the application's context. The vulnerability (formerly tracked as ZDI-CAN-26729) requires user interaction but poses significant risk due to the ubiquity of PDF applications and the high impact of code execution.

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26726.

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26724.

CVE-2025-6651 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's JP2 image file parser that allows remote code execution when a user opens a malicious PDF or visits a malicious webpage containing an embedded JP2 file. The vulnerability (CVSS 7.8, formerly ZDI-CAN-26713) requires user interaction but results in arbitrary code execution with full process privileges. No public exploit code availability or active KEV status has been confirmed at this time, though the high CVSS and straightforward attack vector (local file opening) suggest meaningful real-world risk.

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26712.

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26709.

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26671.

CVE-2025-6647 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's U3D file parsing engine that enables remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects users who open malicious PDF files or embedded U3D objects, requiring only user interaction to exploit. This is a memory corruption flaw in a widely-used PDF editor with moderate attack complexity, making it a practical threat to enterprise environments handling untrusted documents.

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26532.

CVE-2025-6642 is a critical out-of-bounds read vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with user interaction. The vulnerability affects PDF-XChange Editor across multiple versions and stems from improper validation of U3D file data structures, enabling attackers to read beyond allocated memory boundaries and execute arbitrary code in the application's context. While this vulnerability currently shows a CVSS 7.8 score indicating high severity, real-world exploitation requires user interaction (opening a malicious PDF or visiting a malicious page), moderating immediate organizational risk.

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26528.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-5830 is a heap-based buffer overflow vulnerability in Autel MaxiCharger AC Wallbox Commercial EV chargers affecting the DLB_SlaveRegister message handler. Network-adjacent attackers can execute arbitrary code without authentication due to insufficient input validation on user-supplied data length before copying to a fixed-length buffer. This is a critical vulnerability affecting critical infrastructure (EV charging stations) with a CVSS score of 8.8 and high real-world exploitability due to the unauthenticated, network-adjacent attack vector.

Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JSON messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26330.

Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of USB frame packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26328.

CVE-2025-5827 is a stack-based buffer overflow vulnerability in the ble_process_esp32_msg function of Autel MaxiCharger AC Wallbox Commercial EV chargers that allows unauthenticated, network-adjacent attackers to execute arbitrary code with high impact. The vulnerability results from insufficient validation of user-supplied data length before copying to a fixed-size stack buffer, affecting commercial EV charging infrastructure without requiring authentication or user interaction.

CVE-2025-6617 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the /goform/formAdvanceSetup endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'webpage' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impacts). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

A stack-based buffer overflow vulnerability exists in D-Link DIR-619L firmware version 2.06B01, affecting the formSetWAN_Wizard51 function's handling of the curTime parameter. An authenticated attacker can exploit this remotely to achieve complete system compromise (confidentiality, integrity, and availability), and the exploit has been publicly disclosed with no vendor patches available since the product is end-of-life.

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

CVE-2025-6615 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the formAutoDetecWAN_wizard4 function. An authenticated remote attacker can exploit improper handling of the 'curTime' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

CVE-2025-6614 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the WAN configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the 'curTime' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e. It has been rated as problematic. Affected by this issue is the function qcow_make_empty of the file qCUDA/qcu-device/block/qcow.c. The manipulation of the argument s->l1_size leads to integer overflow. The attack needs to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CVE-2024-51979 is a stack-based buffer overflow vulnerability affecting authenticated users of printing and web services that process malformed HTTP/HTTPS requests with oversized Referer headers. An authenticated attacker with high privileges can exploit this flaw by sending a specially crafted request containing an empty Origin header and a Referer header with a host value exceeding 64 bytes, potentially achieving remote code execution or denial of service. The vulnerability affects services on TCP ports 80 (HTTP), 443 (HTTPS), and 631 (IPP/printing protocol), with a CVSS 7.2 score indicating high severity, though exploitation requires prior authentication.

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-5318 is an out-of-bounds read vulnerability in libssh versions before 0.11.2 caused by an incorrect comparison check in the sftp_handle function that allows authenticated remote attackers to access memory beyond the valid handle list and retrieve invalid pointers for further processing. This vulnerability enables exposure of sensitive information or denial of service, with a CVSS score of 8.1 indicating high severity. The vulnerability requires authentication and network access but has high confidentiality and availability impact.

A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6565 is a critical stack-based buffer overflow vulnerability in Netgear WNCE3001 v1.0.0.50 affecting the HTTP POST request handler's Host parameter processing. An authenticated attacker can remotely exploit this to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploitation code exists, elevating immediate risk.

