Search Results (46051 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40536 1 Szlbt 2 Lbt-t300-t400, Lbt-t300-t400 Firmware 2025-08-20 5.3 Medium
Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin_3g_code parameter in the config_3g_para function.
CVE-2024-40535 1 Szlbt 2 Lbt-t300-t400, Lbt-t300-t400 Firmware 2025-08-20 9.8 Critical
Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a stack overflow via the apn_name_3g parameter in the config_3g_para function.
CVE-2024-39181 1 Szlbt 2 Lbt-t300-t400, Lbt-t300-t400 Firmware 2025-08-20 6.5 Medium
Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a buffer overflow via the ApCliSsid parameter in thegenerate_conf_router() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-28446 1 Szlbt 2 Lbt-t300-mini1, Lbt-t300-mini1 Firmware 2025-08-20 5.7 Medium
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi.
CVE-2024-32324 1 Szlbt 2 Lbt-t300-t400, Lbt-t300-t400 Firmware 2025-08-20 7.8 High
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program.
CVE-2025-7061 1 Intelbras 2 Incontrol, Incontrol Web 2025-08-20 2.7 Low
A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-46785 1 Zoom 5 Meeting Software Development Kit, Rooms, Rooms Controller and 2 more 2025-08-19 6.5 Medium
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-8962 2 Code-projects, Fabian 2 Hotel Management System, Hostel Management System 2025-08-19 5.3 Medium
A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-8940 1 Tenda 2 Ac20, Ac20 Firmware 2025-08-19 8.8 High
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-8939 1 Tenda 2 Ac20, Ac20 Firmware 2025-08-19 8.8 High
A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-25175 1 Siemens 1 Simcenter Femap 2025-08-19 7.8 High
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)
CVE-2023-4458 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-08-19 4 Medium
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.
CVE-2024-45556 1 Qualcomm 121 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 118 more 2025-08-19 6.5 Medium
Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
CVE-2025-2634 1 Ni 1 Labview 2025-08-19 7.8 High
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
CVE-2025-2633 1 Ni 1 Labview 2025-08-19 7.8 High
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
CVE-2025-29931 1 Siemens 1 Telecontrol Server Basic 2025-08-19 3.7 Low
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
CVE-2025-21457 2 Google, Qualcomm 32 Android, Ar8035, Ar8035 Firmware and 29 more 2025-08-19 6.1 Medium
Information disclosure while opening a fastrpc session when domain is not sanitized.
CVE-2025-1433 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2025-08-19 7.8 High
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-27071 1 Qualcomm 69 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 66 more 2025-08-19 7.3 High
Memory corruption while processing specific files in Powerline Communication Firmware.
CVE-2025-3277 2 Redhat, Sqlite 2 Enterprise Linux, Sqlite 2025-08-18 9.8 Critical
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.