Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (5254)

CVE-2025-65403
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A buffer overflow in the g_cfg.MaxUsers component of LightFTP v2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Denial Of Service Buffer Overflow Lightftp
NVD GitHub
CVE-2025-26858
EPSS 0% CVSS 8.6
HIGH This Week

A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

Denial Of Service Buffer Overflow Diris M 70 Firmware
NVD
CVE-2025-10101
EPSS 0% CVSS 8.1
HIGH This Week

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025.

Heap Overflow Denial Of Service Buffer Overflow +2
NVD
CVE-2025-63523
EPSS 0% CVSS 6.5
MEDIUM POC This Month

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.

Information Disclosure Buffer Overflow Feehicms
NVD GitHub
CVE-2025-12106
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

Buffer Overflow Ubuntu Debian +2
NVD
CVE-2025-41739
EPSS 0% CVSS 5.9
MEDIUM This Month

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.

Information Disclosure Denial Of Service Buffer Overflow
NVD
CVE-2025-66217
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

AIS-catcher is a multi-platform AIS receiver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow RCE +2
NVD GitHub
CVE-2025-66216
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

AIS-catcher is a multi-platform AIS receiver. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ais Catcher
NVD GitHub
CVE-2025-12183
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Java +3
NVD GitHub
CVE-2025-12143
EPSS 0% CVSS 6.9
MEDIUM This Month

Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Abb
NVD
CVE-2025-58314
EPSS 0% CVSS 6.6
MEDIUM This Month

Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +1
NVD
CVE-2025-12758
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Validator
NVD GitHub
CVE-2025-66030
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Forge +1
NVD GitHub
CVE-2025-64344
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
CVE-2025-64333
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
CVE-2025-64332
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
CVE-2025-64331
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
CVE-2025-64330
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suricata +2
NVD GitHub
CVE-2025-64129
EPSS 0% CVSS 7.0
HIGH This Week

Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow
NVD GitHub
CVE-2025-63938
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Tinyproxy +1
NVD GitHub
CVE-2025-50402
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fac1200R Firmware
NVD GitHub
CVE-2025-50399
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fac1200R Firmware
NVD GitHub
CVE-2025-13601
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.

Buffer Overflow Enterprise Linux For Power Little Endian Eus Enterprise Linux Server For Power Little Endian +29
NVD
CVE-2025-13735
EPSS 0% CVSS 7.4
HIGH This Week

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR Lapwing_Linux on Linux (nr_fw modules). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVE-2025-9558
EPSS 0% CVSS 7.6
HIGH This Week

There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVE-2025-9557
EPSS 0% CVSS 7.6
HIGH This Week

‭An out-of-bound write can lead to an arbitrary code execution. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE
NVD GitHub
CVE-2025-59820
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Redhat Suse
NVD
CVE-2025-64657
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft +1
NVD
CVE-2025-64656
EPSS 0% CVSS 9.4
CRITICAL Act Now

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Azure Application Gateway
NVD
CVE-2025-64713
EPSS 0% CVSS 5.1
MEDIUM POC This Month

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Webassembly Micro Runtime
NVD GitHub
CVE-2025-65085
EPSS 0% CVSS 8.4
HIGH This Week

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +5
NVD
CVE-2025-65084
EPSS 0% CVSS 8.4
HIGH This Week

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +5
NVD
CVE-2025-33195
EPSS 0% CVSS 4.4
MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia +1
NVD
CVE-2025-33190
EPSS 0% CVSS 6.7
MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Nvidia +3
NVD
CVE-2025-33189
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +4
NVD
CVE-2025-64693
EPSS 0% CVSS 9.3
CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft +2
NVD
CVE-2025-62691
EPSS 0% CVSS 9.3
CRITICAL Act Now

Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow RCE Buffer Overflow +2
NVD
CVE-2025-59365
EPSS 0% CVSS 6.9
MEDIUM This Month

A stack buffer overflow vulnerability has been identified in certain router models. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVE-2025-13502
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A flaw was found in WebKitGTK and WPE WebKit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +3
NVD
CVE-2025-65018
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libpng +2
NVD GitHub
CVE-2025-64720
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libpng +2
NVD GitHub
CVE-2025-64506
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libpng +2
NVD GitHub
CVE-2025-64505
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libpng +2
NVD GitHub
CVE-2025-52538
EPSS 0% CVSS 8.0
HIGH This Week

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVE-2025-29933
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD
CVE-2025-52539
EPSS 0% CVSS 7.3
HIGH This Week

