CVE-2025-3259

CVE-2025-3259 affects Tenda RX3 (version 16.03.13.11). The vulnerability lies in the formSetDeviceName function of /goform/SetOnlineDevName, where manipulating the devName argument triggers a stack-based buffer overflow. It is network-exploitable with low attack complexity and requires low privil...

CVE-2025-3203 Tenda W18E setModules formSetAccountList stack-based overflow

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-3196 Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads ...

Ivanti Connect Secure CVE-2025-22457 exploited in the wild

On Thursday, April 3, 2025, Ivanti disclosed a critical severity vulnerability affecting Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA Gateways. CVE-2025-22457 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the...

CVE-2025-3166 code-projects Product Management System Search Product Menu search_item stack-based overflow

A vulnerability classified as critical was found in code-projects Product Management System 1.0. This vulnerability affects the function searchitem of the component Search Product Menu. The manipulation of the argument target leads to stack-based buffer overflow. Local access is required to...

CVE-2025-3166 code-projects Product Management System Search Product Menu search_item stack-based overflow

A vulnerability classified as critical was found in code-projects Product Management System 1.0. This vulnerability affects the function searchitem of the component Search Product Menu. The manipulation of the argument target leads to stack-based buffer overflow. Local access is required to...

CVE-2025-3161 Tenda AC10 ShutdownSetAdd stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2025-3007 Novastar CX40 NetFilter Utility netconfig getopt stack-based overflow

A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to stack-based buffer overflow...

CVE-2025-3007 Novastar CX40 NetFilter Utility netconfig getopt stack-based overflow

A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to stack-based buffer overflow...

CVE-2025-2621 D-Link DAP-1620 storage check_dws_cookie stack-based overflow

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function checkdwscookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2025-2620 D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function modgraphauthurihandler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated...

CVE-2025-2619 D-Link DAP-1620 Cookie storage check_dws_cookie stack-based overflow

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function checkdwscookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-2619 D-Link DAP-1620 Cookie storage check_dws_cookie stack-based overflow

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function checkdwscookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-30472

CVE-2025-30472 is a vulnerability in the Corosync library (through 3.1.9) that enables a stack-based buffer overflow when encryption is disabled or the attacker knows the key and processes a large UDP packet. Connected sources specify affected contexts (Corosync 3.1.x) and note fixes: IBM/Db2 bul...

CVE-2024-13903 quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely...

CVE-2024-13903 quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely...

CVE-2025-26336

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, versions prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX versions prior to 3.41.200.202209300499, contains a Stack-based Buffer Overflow vulnerability. An unauthenticated...

CVE-2025-2370

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The...

Exploit for Out-of-bounds Write in Tenda Ac9_Firmware

CVE-2025-29384 Proof-of-Concept Exploit Overview This repo...

CVE-2025-2370 TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The...