Total
3942 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14656 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2025-14526 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2911 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-69807 | 1 P2r3 | 1 Bareiron | 2026-02-23 | N/A | 7.5 HIGH |
| p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server. | |||||
| CVE-2025-15431 | 1 Utt | 2 512w, 512w Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15430 | 1 Utt | 2 512w, 512w Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing a manipulation of the argument oldfilename results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-33130 | 1 Ibm | 1 Db2 Merge Backup | 2026-02-20 | N/A | 6.5 MEDIUM |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. | |||||
| CVE-2020-37204 | 1 Nsasoft | 1 Remshutdown | 2026-02-20 | N/A | 7.5 HIGH |
| RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. | |||||
| CVE-2020-37205 | 1 Nsasoft | 1 Remshutdown | 2026-02-20 | N/A | 7.5 HIGH |
| RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. | |||||
| CVE-2020-37209 | 1 Nsasoft | 1 Spotftp | 2026-02-20 | N/A | 7.5 HIGH |
| SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. | |||||
| CVE-2020-37170 | 1 Raimersoft | 1 Tapinradio | 2026-02-19 | N/A | 6.2 MEDIUM |
| TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality. | |||||
| CVE-2020-37171 | 1 Raimersoft | 1 Tapinradio | 2026-02-19 | N/A | 6.2 MEDIUM |
| TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality. | |||||
| CVE-2020-37164 | 1 Celestialsoftware | 1 Absolutetelnet | 2026-02-19 | N/A | 6.2 MEDIUM |
| AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash. | |||||
| CVE-2026-25994 | 1 Pjsip | 1 Pjsip | 2026-02-19 | N/A | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames. | |||||
| CVE-2020-37166 | 1 Celestialsoftware | 1 Absolutetelnet | 2026-02-19 | N/A | 6.2 MEDIUM |
| AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate. | |||||
| CVE-2020-37165 | 1 Celestialsoftware | 1 Absolutetelnet | 2026-02-19 | N/A | 6.2 MEDIUM |
| AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash. | |||||
| CVE-2019-25353 | 2026-02-19 | N/A | 7.5 HIGH | ||
| Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login. | |||||
| CVE-2019-25354 | 2026-02-19 | N/A | 7.5 HIGH | ||
| iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices. | |||||
| CVE-2019-25349 | 2026-02-19 | N/A | 7.5 HIGH | ||
| ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices. | |||||
| CVE-2025-70314 | 1 Ourway | 1 Webfsd | 2026-02-18 | N/A | 9.8 CRITICAL |
| webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable | |||||