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality,. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVE-2025-12970
EPSS 0% CVSS 8.8
HIGH This Month

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Fluent Bit +1
NVD
CVE-2025-13566
EPSS 0% CVSS 4.8
MEDIUM Monitor

A security vulnerability has been detected in jarun nnn up to 5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVE-2025-13553
EPSS 0% CVSS 7.4
HIGH POC This Month

A weakness has been identified in D-Link DWR-M920 1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dwr M920 Firmware
NVD GitHub VulDB
CVE-2025-13552
EPSS 0% CVSS 7.4
HIGH POC This Month

A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
CVE-2025-13551
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
CVE-2025-13550
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
CVE-2025-13549
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was found in D-Link DIR-822K 1.00. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware
NVD GitHub VulDB
CVE-2025-13548
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
CVE-2025-13547
EPSS 0% CVSS 7.4
HIGH POC This Month

A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware +1
NVD GitHub VulDB
CVE-2025-11931
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Wolfssl
NVD GitHub
CVE-2025-65102
EPSS 0% CVSS 8.7
HIGH This Month

PJSIP is a free and open source multimedia communication library. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVE-2025-65092
EPSS 0% CVSS 6.9
MEDIUM This Month

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVE-2025-43374
EPSS 0% CVSS 4.3
MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Apple Buffer Overflow
NVD
CVE-2025-62608
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Buffer Overflow +3
NVD GitHub
CVE-2025-62164
EPSS 0% CVSS 8.8
HIGH PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Vllm +3
NVD GitHub
CVE-2025-64524
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Apple Buffer Overflow RCE +3
NVD GitHub
CVE-2025-63889
EPSS 0% CVSS 7.5
HIGH This Month

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Buffer Overflow Information Disclosure +1
NVD GitHub
CVE-2025-65226
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVE-2025-65223
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow +1
NVD GitHub
CVE-2025-65222
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow +1
NVD GitHub
CVE-2025-65221
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow +1
NVD GitHub
CVE-2025-65220
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Tenda Buffer Overflow +1
NVD GitHub
CVE-2025-40601
EPSS 0% CVSS 7.5
HIGH This Month

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow +1
NVD
CVE-2025-13446
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub VulDB
CVE-2025-13445
EPSS 0% CVSS 7.4
HIGH POC This Month

A flaw has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac21 Firmware
NVD GitHub VulDB
CVE-2025-47914
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Crypto +2
NVD
CVE-2025-13400
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was detected in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ch22 Firmware
NVD GitHub VulDB
CVE-2025-12056
EPSS 0% CVSS 8.3
HIGH This Month

Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVE-2025-64076
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Buffer Overflow +4
NVD GitHub
CVE-2025-58413
EPSS 0% CVSS 7.5
HIGH This Month

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet +2
NVD
CVE-2025-53843
EPSS 0% CVSS 7.5
HIGH This Month

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet +1
NVD
CVE-2025-48839
EPSS 0% CVSS 6.6
MEDIUM This Month

An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
CVE-2025-46776
EPSS 0% CVSS 6.4
MEDIUM This Month

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Buffer Overflow Fortinet +1
NVD
CVE-2025-46373
EPSS 0% CVSS 7.8
HIGH This Month

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec. Rated high severity (CVSS 7.8). No vendor patch available.

Buffer Overflow RCE Microsoft +4
NVD
CVE-2025-63602
EPSS 0% CVSS 7.3
HIGH POC This Month

A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +2
NVD
CVE-2025-10158
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Redhat Suse
NVD GitHub VulDB
CVE-2025-8727
EPSS 0% CVSS 7.2
HIGH This Month

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVE-2025-8404
EPSS 0% CVSS 5.5
MEDIUM This Month

Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE
NVD
CVE-2025-8076
EPSS 0% CVSS 7.2
HIGH This Month

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow
NVD
CVE-2025-7623
EPSS 0% CVSS 5.4
MEDIUM This Month

Stack-based buffer overflow in the SMASH-CLP shell. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE
NVD
CVE-2025-36553
EPSS 0% CVSS 8.8
HIGH This Month

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow
NVD
CVE-2025-36463
EPSS 0% CVSS 7.3
HIGH This Month

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
NVD
CVE-2025-36462
EPSS 0% CVSS 7.3
HIGH This Month

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
NVD
CVE-2025-36461
EPSS 0% CVSS 7.3
HIGH This Month

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Broadcom
NVD
Prev Page 19 of 59 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
5254

Related CWEs

MITRE ATT&CK

References

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy