Search Results (45977 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-9526 1 Linksys 2 E1700, E1700 Firmware 2025-10-09 8.8 High
A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function setSysAdm of the file /goform/setSysAdm. Such manipulation of the argument rm_port leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9527 1 Linksys 2 E1700, E1700 Firmware 2025-10-09 8.8 High
A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-54365 1 Fastapi-guard 1 Fastapi Guard 2025-10-09 7.5 High
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a <script> tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2.
CVE-2024-9949 2 Forescout, Microsoft 2 Secureconnector, Windows 2025-10-09 6.1 Medium
Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.
CVE-2025-29769 2 Debian, Libvips 2 Debian Linux, Libvips 2025-10-09 5.5 Medium
libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't many ways to create a "multiband" input, but it is possible with a well-crafted TIFF image. If a "multiband" TIFF input image had 4 channels and HEIF-based output was requested, this led to libvips creating a 3 channel HEIF image without an alpha channel but then attempting to write 4 channels of data. This caused a heap buffer overflow, which could crash the process. This vulnerability is fixed in 8.16.1.
CVE-2023-36028 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2025-10-09 9.8 Critical
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-36042 1 Microsoft 2 Visual Studio 2019, Visual Studio 2022 2025-10-08 6.2 Medium
Visual Studio Denial of Service Vulnerability
CVE-2023-36392 1 Microsoft 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more 2025-10-08 7.5 High
DHCP Server Service Denial of Service Vulnerability
CVE-2023-36395 1 Microsoft 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more 2025-10-08 7.5 High
Windows Deployment Services Denial of Service Vulnerability
CVE-2023-36397 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-10-08 9.8 Critical
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-36400 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2025-10-08 8.8 High
Windows HMAC Key Derivation Elevation of Privilege Vulnerability
CVE-2023-36401 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-10-08 7.2 High
Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36402 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-10-08 8.8 High
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36408 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2025-10-08 7.8 High
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36423 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-10-08 8.8 High
Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36425 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-10-08 8 High
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-36428 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-10-08 5.5 Medium
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2025-48730 1 Qnap 2 Qts, Quts Hero 2025-10-08 6.5 Medium
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
CVE-2025-52429 1 Qnap 2 Qts, Quts Hero 2025-10-08 6.5 Medium
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
CVE-2025-10792 2 D-link, Dlink 3 Dir-513, Dir-513, Dir-513 Firmware 2025-10-08 8.8 High
A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.