Export limit exceeded: 346158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21503 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21503 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35716 | 2 Ashlar, Ashlar Vellum | 2 Cobalt, Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20417. | ||||
| CVE-2025-2019 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25252. | ||||
| CVE-2025-2012 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25185. | ||||
| CVE-2025-7911 | 2 D-link, Dlink | 3 Di-8100, Di-8100, Di-8100 Firmware | 2025-08-08 | 8.8 High |
| A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-6246 | 1 Wyze | 2 Cam V3, Cam V3 Firmware | 2025-08-08 | 8.8 High |
| Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Realtek Wi-Fi kernel module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-22310. | ||||
| CVE-2023-35714 | 2 Ashlar, Ashlar Vellum | 2 Cobalt, Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-18005. | ||||
| CVE-2023-34299 | 2 Ashlar, Ashlar Vellum | 2 Cobalt, Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17910. | ||||
| CVE-2023-34303 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17987. | ||||
| CVE-2024-6249 | 1 Wyze | 2 Cam V3, Cam V3 Firmware | 2025-08-08 | N/A |
| Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419. | ||||
| CVE-2024-30340 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-08 | N/A |
| Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22707. | ||||
| CVE-2024-1179 | 2 Tp-link, Tp Link | 4 Er605, Omada Er605, Omada Er605 Firmware and 1 more | 2025-08-08 | 8.8 High |
| TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420. | ||||
| CVE-2024-9029 | 1 Freeimage Project | 1 Freeimage | 2025-08-08 | 7.5 High |
| A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service. | ||||
| CVE-2023-47726 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-08 | 7.1 High |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087. | ||||
| CVE-2025-2837 | 1 Silabs | 1 Gecko Os | 2025-08-08 | N/A |
| Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23245. | ||||
| CVE-2024-30335 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-07 | 7.1 High |
| Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22641. | ||||
| CVE-2025-2408 | 1 Gitlab | 1 Gitlab | 2025-08-07 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2025-2469 | 1 Gitlab | 1 Gitlab | 2025-08-07 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. | ||||
| CVE-2025-1045 | 1 Luxion | 2 Keyshot, Keyshot Viewer | 2025-08-07 | N/A |
| Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24586. | ||||
| CVE-2023-37347 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20444. | ||||
| CVE-2023-37342 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20439. | ||||