Total
2563 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50160 | 1 Microsoft | 9 Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and 6 more | 2025-09-17 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-49757 | 1 Microsoft | 14 Server, Windows, Windows 2008 and 11 more | 2025-09-17 | 8.8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-53741 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-09-17 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-55118 | 1 Bmc | 1 Control-m/agent | 2025-09-17 | 8.9 High |
| Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n". | ||||
| CVE-2025-8894 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2025-09-17 | 7.8 High |
| A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-6259 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2025-09-17 | 7.6 High |
| BT: HCI: adv_ext_report Improper discarding in adv_ext_report | ||||
| CVE-2024-8798 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | 7.5 High |
| No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | ||||
| CVE-2024-6258 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2025-09-17 | 6.8 Medium |
| BT: Missing length checks of net_buf in rfcomm_handle_data | ||||
| CVE-2025-54910 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-09-16 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54900 | 1 Microsoft | 10 365, 365 Apps, Excel and 7 more | 2025-09-16 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54113 | 2025-09-16 | 8.8 High | ||
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-54091 | 1 Microsoft | 6 Hyper-v, Windows, Windows 10 and 3 more | 2025-09-16 | 7.8 High |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54907 | 1 Microsoft | 8 365, 365 Apps, Office and 5 more | 2025-09-16 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54894 | 2025-09-16 | 7.8 High | ||
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-40222 | 1 Ashlar | 1 Cobalt | 2025-09-16 | 7.8 High |
| In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2020-16010 | 1 Google | 2 Android, Chrome | 2025-09-16 | 9.6 Critical |
| Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2024-48075 | 1 Realtimelogic | 1 Sharkssl | 2025-09-15 | 5.3 Medium |
| A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message. | ||||
| CVE-2024-33428 | 1 Stsaz | 1 Phiola | 2025-09-15 | 8.8 High |
| Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | ||||
| CVE-2025-47981 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-09-15 | 9.8 Critical |
| Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2024-50698 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-09-15 | 9.8 Critical |
| SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content. | ||||