Buffer Overflow

CVE-2025-6336 is a critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter in the /boafrm/formTmultiAP endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability has been disclosed; exploitation requires valid credentials but no user interaction.

CVE-2025-6334 is a critical stack-based buffer overflow vulnerability in D-Link DIR-867 1.0 routers, affecting the Query String Handler's strncpy function implementation. Remote attackers with low privileges can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has documented public exploits available, affects end-of-life hardware no longer receiving vendor support, and carries a high CVSS 3.1 score of 8.8.

A critical stack-based buffer overflow vulnerability exists in D-Link DIR-815 firmware version 1.01 within the hedwig.cgi module (function sub_403794), allowing remote attackers with low privilege access to execute arbitrary code with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability may be actively exploited in the wild, making this a high-priority remediation target.

Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash

CVE-2025-6302 is a critical stack-based buffer overflow vulnerability in TOTOLINK EX1200T router firmware version 4.1.2cu.5232_B20210713, specifically in the setStaticDhcpConfig function of /cgi-bin/cstecgi.cgi. An authenticated attacker can exploit this by sending a malicious Comment parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this actively exploitable.

CVE-2025-6292 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 routers (version 2.03 and potentially others) that allows authenticated attackers to execute arbitrary code remotely via malformed HTTP POST requests to the vulnerable HTTP POST Request Handler function. The vulnerability affects end-of-life products no longer receiving security updates from D-Link, and public exploit code has been disclosed, increasing real-world exploitation risk despite requiring valid credentials.

CVE-2025-6291 is a critical stack-based buffer overflow vulnerability in D-Link DIR-825 firmware version 2.03, exploitable via HTTP POST requests to the do_file function. An authenticated attacker can achieve complete system compromise (confidentiality, integrity, and availability violations) remotely without user interaction. Public exploit code exists and the affected product is end-of-life with no vendor support, elevating real-world risk despite authentication requirement.

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

High-severity integer overflow vulnerability in the V8 JavaScript engine within Google Chrome that enables out-of-bounds memory access through a maliciously crafted HTML page. The vulnerability affects Chrome versions prior to 137.0.7151.119 and requires only user interaction (clicking a link, visiting a page) with no special privileges needed. Successful exploitation allows attackers to read sensitive data, modify content, or crash the browser with a CVSS score of 8.8.

A remote code execution vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .

Cloudflare quiche, a QUIC protocol implementation, contains a congestion control vulnerability (CVE-2025-4821) where an unauthenticated remote attacker can manipulate ACK frames to artificially inflate the congestion window beyond safe limits, causing excessive data transmission rates and potential denial of service through integer overflow panics. The vulnerability affects quiche versions prior to 0.24.4. While the CVSS score is 7.5 (high severity with network attack vector and no privileges required), real-world exploitation requires completing a QUIC handshake and active manipulation, limiting opportunistic exploitation.

A buffer overflow vulnerability (CVSS 7.8) that allows a local attacker. Risk factors: public PoC available.

Buffer overflow vulnerability in the PFCP (Packet Forwarding Control Protocol) library used by open5gs 2.7.2 and earlier. The vulnerability exists in the `ogs_pfcp_dev_add` function due to missing length validation on the `session.dev` field, allowing a local attacker with low privileges to cause a buffer overflow that can result in information disclosure, integrity compromise, or denial of service. The vulnerability has not been reported as actively exploited in the wild (no KEV status indicated), but the low attack complexity and local attack vector make it a practical concern for compromised or insider threat scenarios.

Heap buffer out-of-bounds read vulnerability in the ARM64 NEON implementation of the Linux kernel's Poly1305 cryptographic authenticator. The vulnerability allows local attackers with low privileges to read sensitive memory beyond buffer boundaries, potentially leading to information disclosure or denial of service. A proof-of-concept exists demonstrating reproducible exploitation through crafted input to the crypto subsystem.

CVE-2022-50221 is an out-of-bounds memory access vulnerability in the Linux kernel's DRM framebuffer helper subsystem, specifically in the deferred I/O damage handling mechanism. An attacker with local privileges can trigger an out-of-bounds read/write by exploiting page boundary misalignment in the fbdev screen buffer, potentially leading to information disclosure or denial of service. The vulnerability affects Linux kernel versions prior to patches addressing the drm/fb-helper module; no public evidence of active exploitation or POC availability has been confirmed, though the CVSS 7.1 score reflects moderate-to-high severity due to local privilege requirement.

Heap buffer out-of-bounds read vulnerability in the Linux kernel's RAID10 module (raid10_remove_disk function) triggered during LVM raid reshape operations. A local attacker with low privileges can crash the system or potentially leak sensitive kernel memory by exploiting invalid array indexing during disk removal in RAID10 configurations. The vulnerability affects Linux kernels through 5.19.0-rc6 and requires local access; no active exploitation in the wild has been documented, but the issue was identified through routine KASAN testing.

Boundary check bypass vulnerability in the Linux kernel's SELinux subsystem, specifically in the put_entry() function, allowing out-of-bounds memory read access. Affected Linux kernel versions prior to the fix require local privilege escalation (requires user-level access) to exploit, enabling attackers to read sensitive kernel memory and potentially crash the system (denial of service). This vulnerability was not widely exploited in the wild at disclosure but represents a real local privilege escalation risk in multi-tenant environments and shared systems.

A buffer overflow vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

CVE-2022-50182 is an out-of-bounds read vulnerability in the Linux kernel's imx-jpeg media driver that occurs when buffer sizes are not properly aligned upwards during JPEG encoding and decoding operations. The vulnerability affects Linux kernel versions with the vulnerable imx-jpeg driver on ARM-based systems (NXP i.MX processors), allowing local authenticated users to read sensitive kernel memory or cause a denial of service. While the CVSS score is 7.1 (high), real-world exploitation requires local access and requires process privileges, limiting the immediate threat surface.

In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places. Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in both places.

Buffer overflow vulnerability in the Linux kernel's CP2112 HID driver that allows a local attacker with user-level privileges to overwrite kernel memory by providing a maliciously crafted read_length value (0-255) to the cp2112_xfer() function. The vulnerability affects systems with the vulnerable CP2112 driver compiled into the kernel, enabling memory corruption that could lead to code execution or denial of service. While not listed as actively exploited in CISA KEV at time of analysis, the local attack vector and ease of exploitation present moderate real-world risk for systems with CP2112 devices or driver loaded.

CVE-2022-50147 is an out-of-bounds memory read vulnerability in the Linux kernel's memory policy subsystem (mm/mempolicy) where the get_nodes() function fails to properly validate user-supplied node counts, allowing a local attacker with low privileges to read sensitive kernel memory or trigger a denial of service. The vulnerability affects Linux kernel versions prior to the fix and requires local access; while not known to be actively exploited in the wild, the high CVSS score of 7.1 and exploitability from low-privileged users makes it a significant risk for multi-tenant systems and shared hosting environments.

A buffer overflow vulnerability exists in the Linux kernel's HID MCP2221 driver in the mcp_smbus_write() function, where user-controlled SMBus data length values (0-255 bytes) are not properly validated before being copied into fixed-size buffers (59 bytes), allowing a local attacker with unprivileged access to overwrite kernel memory and potentially achieve code execution or denial of service. The vulnerability has a CVSS score of 7.8 (High) with local attack vector requiring low privileges.