CVE-2025-6436 is a collection of memory safety vulnerabilities in Firefox and Thunderbird versions 139 that demonstrate evidence of memory corruption with potential for arbitrary code execution. The vulnerability affects Firefox < 140 and Thunderbird < 140, and requires network access but moderate attack complexity. While no active exploitation in the wild has been confirmed, the high CVSS score of 8.1 and memory corruption evidence indicate this is a critical patch requiring immediate deployment.

CVE-2025-52568 is a critical memory safety vulnerability in NeKernal (an open-source OS stack) prior to version 0.0.3 that enables memory corruption, disk image corruption, denial of service, and potential code execution through unchecked memory operations and unsafe typecasting. The vulnerability is remotely exploitable with no authentication or user interaction required (CVSS 8.8, AV:N/AC:L). All users running NeKernal versions before 0.0.3 are affected and should immediately upgrade to the patched version.

CVE-2025-52566 is a signed vs. unsigned integer overflow vulnerability in llama.cpp's tokenizer (llama_vocab::tokenize function) that enables heap buffer overflow during text tokenization. This affects all versions of llama.cpp prior to b5721, and attackers can trigger the vulnerability with specially crafted text input during the inference process, potentially achieving code execution with high confidentiality, integrity, and availability impact. The vulnerability requires local access and user interaction but has a high CVSS score of 8.6; KEV status and active exploitation data are not currently available, but the patch exists in version b5721.

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-6511 is a critical stack-based buffer overflow vulnerability in Netgear EX6150 (version 1.0.0.46_1.0.76) affecting the sub_410090 function, allowing authenticated attackers to achieve remote code execution with high integrity, confidentiality, and availability impact. The vulnerability is publicly disclosed with proof-of-concept code available, and impacts only end-of-life products no longer receiving vendor support, elevating real-world exploitation risk for unpatched legacy deployments.

CVE-2025-6510 is a critical stack-based buffer overflow vulnerability in Netgear EX6100 WiFi extender (version 1.0.2.28_1.1.138) affecting the sub_415EF8 function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with high integrity and availability impact. The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

CVE-2025-52939 is an out-of-bounds write vulnerability in the Lua interpreter modules (ldebug.c, lvm.c) bundled with NotepadNext through version 0.11, allowing local attackers without privileges to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. With a CVSS score of 9.4 and local attack vector requiring no user interaction, this represents a critical local privilege escalation and code execution risk; KEV status and active exploitation data are not confirmed in available intelligence, but the high CVSS and presence of affected interpreter code suggest this warrants immediate patching.

Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects NotepadNext: through v0.11. The singlevar() in lparser.c lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.

CVE-2025-6487 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B20200824.0128, affecting the formRoute function's subnet parameter processing. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be treated as actively exploitable.

CVE-2025-6486 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B20200824.0128, affecting the formWlanMultipleAP function. An authenticated remote attacker can exploit this via manipulation of the 'submit-url' parameter to achieve code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, increasing real-world exploitation risk.

CVE-2025-6402 is a critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the IPv6 setup HTTP POST handler. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code exists for this vulnerability, increasing real-world exploitation risk.

CVE-2025-6400 is a critical buffer overflow vulnerability in TOTOLINK N300RH router firmware version 6.1c.1390_B20191101, exploitable via HTTP POST requests to the /boafrm/formPortFw endpoint through manipulation of the service_type parameter. An authenticated attacker can remotely trigger this vulnerability to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk due to disclosed POC and remote exploitability from an authenticated state.

CVE-2025-6399 is a critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formIPv6Addr endpoint. An authenticated attacker can exploit the improper handling of the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability is likely to see active exploitation given its criticality and ease of exploitation.

CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting models A702R, A3002R, A3002RU, and EX1200T across multiple firmware versions. An authenticated attacker can exploit this vulnerability by manipulating the 'submit-url' parameter in requests to /boafrm/formIPv6Addr to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The exploit has been publicly disclosed and may be actively exploited in the wild.

CVE-2025-6374 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01, affecting the formSetACLFilter function's curTime parameter. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. Public exploit code exists for this end-of-life product, making it an immediate concern for organizations still operating legacy D-Link equipment.

A remote code execution vulnerability (CVSS 7.5) that allows network-adjacent attackers. High severity vulnerability requiring prompt remediation. Vendor patch is available.

