CVE-2015-5524

An issue was discovered on Samsung mobile devices with KK4.4 and later software through 2015-05-13. There is a buffer overflow in datablockwrite because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 December 2015...

CVE-2017-16793

The wavconvert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service incorrect malloc and heap-based buffer overflow or possibly have unspecified other impact via a crafted file...

CVE-2018-17460

Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name...

CVE-2017-5028

Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2019-13545

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution...

CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14503)

FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server that stems from the component MLS Command Handler failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...

CVE-2025-37947

CVE-2025-37947 affects ksmbd (Linux kernel SMBv3 server). Root cause: ksmbd_vfs_stream_write() could perform an out-of-bounds write when *pos >= v_len due to missing bounds check; patch adds a check to ensure *pos

GNU PSPP Buffer Overflow Vulnerability

GNU PSPP is an application for data sampling, statistics and analysis from the American GNU community. GNU PSPP suffers from a buffer overflow vulnerability that stems from inflateread failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a...

Tenda AC10 formSetPPTPUserList Buffer Overflow Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router from Tenda China. The Tenda AC10 suffers from a buffer overflow vulnerability that originates from the formSetPPTPUserList handler failing to properly validate the length of input data, which can be exploited by an attacker to execute arbitrary co...

TOTOLINK NR1800X setWiFiEasyGuestCfg Function Buffer Overflow Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's Gion Electronics TOTOLINK. The TOTOLINK NR1800X suffers from a buffer overflow vulnerability that stems from the ssid5g parameter in the setWiFiEasyGuestCfg function failing to properly validate the length size of the...

TOTOLINK A3002R formMapDelDevice interface bandstr parameter buffer overflow vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3002R, which stems from the bandstr parameter in the formMapDelDevice interface failing to correctly validate the length size of the input data, no detailed...

IBM Cloud Pak for Business Automation Denial of Service Vulnerability

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A denial of service vulnerability exists in IBM Cloud Pak for Business Automatio...

Google Chrome Security Bypass Vulnerability (CNVD-2025-10056)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 136.0.7103.59, which stems from insufficient data validation in DevTools, and can be exploited by an attacker to cause an access control bypass...

The vulnerability of the MacOS operating system, related to insufficient validation of input data, allows a hacker to gain access to and modify system files.

The vulnerability of the MacOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to and modify system files...

The vulnerability of the RepairKit component in iPadOS, iOS, and visionOS allows attackers to compromise the confidentiality of protected information.

The vulnerability of the RepairKit component in iPadOS, iOS, and visionOS is related to insufficient validation of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality of protected information...

PT-2025-20925 · Unknown · Bootstrap-Multiselect

Name of the Vulnerable Software and Affected Versions: bootstrap-multiselect version 1.1.2 Description: An issue was discovered in post.php, where a PHP script echoes arbitrary POST data. This could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request...

PT-2025-23258 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This allows attackers to execute malicious scripts on the...