Search Results (45977 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-56394 1 Free5gc 1 Free5gc 2025-10-08 7.5 High
Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.
CVE-2025-51005 2 Appneta, Broadcom 2 Tcpreplay, Tcpreplay 2025-10-08 7.5 High
A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay in tcpliveplay.c, leading to a possible denial of service.
CVE-2025-5099 1 Dynamixsoftware 1 Printershare 2025-10-08 9.8 Critical
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
CVE-2024-46718 1 Linux 1 Linux Kernel 2025-10-08 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs on certain platforms. Use 2M pages for the last unaligned (to 1G) VRAM chunk. v2: - Always use 2M pages for last chunk (Fei Yang) - break loop when 2M pages are used - Add assert for usable_size being 2M aligned v3: - Fix checkpatch
CVE-2024-36468 1 Zabbix 1 Zabbix 2025-10-08 3 Low
The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.
CVE-2025-53406 1 Qnap 2 Qts, Quts Hero 2025-10-08 6.5 Medium
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
CVE-2025-53407 1 Qnap 2 Qts, Quts Hero 2025-10-08 6.5 Medium
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
CVE-2025-10225 2 Axxonsoft, Microsoft 2 Axxon One, Windows 2025-10-08 7.5 High
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering memory reallocation errors when handling expired session keys.
CVE-2025-25528 1 Wavlink 2 Wl-wn575a3, Wl-wn575a3 Firmware 2025-10-07 5.1 Medium
Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands without any authorization verification.
CVE-2025-59362 1 Squid-cache 1 Squid 2025-10-07 4 Medium
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
CVE-2025-60660 1 Tenda 2 Ac18, Ac18 Firmware 2025-10-07 7.5 High
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function.
CVE-2025-60662 1 Tenda 2 Ac18, Ac18 Firmware 2025-10-07 7.5 High
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.
CVE-2025-60663 1 Tenda 2 Ac18, Ac18 Firmware 2025-10-07 7.5 High
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.
CVE-2025-60661 1 Tenda 2 Ac18, Ac18 Firmware 2025-10-07 5.3 Medium
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.
CVE-2025-23012 1 Fedorarepository 1 Fcrepo 2025-10-07 7.5 High
Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
CVE-2024-41026 1 Linux 1 Linux Kernel 2025-10-07 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sg_miter's length. Limit the number of transmitted bytes to sgm->length.
CVE-2025-61587 1 Weblate 1 Weblate 2025-10-07 6.1 Medium
Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECT_DOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an attacker-controlled site. The redirect can also be used to initiate drive-by downloads (redirecting to a URL that serves a malicious file), increasing the risk to end users. This issue is fixed in version 5.13.3.
CVE-2025-61691 1 Keyence 1 Vt Studio 2025-10-07 7.8 High
VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
CVE-2024-45552 1 Qualcomm 292 Apq8064au, Apq8064au Firmware, Fastconnect 6200 and 289 more 2025-10-06 8.2 High
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
CVE-2024-45551 1 Qualcomm 484 Aqt1000, Aqt1000 Firmware, Ar8035 and 481 more 2025-10-06 6.2 Medium
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.