A remote code execution vulnerability (CVSS 7.5) that allows network-adjacent attackers. High severity vulnerability requiring prompt remediation. Vendor patch is available.

CVE-2025-6373 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the formSetWizard1 function via the /goform/formWlSiteSurvey endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'curTime' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the affected product is end-of-life with no vendor support.

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-6371 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01 affecting the formSetEnableWizard function. An authenticated remote attacker can exploit this vulnerability by manipulating the 'curTime' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation has been publicly disclosed with proof-of-concept available, and this vulnerability only affects end-of-life products no longer receiving vendor support.

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-6369 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L v2.06B01 affecting the /goform/formdumpeasysetup endpoint. An authenticated remote attacker can exploit improper input validation of the curTime or config.save_network_enabled parameters to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the affected product is end-of-life with no vendor support available.

A critical stack-based buffer overflow vulnerability exists in D-Link DIR-619L firmware version 2.06B01, affecting the formSetEmail function via the curTime and config.smtp_email_subject parameters. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code has been disclosed, and the affected product is end-of-life with no vendor support available.

CVE-2025-6367 is a critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01, affecting the /goform/formSetDomainFilter endpoint. An authenticated remote attacker can exploit improper input validation on the curTime, sched_name_%d, and url_%d parameters to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and affects end-of-life hardware no longer receiving vendor support.

A remote code execution vulnerability in COROS PACE 3 (CVSS 9.1). Risk factors: public PoC available.

CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.0-B20230809.1615 and 4.0.0-B20230531.1404. An authenticated attacker can exploit the 'submit-url' parameter in the /boafrm/formTmultiAP HTTP POST handler to achieve remote code execution with complete system compromise (confidentiality, integrity, and availability). Public exploit code exists and the vulnerability is exploitable over the network with low complexity.

CVE-2025-6336 is a critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter in the /boafrm/formTmultiAP endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability has been disclosed; exploitation requires valid credentials but no user interaction.

CVE-2025-6334 is a critical stack-based buffer overflow vulnerability in D-Link DIR-867 1.0 routers, affecting the Query String Handler's strncpy function implementation. Remote attackers with low privileges can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has documented public exploits available, affects end-of-life hardware no longer receiving vendor support, and carries a high CVSS 3.1 score of 8.8.

A critical stack-based buffer overflow vulnerability exists in D-Link DIR-815 firmware version 1.01 within the hedwig.cgi module (function sub_403794), allowing remote attackers with low privilege access to execute arbitrary code with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability may be actively exploited in the wild, making this a high-priority remediation target.

Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash

CVE-2025-6302 is a critical stack-based buffer overflow vulnerability in TOTOLINK EX1200T router firmware version 4.1.2cu.5232_B20210713, specifically in the setStaticDhcpConfig function of /cgi-bin/cstecgi.cgi. An authenticated attacker can exploit this by sending a malicious Comment parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this actively exploitable.

CVE-2025-6292 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 routers (version 2.03 and potentially others) that allows authenticated attackers to execute arbitrary code remotely via malformed HTTP POST requests to the vulnerable HTTP POST Request Handler function. The vulnerability affects end-of-life products no longer receiving security updates from D-Link, and public exploit code has been disclosed, increasing real-world exploitation risk despite requiring valid credentials.

CVE-2025-6291 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 firmware version 2.03, exploitable via HTTP POST requests to the do_file function. An authenticated attacker can achieve complete system compromise (confidentiality, integrity, and availability violations) remotely without user interaction. Public exploit code exists and the affected product is end-of-life with no vendor support, elevating real-world risk despite authentication requirement.

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

High-severity integer overflow vulnerability in the V8 JavaScript engine within Google Chrome that enables out-of-bounds memory access through a maliciously crafted HTML page. The vulnerability affects Chrome versions prior to 137.0.7151.119 and requires only user interaction (clicking a link, visiting a page) with no special privileges needed. Successful exploitation allows attackers to read sensitive data, modify content, or crash the browser with a CVSS score of 8.8.

A remote code execution vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .

Cloudflare quiche, a QUIC protocol implementation, contains a congestion control vulnerability (CVE-2025-4821) where an unauthenticated remote attacker can manipulate ACK frames to artificially inflate the congestion window beyond safe limits, causing excessive data transmission rates and potential denial of service through integer overflow panics. The vulnerability affects quiche versions prior to 0.24.4. While the CVSS score is 7.5 (high severity with network attack vector and no privileges required), real-world exploitation requires completing a QUIC handshake and active manipulation, limiting opportunistic exploitation.