Search Results (45958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-62496 2 Quickjs-ng, Quickjs Project 2 Quickjs, Quickjs 2025-10-28 8.8 High
A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) required to store the BigInt using the formula: $$\text{n\_bits} = (\text{n\_digits} \times 27 + 7) / 8 \quad (\text{for radix 10})$$ * For large input strings (e.g., $79,536,432$ digits or more for base 10), the intermediate calculation $(\text{n\_digits} \times 27 + 7)$ exceeds the maximum value of a standard signed 32-bit integer, resulting in an Integer Overflow. * The resulting n_bits value becomes unexpectedly small or even negative due to this wrap-around. * This flawed n_bits is then used to compute n_limbs, the number of memory "limbs" needed for the BigInt object. Since n_bits is too small, the calculated n_limbs is also significantly underestimated. * The function proceeds to allocate a JSBigInt object using this underestimated n_limbs. * When the function later attempts to write the actual BigInt data into the allocated object, the small buffer size is quickly exceeded, leading to a Heap Out-of-Bounds Write as data is written past the end of the allocated r->tab array.
CVE-2025-60341 1 Tenda 2 Ac6, Ac6 Firmware 2025-10-28 7.5 High
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-60340 1 Tenda 2 Ac6, Ac6 Firmware 2025-10-28 7.5 High
Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters.
CVE-2025-8049 1 Opentext 1 Flipper 2025-10-28 8.8 High
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2.
CVE-2025-8053 1 Opentext 1 Flipper 2025-10-28 9.1 Critical
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1.2.
CVE-2022-23460 1 Hjiang 1 Json\+\+ 2025-10-28 5.9 Medium
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.
CVE-2025-62579 2 Delta Electronics, Deltaww 2 Asdasoft, Asda Soft 2025-10-28 7.8 High
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2025-62580 2 Delta Electronics, Deltaww 2 Asdasoft, Asda Soft 2025-10-28 7.8 High
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2025-60566 2 D-link, Dlink 3 Dir-600l, Dir-600l, Dir-600l Firmware 2025-10-28 7.5 High
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.
CVE-2024-30051 1 Microsoft 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more 2025-10-28 7.8 High
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-49138 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2025-10-28 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36033 1 Microsoft 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more 2025-10-28 7.8 High
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2023-36036 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2025-10-28 7.8 High
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-28252 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2025-10-28 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-20699 1 Cisco 8 Rv340, Rv340 Firmware, Rv340w and 5 more 2025-10-28 10 Critical
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-20700 1 Cisco 18 Rv160, Rv160 Firmware, Rv160w and 15 more 2025-10-28 10 Critical
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-20701 1 Cisco 8 Rv340, Rv340 Firmware, Rv340w and 5 more 2025-10-28 10 Critical
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-20703 1 Cisco 18 Rv160, Rv160 Firmware, Rv160w and 15 more 2025-10-28 10 Critical
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-20708 1 Cisco 8 Rv340, Rv340 Firmware, Rv340w and 5 more 2025-10-28 10 Critical
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2020-3118 1 Cisco 37 Asr 9000, Asr 9000v, Asr 9001 and 34 more 2025-10-28 8.8 High
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).