Export limit exceeded: 10005 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21019 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29046 | 1 Alfa | 2 Wifi Camppro, Wifi Camppro Firmware | 2025-04-30 | 9.8 Critical |
| Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value | ||||
| CVE-2025-29047 | 1 Alfa | 2 Wifi Camppro, Wifi Camppro Firmware | 2025-04-30 | 9.8 Critical |
| Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser | ||||
| CVE-2024-20259 | 1 Cisco | 98 Catalyst 9100, Catalyst 9105, Catalyst 9105ax and 95 more | 2025-04-30 | 8.6 High |
| A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one. | ||||
| CVE-2022-40662 | 1 Nikon | 1 Nis-elements Viewer | 2025-04-30 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15351. | ||||
| CVE-2022-44204 | 1 Dlink | 2 Dir-3060, Dir-3060 Firmware | 2025-04-30 | 9.8 Critical |
| D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. | ||||
| CVE-2025-45427 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-30 | 9.8 Critical |
| In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | ||||
| CVE-2022-0324 | 1 Linuxfoundation | 1 Software For Open Networking In The Cloud | 2025-04-30 | 8.1 High |
| There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. | ||||
| CVE-2024-27570 | 1 Libtor | 2 Lbt-t300-t390, Lbt-t300-t390 Firmware | 2025-04-30 | 7.5 High |
| LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-27572 | 2 Libtor, Szlbt | 3 Lbt-t300-t390, Lbt-t300-t390 Firmware, Lbt-t300-t390 Firmware | 2025-04-30 | 7.5 High |
| LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-27571 | 1 Libtor | 2 Lbt-t300-t390, Lbt-t300-t390 Firmware | 2025-04-30 | 7.5 High |
| LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-27569 | 2 Libtor, Szlbt | 3 Lbt-t300-t390, Lbt-t300-t390 Firmware, Lbt-t300-t390 Firmware | 2025-04-30 | 6.5 Medium |
| LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-27568 | 1 Libtor | 2 Lbt-t300-t390, Lbt-t300-t390 Firmware | 2025-04-30 | 6.5 Medium |
| LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-27567 | 2 Libtor, Szlbt | 3 Lbt-t300-t390, Lbt-t300-t390 Firmware, Lbt-t300-t390 Firmware | 2025-04-30 | 6.5 Medium |
| LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2021-33897 | 1 Synthesiagame | 1 Synthesia | 2025-04-29 | 5.5 Medium |
| A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. | ||||
| CVE-2025-3379 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.3 High |
| A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Affected by this vulnerability is an unknown functionality of the component EPSV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3680 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.3 High |
| A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component LANG Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3763 | 1 Razormist | 1 Phone Management System | 2025-04-29 | 5.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Phone Management System 1.0. This affects the function main of the component Password Handler. The manipulation of the argument s leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3683 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.3 High |
| A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component SIZE Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3682 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.3 High |
| A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component PASV Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3681 | 1 Pcman | 1 Ftp Server | 2025-04-29 | 7.3 High |
| A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MODE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||