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC") added a new function "pmi_irq_pending" in hw_irq.h. This function is to check if there is a PMI marked as pending in Paca (PACA_IRQ_PMI).This is used in power_pmu_disable in a WARN_ON. The intention here is to provide a warning if there is PMI pending, but no counter is found overflown. During some of the perf runs, below warning is hit: WARNING: CPU: 36 PID: 0 at arch/powerpc/perf/core-book3s.c:1332 power_pmu_disable+0x25c/0x2c0 Modules linked in: ----- NIP [c000000000141c3c] power_pmu_disable+0x25c/0x2c0 LR [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 Call Trace: [c000000baffcfb90] [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 (unreliable) [c000000baffcfc10] [c0000000003e2f8c] perf_pmu_disable+0x4c/0x60 [c000000baffcfc30] [c0000000003e3344] group_sched_out.part.124+0x44/0x100 [c000000baffcfc80] [c0000000003e353c] __perf_event_disable+0x13c/0x240 [c000000baffcfcd0] [c0000000003dd334] event_function+0xc4/0x140 [c000000baffcfd20] [c0000000003d855c] remote_function+0x7c/0xa0 [c000000baffcfd50] [c00000000026c394] flush_smp_call_function_queue+0xd4/0x300 [c000000baffcfde0] [c000000000065b24] smp_ipi_demux_relaxed+0xa4/0x100 [c000000baffcfe20] [c0000000000cb2b0] xive_muxed_ipi_action+0x20/0x40 [c000000baffcfe40] [c000000000207c3c] __handle_irq_event_percpu+0x8c/0x250 [c000000baffcfee0] [c000000000207e2c] handle_irq_event_percpu+0x2c/0xa0 [c000000baffcff10] [c000000000210a04] handle_percpu_irq+0x84/0xc0 [c000000baffcff40] [c000000000205f14] generic_handle_irq+0x54/0x80 [c000000baffcff60] [c000000000015740] __do_irq+0x90/0x1d0 [c000000baffcff90] [c000000000016990] __do_IRQ+0xc0/0x140 [c0000009732f3940] [c000000bafceaca8] 0xc000000bafceaca8 [c0000009732f39d0] [c000000000016b78] do_IRQ+0x168/0x1c0 [c0000009732f3a00] [c0000000000090c8] hardware_interrupt_common_virt+0x218/0x220 This means that there is no PMC overflown among the active events in the PMU, but there is a PMU pending in Paca. The function "any_pmc_overflown" checks the PMCs on active events in cpuhw->n_events. Code snippet: <<>> if (any_pmc_overflown(cpuhw)) clear_pmi_irq_pending(); else WARN_ON(pmi_irq_pending()); <<>> Here the PMC overflown is not from active event. Example: When we do perf record, default cycles and instructions will be running on PMC6 and PMC5 respectively. It could happen that overflowed event is currently not active and pending PMI is for the inactive event. Debug logs from trace_printk: <<>> any_pmc_overflown: idx is 5: pmc value is 0xd9a power_pmu_disable: PMC1: 0x0, PMC2: 0x0, PMC3: 0x0, PMC4: 0x0, PMC5: 0xd9a, PMC6: 0x80002011 <<>> Here active PMC (from idx) is PMC5 , but overflown PMC is PMC6(0x80002011). When we handle PMI interrupt for such cases, if the PMC overflown is from inactive event, it will be ignored. Reference commit: commit bc09c219b2e6 ("powerpc/perf: Fix finding overflowed PMC in interrupt") Patch addresses two changes: 1) Fix 1 : Removal of warning ( WARN_ON(pmi_irq_pending()); ) We were printing warning if no PMC is found overflown among active PMU events, but PMI pending in PACA. But this could happen in cases where PMC overflown is not in active PMC. An inactive event could have caused the overflow. Hence the warning is not needed. To know pending PMI is from an inactive event, we need to loop through all PMC's which will cause more SPR reads via mfspr and increase in context switch. Also in existing function: perf_event_interrupt, already we ignore PMI's overflown when it is from an inactive PMC. 2) Fix 2: optimization in clearing pending PMI. Currently we check for any active PMC overflown before clearing PMI pending in Paca. This is causing additional SP ---truncated---

Local privilege escalation vulnerability in the Linux kernel's vt8623fb framebuffer driver where improper validation of user-supplied screen size parameters allows writing beyond allocated memory boundaries via memset_io(). A local attacker with unprivileged user access can trigger a heap overflow through the FB_SET_VAR ioctl, potentially achieving arbitrary kernel code execution or denial of service. The vulnerability affects the framebuffer subsystem across multiple Linux distributions and requires local access to exploit, making it a moderate-to-high severity issue for multi-user systems.

