CVE-2025-3409

CVE-2025-3409 affects the Nothings stb library up to f056911, specifically the function stb_include_string. The vulnerability arises from manipulating the path_to_includes argument, causing a stack-based buffer overflow that can be exploited remotely. The project uses stb without versioning, and ...

CVE-2025-3409 Nothings stb stb_include_string stack-based overflow

A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stbincludestring. The manipulation of the argument pathtoincludes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use...

CVE-2025-3409

A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stbincludestring. The manipulation of the argument pathtoincludes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use...

PT-2025-17260 · D Link · D-Link Dwr-M961

Name of the Vulnerable Software and Affected Versions: D-Link DWR-M961 version 1.1.36 Description: A critical vulnerability has been found in the Authorization Interface component of the D-Link DWR-M961, affecting the file /boafrm/formStaticDHCP. The manipulation of the Hostname argument leads to...

PT-2025-15352 · Unknown +1 · Nothings Stb +1

Name of the Vulnerable Software and Affected Versions: Nothings stb up to f056911 Description: A critical vulnerability has been found in Nothings stb, affecting the stb include string function. The manipulation of the path to includes argument leads to a stack-based buffer overflow. This issue c...

Adobe FrameMaker 2020 < 16.0.8 (2020.0.8) / Adobe FrameMaker 2022 < 17.0.6 (2022.0.6) Multiple Vulnerabilities (APSB25-33)

The version of Adobe FrameMaker installed on the remote Windows host is prior to Adobe FrameMaker 2020 16.0.8 / Adobe FrameMaker 2022 17.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb25-33 advisory. - Out-of-bounds Write CWE-787 potentially leading to...

PT-2025-17391 · Tenda · Tenda I24 +1

Name of the Vulnerable Software and Affected Versions: Tenda W12 and i24 versions 3.0.0.42887 through 3.0.0.53644 Description: A critical vulnerability was found in the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the arguments hostIp1 and hostIp2 leads to a stack-bas...

CVE-2025-3266

A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/httpconn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launch...

CVE-2025-3259

A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-3203

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The...

MGASA-2025-0127 Updated corosync packages fix security vulnerability

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. CVE-2025-30472...

Updated corosync packages fix security vulnerability

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. CVE-2025-30472...

CVE-2025-3166

A vulnerability classified as critical was found in code-projects Product Management System 1.0. This vulnerability affects the function searchitem of the component Search Product Menu. The manipulation of the argument target leads to stack-based buffer overflow. Local access is required to...

CVE-2025-3161

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2025-3266

A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/httpconn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launch...

CVE-2025-3266 qinguoyi TinyWebServer http_conn.cpp stack-based overflow

A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/httpconn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launch...

CVE-2025-3266 qinguoyi TinyWebServer http_conn.cpp stack-based overflow

A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/httpconn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launch...

CVE-2025-3259 Tenda RX3 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-3259

CVE-2025-3259 affects Tenda RX3 (version 16.03.13.11). The vulnerability lies in the formSetDeviceName function of /goform/SetOnlineDevName, where manipulating the devName argument triggers a stack-based buffer overflow. It is network-exploitable with low attack complexity and requires low privil...

CVE-2025-3203

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The...