Total
12951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45690 | 1 Hutool | 1 Hutool | 2025-09-12 | 7.5 High |
| A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | ||||
| CVE-2025-9389 | 1 Vim | 1 Vim | 2025-09-12 | 3.3 Low |
| A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on". | ||||
| CVE-2025-54245 | 1 Adobe | 1 Substance 3d Viewer | 2025-09-12 | 7.8 High |
| Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-6035 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2025-09-12 | 6.6 Medium |
| A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios. | ||||
| CVE-2025-47206 | 1 Qnap | 1 File Station | 2025-09-12 | 8.1 High |
| An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later | ||||
| CVE-2025-9300 | 1 Libsixel Project | 1 Libsixel | 2025-09-12 | 5.3 Medium |
| A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue. | ||||
| CVE-2025-21034 | 1 Samsung | 4 Android, Mobile, Samsung and 1 more | 2025-09-11 | 4 Medium |
| Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code. | ||||
| CVE-2025-9175 | 1 Neurobin | 1 Shc | 2025-09-11 | 5.3 Medium |
| A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | ||||
| CVE-2025-9001 | 1 Lemonos | 2 Http Client, Lemonos | 2025-09-11 | 5.3 Medium |
| A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9019 | 2 Appneta, Broadcom | 2 Tcpreplay, Tcpreplay | 2025-09-11 | 3.1 Low |
| A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2." | ||||
| CVE-2025-57807 | 1 Imagemagick | 1 Imagemagick | 2025-09-10 | 3.8 Low |
| ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2. | ||||
| CVE-2023-6693 | 3 Fedoraproject, Qemu, Redhat | 4 Fedora, Qemu, Advanced Virtualization and 1 more | 2025-09-10 | 4.9 Medium |
| A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. | ||||
| CVE-2025-30376 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-10 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-24063 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-10 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-30388 | 1 Microsoft | 17 Office, Office Long Term Servicing Channel, Windows 10 1507 and 14 more | 2025-09-10 | 7.8 High |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-29963 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-10 | 8.8 High |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29962 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-10 | 8.8 High |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29840 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-09-10 | 8.8 High |
| Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29979 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-10 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-29967 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-10 | 8.8 High |
| Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||||