Local privilege escalation vulnerability in the Linux kernel's arkfb (Ark Logic framebuffer) driver where improper validation of user-supplied screen size parameters in arkfb_set_par() allows local attackers with user-level privileges to write beyond allocated memory boundaries via memset_io(), potentially achieving code execution or denial of service. The vulnerability affects Linux kernel versions with vulnerable arkfb driver code and requires local access; no evidence of active exploitation in the wild or public POC availability was identified at analysis time.

Local privilege escalation vulnerability in the Linux kernel's s3fb framebuffer driver where improper input validation in the s3fb_set_par() function allows a local attacker with low privileges to write beyond allocated memory boundaries via memset_io(), potentially causing kernel panic or code execution. The vulnerability affects Linux kernel versions with the vulnerable s3fb driver and requires local access with user-level privileges to exploit.

CVE-2022-50094 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Buffer over-read vulnerability in the Linux kernel's Device Mapper (dm) RAID subsystem that occurs during raid_resume operations when mddev->raid_disks exceeds rs->raid_disks, causing a kernel address sanitizer warning and potential information disclosure or denial of service. The vulnerability affects Linux kernel versions implementing dm-raid functionality and requires local access with standard user privileges to trigger. While not known to be actively exploited in the wild, the high CVSS score (7.8) reflects the potential for privilege escalation and system compromise on affected systems.

CVE-2022-50066 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Potential buffer overflow vulnerability in the Linux kernel's ASoC Intel AVS audio driver caused by improper use of snprintf() instead of scnprintf(). While the vulnerability has a high CVSS score of 7.8 (local privilege escalation), the actual exploitability is low because the overflow scenario is acknowledged as 'unrealistic' in the kernel patch. The vulnerability affects Linux kernel versions with the Intel AVS audio subsystem and requires local access with non-root privileges to exploit.

Buffer overflow vulnerability in the Linux kernel's ASoC SOF (Sound Open Firmware) debug subsystem caused by improper use of snprintf() which can return values exceeding the buffer size, potentially enabling local privilege escalation. The vulnerability affects Linux kernel versions with the vulnerable ASoC SOF debug code and requires local access with limited privileges to exploit. While the CVSS score is 7.8 (high severity), the practical exploitability is considered low as the buffer overflow condition is described as 'unrealistic' and requires specific debug code paths to be triggered.

Buffer overflow vulnerability in the Linux kernel's ASoC SOF Intel HDA driver caused by improper use of snprintf() instead of scnprintf(). An attacker with local access and low privileges could potentially trigger a buffer overflow condition through manipulation of audio subsystem parameters, leading to information disclosure, code execution, or denial of service. While the vulnerability is rated CVSS 7.8 (high), the practical exploitability is considered low as it requires specific conditions and local access, with no known active exploitation or public POC at the time of disclosure.

Buffer overflow vulnerability in the Linux kernel's DSA SJA1105 driver that occurs when dsa_devlink_region_create() fails during initialization, causing the priv->regions array to be accessed with a negative index (-1). This affects Linux kernel versions containing the vulnerable sja1105_setup_devlink_regions() function and requires local access with limited privileges to trigger. While not known to be actively exploited in the wild (KEV status not confirmed), the CVSS 7.8 High severity score reflects significant local impact potential including information disclosure and denial of service.

A buffer overflow vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

CVE-2022-50026 is an out-of-bounds shift vulnerability in the Linux kernel's habanalabs/gaudi driver that occurs when validating NIC queues due to improper offset calculation logic. The vulnerability affects Linux kernel versions with the habanalabs Gaudi accelerator driver and requires local access with limited privileges to exploit. An authenticated local attacker can trigger an out-of-bounds memory access leading to information disclosure (confidentiality impact) and potential denial of service (availability impact), with a CVSS score of 7.1 indicating high severity.

