168 matches found
CVE-2025-55117
A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...
CVE-2025-55117 BMC Control-M/Agent buffer overflow in SSL/TLS communication
A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...
CVE-2025-9702
A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /salesreport.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...
CVE-2025-9688
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function writeisviewer of the file src/device/cart/isviewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high...
CVE-2025-9688 Mupen64Plus is_viewer.c write_is_viewer integer overflow
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function writeisviewer of the file src/device/cart/isviewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high...
The vulnerability of the formL2TPSetup() function (/goform/formL2TPSetup) of the Belkin F9K1122 Wi-Fi range extender software allows a intruder to trigger a service failure.
The vulnerability of the formL2TPSetup function /goform/formL2TPSetup of the Belkin F9K1122 Wi-Fi range extender software is caused by buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...
The vulnerability of the request processing function in TOTOLINK A702R router microprogramming software allows a intruder to trigger a service failure.
The vulnerability of the request processing function in TOTOLINK A702R router microprogramming systems lies in the issue of the operation exceeding the buffer boundaries in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious actor to cause service...
The vulnerability of the IBM Verify Identity Access Digital Credentials access control system lies in the absence of a reference to an active, allocated resource. This allows attackers to trigger a service failure.
The vulnerability of the IBM Verify Identity Access Digital Credentials access control system lies in the absence of a reference to an active, allocated resource. Exploiting this vulnerability could allow a malicious actor, operating remotely, to trigger a service failure using a specially create...
The vulnerability of the sub_41619C() function in NETGEAR EX3700 router microprogramming software allows a hacker to induce a service failure.
The vulnerability of the sub41619C function in NETGEAR EX3700 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending a specially crafted GET request remotely...
CVE-2023-37015
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Path Switch Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
PT-2025-11308
Name of the Vulnerable Software and Affected Versions: EDK2 affected versions not specified Description: The issue is related to an Integer Overflow or Wraparound in the BIOS of EDK2, which can be triggered by a user through network means. A successful exploitation of this issue may lead to a...
PT-2025-5349 · Unknown · Django-Unicorn
Name of the Vulnerable Software and Affected Versions: Django-Unicorn versions prior to 0.62.0 Description: The vulnerability arises from the core functionality set property value, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of the...
CVE-2023-37017
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an S1Setup Request message missing a required Global eNB ID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37007
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a Handover Cancel message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37009
Open5GS MME versions
CVE-2023-37013
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a sufficiently large ASN.1 packet over the S1AP interface. An attacker may repeatedly send such an oversized packet to cause the ogssctprecvmsg routine to reach an unexpected network state and crash, leading to...
CVE-2023-37012
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial UE Message message missing a required PLMN Identity field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37014
Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2023-37004
Open5GS MME versions = 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial Context Setup Response message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...
CVE-2024-38920
Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter/amcl maxbeams...