PT-2025-23975 · Tenda · Tenda Ch22

Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A critical vulnerability was found in Tenda CH22, affecting the formNatlimit function of the file /goform/Natlimit. The manipulation of the page argument leads to a stack-based buffer overflow. It is...

PT-2025-23871 · Tenda · Tenda Ch22

Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A critical issue has been found in the Tenda CH22, affecting the formaddUserName function of the file /goform/addUserName. The manipulation of the Password argument leads to a stack-based buffer overflo...

CVE-2025-5527

A vulnerability was found in Tenda RX3 16.03.13.11multiTDE01. It has been rated as critical. This issue affects the function savestaticroutedata of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-5527

The CVE-2025-5527 entry concerns Tenda RX3 with build 16.03.13.11_multi_TDE01. A vulnerability exists in the function save_staticroute_data of the file /goform/SetStaticRouteCfg where manipulation of the argument list (list) causes a stack-based buffer overflow. The issue can be exploited remotel...

CVE-2025-5527 Tenda RX3 SetStaticRouteCfg save_staticroute_data stack-based overflow

A vulnerability was found in Tenda RX3 16.03.13.11multiTDE01. It has been rated as critical. This issue affects the function savestaticroutedata of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-5527 Tenda RX3 SetStaticRouteCfg save_staticroute_data stack-based overflow

A vulnerability was found in Tenda RX3 16.03.13.11multiTDE01. It has been rated as critical. This issue affects the function savestaticroutedata of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-5503

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack...

CVE-2025-5503 TOTOLINK X15 formMapReboot stack-based overflow

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack...

CVE-2025-5503

CVE-2025-5503 affects TOTOLINK X15 with firmware 1.0.0-B20230714.1105. The issue resides in the /boafrm/formMapReboot function; manipulating the deviceMacAddr argument leads to a stack-based buffer overflow, enabling remote execution of code. A public exploit is disclosed, and the vendor did not ...

PT-2025-23875 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version 1.10CNB05 Description: A critical vulnerability affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the arguments dip address and sip address leads to a stack-based buffer overflow...

CVE-2025-5297

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached...

CVE-2025-5297 SourceCodester Computer Store System main.c Add stack-based overflow

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached...

CVE-2025-5297 SourceCodester Computer Store System main.c Add stack-based overflow

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached...

(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sfpcmAuthenticateSecAdmin function. The issue results...

CVE-2025-48796

A flaw was found in GIMP. The GIMP aniloadimage function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution...

gstreamer1-plugins-bad-free: mingw-gstreamer1-plugins-bad-free: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A flaw was found in GStreamer H265 Codec Parsing gstreamer1-plugins-bad-free. This vulnerability allows remote attackers to execute arbitrary code by parsing H265 slice headers...

CVE-2025-5228

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpdgetparm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated with...

CVE-2025-5228 D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpdgetparm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated with...

CVE-2025-5228

The CVE-2025-5228 affects D-Link DI-8100 up to version 20250523. The vulnerability is in the jhttpd component’s httpd_get_parm function, where manipulating the notify argument in /login.cgi leads to a stack-based buffer overflow. This can be exploited by an attacker within the local network, and ...

CVE-2025-5215

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...