CVE-2022-49993 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Heap buffer overflow vulnerability in the Linux kernel's BPF JIT compiler that allows a local, unprivileged user to read out-of-bounds memory and cause a denial of service. The vulnerability stems from improper range checking of array indices using imprecise tnum (tristate number) representations instead of concrete scalar values, enabling potential information disclosure and crash of the kernel. This affects Linux kernel versions prior to the fix and requires local access with unprivileged user privileges to exploit.

CVE-2022-49963 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Memory corruption vulnerability in the Linux kernel's fastrpc driver that occurs during device probe when the devicetree defines more sessions than the FASTRPC_MAX_SESSIONS compile-time limit. An attacker with local access and low privileges can trigger out-of-bounds memory writes to the fixed-size session array, potentially achieving information disclosure, privilege escalation, or denial of service. The vulnerability requires malicious or misconfigured devicetree configuration and is not known to be actively exploited in the wild, but represents a real risk in systems with untrusted device configuration sources.

Memory corruption vulnerability in the Linux kernel's fastrpc (Fast RPC) subsystem that allows a local, low-privileged attacker to corrupt kernel memory and potentially achieve privilege escalation or denial of service. The vulnerability exists in the session allocation logic where an off-by-one error in the overflow check causes the session counter to be incremented even when no sessions remain available, enabling out-of-bounds writes to a fixed-size slab-allocated array during fastrpc_session_alloc() calls on device open. This affects Linux kernel versions prior to the patch, with CVSS 7.8 (High) indicating significant local privilege escalation risk; exploitation requires local file system access to /dev/fastrpc-* device nodes.

Use-after-free / out-of-bounds memory access vulnerability in the Linux kernel's virtual terminal (vt) subsystem triggered when changing console fonts via the KDFONTOP ioctl. An unprivileged local attacker with console access can crash the kernel or potentially achieve information disclosure by exploiting improper selection buffer handling during font size changes. The vulnerability requires local access and user-level privileges, making it a moderate-to-high-risk issue affecting kernel versions prior to the fix.

Out-of-bounds memory read vulnerability in the Linux kernel's Broadcom Raspberry Pi clock driver (clk-bcm-rpi) caused by unsafe assumptions about firmware-provided data structures. The vulnerability affects Raspberry Pi systems running vulnerable Linux kernel versions and allows a local attacker with user-level privileges to read sensitive kernel memory, potentially leading to information disclosure or denial of service. This is a kernel-level vulnerability requiring local access, with moderate real-world risk due to the local attack vector requirement.

Linux kernel vulnerability in the gpio-fan hwmon driver that fails to validate cooling state parameters before using them as array indices, enabling an out-of-bounds memory access. Local privileged users (PR:L) can trigger kernel panics or information disclosure by writing arbitrary cooling state values to the thermal device sysfs interface. This vulnerability has a CVSS score of 7.1 with high impact on confidentiality and availability; while not listed as actively exploited in CISA KEV, the straightforward nature of the vulnerability (direct array indexing without bounds checking) makes it a practical local DoS/info leak vector.

CVE-2025-38082 is an out-of-bounds write vulnerability in the Linux kernel's gpio-virtuser driver that occurs when input exceeds buffer capacity, potentially allowing a local attacker with limited privileges to corrupt kernel memory and achieve privilege escalation or denial of service. The vulnerability affects Linux kernel versions with the vulnerable gpio-virtuser implementation; while not currently listed in CISA KEV, the CVSS 7.8 score and local attack vector indicate moderate real-world risk requiring timely patching.

A register out-of-bounds access vulnerability in the Linux kernel's spi-rockchip driver allows local attackers with low privileges to cause a denial of service and potentially leak sensitive information. The vulnerability occurs when the driver attempts to write native chip select configuration for GPIO-based chip selects, which can have numerically higher GPIO indices than native CS pins support, causing writes to invalid memory regions. This is a local privilege escalation concern affecting systems using Rockchip SPI controllers with GPIO chip selects.

A buffer overflow vulnerability exists in the Linux kernel's Dell WMI System Management (dell-wmi-sysman) driver in the current_password_store() function, where an empty string input causes an out-of-bounds array access via index underflow (length - 1 when length equals zero). A local, low-privilege attacker can exploit this to achieve read/write memory corruption, potentially leading to privilege escalation or denial of service. This vulnerability is not currently listed in CISA KEV catalog and requires local access with unprivileged user privileges.

A buffer overrun vulnerability exists in the Linux kernel's LZO compression implementation (crypto/lzo) where the compression code fails to validate output buffer boundaries before writing data, unlike the decompression counterpart. This allows a local attacker with low privileges to trigger a heap/stack buffer overflow, potentially leading to arbitrary code execution or denial of service. The vulnerability affects all Linux kernel versions using the vulnerable LZO compression code path in cryptographic operations.

Fuji Electric Smart Editor contains an out-of-bounds write vulnerability (CWE-787) that allows local attackers with user-level privileges to execute arbitrary code by crafting malicious input files. The vulnerability affects Smart Editor with a CVSS score of 7.8 (high severity), requiring user interaction (opening a malicious file) but no elevated privileges. Without confirmed KEV, EPSS, or public POC data in the provided intelligence, the real-world exploitation likelihood should be assessed as moderate-to-high given the local attack vector and file-based interaction model typical of engineering software.

Stack-based buffer overflow vulnerability in Fuji Electric Smart Editor that allows unauthenticated local attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious file) but does not require elevated privileges. While the CVSS score of 7.8 reflects high severity, real-world risk depends on KEV status, EPSS score, and public exploit availability, which are not provided in the source data.

CVE-2025-32412 is an out-of-bounds read vulnerability in Fuji Electric Smart Editor that permits arbitrary code execution through a local attack vector requiring user interaction. The vulnerability affects Fuji Electric Smart Editor across affected versions and is classified as high-severity with a CVSS score of 7.8. While no KEV or active exploitation is confirmed in the provided data, the local attack vector combined with user interaction requirement and high impact (confidentiality, integrity, availability) makes this a significant concern for organizations using this industrial automation software.

A buffer overflow vulnerability in llama.cpp (CVSS 8.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Heap-based buffer overflow vulnerability in PRJ file parsing that allows local attackers with user interaction to achieve high-impact memory corruption, potentially leading to arbitrary code execution or information disclosure. The vulnerability stems from insufficient validation of user-supplied data within PRJ file structures, enabling attackers to read and write past allocated buffer boundaries. No current KEV status or active exploitation data is available in public records, but the local attack vector and requirement for user interaction (file opening) suggest moderate real-world risk despite the high CVSS score.

CVE-2025-49849 is an out-of-bounds read vulnerability in PRJ file parsing that enables memory corruption through insufficient validation of user-supplied data. The vulnerability affects applications processing PRJ files (commonly associated with project management software) and allows local attackers with user interaction to read and write beyond allocated memory boundaries, potentially leading to information disclosure or code execution. While the CVSS score is moderately high (8.4), real-world exploitability depends on KEV status and active exploitation reports, which are not currently documented in available intelligence.

CVE-2025-49848 is an out-of-bounds write vulnerability in PRJ file parsing that allows unauthenticated local attackers with user interaction to corrupt memory and potentially achieve arbitrary code execution or application crash. The vulnerability stems from insufficient input validation when processing PRJ files, enabling attackers to read and write past allocated buffer boundaries. While no public exploit code or active in-the-wild exploitation has been confirmed at analysis time, the high CVSS score (8.4) and critical impact ratings (confidentiality, integrity, availability all HIGH) indicate this requires prioritized patching.

CVE-2025-49180 is an integer overflow vulnerability in the RandR (Resize and Rotate) X11 extension's RRChangeProviderProperty function that fails to properly validate input parameters. This allows a local, unprivileged attacker to trigger memory allocation failures or heap corruption, potentially leading to privilege escalation or denial of service on X11-based systems. The vulnerability requires local access and low privileges to exploit, making it a significant risk for multi-user systems and shared computing environments.

CVE-2025-49179 is an integer overflow vulnerability in the X Record extension's RecordSanityCheckRegisterClients function that allows authenticated local users to bypass request length validation checks. This flaw enables privilege escalation and potential code execution on affected X11 systems. With a CVSS score of 7.3 and requiring local access with low privileges, this poses a moderate-to-high risk for multi-user systems; exploitation status and POC availability have not been confirmed in public disclosures as of analysis time.

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.

Critical buffer overflow vulnerability in TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404, affecting the HTTP POST request handler in the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, increasing real-world exploitation risk.

Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others) affecting the HTTP POST request handler at endpoint /boafrm/formMultiAP. An authenticated attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability is actively exploitable.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Critical stack-based buffer overflow vulnerability in the HTTP POST request handler (function sub_AC78) of D-Link DIR-665 firmware version 1.00, exploitable remotely by authenticated attackers. The vulnerability allows remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit code is available and the affected product line is no longer maintained by D-Link, significantly elevating real-world risk despite requiring low-privilege authentication.

Buffer overflow vulnerability in TP-Link TL-WR940N V4 and TL-WR841N V11 routers, exploitable remotely through the /userRpm/WanSlaacCfgRpm.htm endpoint. An attacker with high privileges can trigger memory corruption leading to availability impact (denial of service) or potential system compromise. This vulnerability affects end-of-life products no longer receiving vendor support, significantly limiting remediation options.

Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exists and the vulnerability is actively exploitable without user interaction.

Critical buffer overflow vulnerability in TOTOLINK A3002R firmware version 4.0.0-B20230531.1404 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an active threat to deployed devices.

Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this via manipulation of the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and represents an active threat to deployed devices.

Critical buffer overflow vulnerability in TOTOLINK A702R router firmware (version 4.0.0-B20230721.1521) affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this vulnerability remotely by manipulating the submit-url parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, significantly elevating real-world exploitation risk.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.

Critical buffer overflow vulnerability in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists, increasing real-world exploitation risk.

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.

Memory corruption in libxml2's processing of schematron sch:name elements allows remote attackers to trigger crashes or potentially execute code via maliciously crafted XML files. Affects widespread deployments including Red Hat Enterprise Linux 7-10, OpenShift Container Platform 4.12-4.20, Ubuntu, and Debian distributions. CVSS 9.1 critical severity with network-exploitable vector requiring no authentication. Publicly available exploit code exists (POC confirmed). EPSS score of 0.49% suggests relatively low observed exploitation attempts despite critical rating. Not listed in CISA KEV, indicating no confirmed mass exploitation campaigns at time of analysis. Vendor patches available across all affected Red Hat products with specific versions documented.

Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler's get_pure_content function. An unauthenticated remote attacker can exploit this via a malicious Content-Length header to achieve complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code exists for this end-of-life product, creating immediate risk for any remaining deployed instances.

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Buffer overflow vulnerability in the Apache NuttX RTOS xmlrpc example application where device statistics structures use hardcoded buffer sizes that do not account for the CONFIG_XMLRPC_STRINGSIZE configuration parameter, allowing remote attackers to overflow memory without authentication. This affects Apache NuttX RTOS versions 6.22 through 12.8.x, with a critical CVSS score of 9.8 indicating high severity across confidentiality, integrity, and availability. The vulnerability is particularly dangerous because developers may have copied the vulnerable example code into production implementations, extending the attack surface beyond the example application itself.

A buffer overflow vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.