Skip to main content

Buffer Overflow

36132 CVEs technique

Monthly

CVE-2026-44819 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122), allowing the attacker to run arbitrary code in the context of the opened Office process. The CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) reflects a user-interaction-driven local exploit rather than a remote network attack, and no public exploit identified at time of analysis. The flaw was reported through Microsoft Security Response Center (secure@microsoft.com) and is tracked in MSRC's update guide.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44815 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in the Windows DHCP Client is possible when a stack-based buffer overflow (CWE-121) is triggered by a crafted DHCP server response, allowing an unauthorized network attacker to run arbitrary code with no user interaction. The flaw carries a CVSS 9.8 critical rating reflecting network reachability, low complexity, and full impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Because the DHCP client runs early in the network stack on virtually every Windows host, successful exploitation grants attacker-controlled code execution in a highly privileged context.

Microsoft Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-44814 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds heap read in the Windows Desktop Window Manager (DWM) Core Library on Windows 11 26H1 enables authenticated local attackers to disclose high-confidence confidentiality data without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms low-complexity local exploitation limited to a single authenticated session, with no integrity or availability impact. No public exploit code has been identified at time of analysis, and the vulnerability does not appear in the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow Windows 11 26h1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44812 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44808 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library stems from a use-after-free condition (CWE-122) that lets an authenticated low-privileged user gain elevated rights on affected Windows systems. The flaw was reported by Microsoft (secure@microsoft.com) and tracked via MSRC, with no public exploit identified at time of analysis and no CISA KEV listing. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability once the attacker has local foothold.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 11 26h1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44803 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44801 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.

Use After Free Memory Corruption Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-44799 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.

Heap Overflow Buffer Overflow Remote Desktop Client Windows App Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42993 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 +5
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42992 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Buffer Overflow Heap Overflow Windows App Windows 10 1607 Windows 10 1809 +10
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42985 HIGH PATCH NEWS Exploit Likely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that runs attacker code in the client's context. The flaw (CWE-416 use-after-free / heap corruption) carries CVSS 8.8 and requires user interaction, with no public exploit identified at time of analysis. A vendor patch is available via Microsoft MSRC.

Use After Free Memory Corruption Buffer Overflow Remote Desktop Client Windows App +13
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-42980 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering an integer underflow condition. With a CVSS of 7.8 and no public exploit identified at time of analysis, this issue is primarily a post-compromise escalation vector commonly chained after initial access via phishing or commodity malware. Microsoft has released a patch through MSRC, and given Windows kernel EoP bugs are frequently weaponized by ransomware and APT actors historically, prompt patching is warranted despite the absence of confirmed in-the-wild exploitation.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42968 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Telephony Service exposes sensitive memory contents to locally authenticated attackers across a broad range of Windows client and server versions. The flaw (CWE-125) is exploitable with only low privileges and no user interaction, yielding high confidentiality impact while leaving integrity and availability unaffected. No public exploit code or active exploitation has been identified; CISA's SSVC framework rates this as non-automatable with partial technical impact, placing it at medium operational priority.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42914 MEDIUM PATCH Exploit Unlikely This Month

Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-42913 HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled RDP server, where a heap-based buffer overflow triggered by a race condition (CWE-362) allows arbitrary code execution on the client machine. The flaw carries a CVSS 7.5 (High) rating with high attack complexity and required user interaction, and no public exploit identified at time of analysis. Microsoft has released a patch via MSRC advisory CVE-2026-42913.

Race Condition Buffer Overflow Remote Desktop Client Windows 11 23h2 Windows 11 24h2 +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42910 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Hotpatch Monitoring Service enables an authenticated low-privileged attacker to gain elevated privileges through an out-of-bounds write (CWE-787) memory corruption flaw. The CVSS 7.8 (AV:L/AC:L/PR:L) reflects local attack vector with low complexity once a foothold is obtained, and no public exploit identified at time of analysis. The vulnerability was reported by Microsoft's own security team (secure@microsoft.com), suggesting internal discovery prior to disclosure.

Microsoft Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42909 HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or compromised RDP endpoint, where a race condition (CWE-362) can be triggered to corrupt heap memory and execute arbitrary code in the client process. The flaw is unauthenticated from the network attacker's perspective but requires user interaction to initiate the connection, and no public exploit has been identified at time of analysis.

Race Condition Buffer Overflow Remote Desktop Client Windows App Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42908 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows unauthenticated remote attackers to read out-of-bounds memory contents over the network, potentially leaking sensitive data from the RDP service process. The vulnerability requires no authentication or user interaction and is rated CVSS 7.5 with high confidentiality impact only. At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42904 CRITICAL PATCH Act Now

Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-42837 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.

Information Disclosure Microsoft Buffer Overflow Windows 10 1809 Windows 10 21h2 +8
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42828 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver enables an authorized low-privileged user to elevate to higher privileges through a buffer over-read condition. The flaw affects Microsoft Windows installations where the ProjFS filter driver is present, and exploitation yields high impact across confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-41108 HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows DNS allows an authenticated low-privileged user to gain elevated privileges via a heap-based buffer overflow (CWE-122). The CVSS 7.0 score reflects high attack complexity and local-only access, and no public exploit is identified at time of analysis. The flaw was reported privately by Microsoft (MSRC) and is tracked under MSRC advisory CVE-2026-41108.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-40404 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows an authenticated low-privileged user to gain SYSTEM-level code execution by triggering a heap-based buffer overflow (CWE-122). The flaw affects Windows endpoints where the UDFS kernel driver parses attacker-controlled UDF-formatted media (typically optical discs or mounted disc images). No public exploit identified at time of analysis and the issue is not currently listed on CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24180 HIGH This Week

Heap-based buffer overflow in NVIDIA DALI enables local authenticated attackers to achieve code execution, data tampering, denial of service, or information disclosure when a victim user interacts with attacker-supplied input. The flaw affects the Data Loading Library used in GPU-accelerated deep learning data pipelines and carries a CVSS 3.1 score of 7.3 (High). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Heap Overflow RCE Information Disclosure Buffer Overflow +1
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-49841 CRITICAL PATCH Act Now

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt up to ~8 MiB of heap memory by sending a crafted HTTP POST request with an oversized Content-Length header. The flaw is triggered before HTTP basic-auth validation runs, enabling pre-authentication exploitation against any exposed mod_verto HTTP endpoint, with CVSS 9.8 reflecting potential for remote code execution; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-49475 HIGH PATCH This Week

Out-of-bounds memory access in FreeSWITCH versions prior to 1.11.0 allows remote unauthenticated attackers to crash the telephony stack by sending a malformed STUN packet whose declared attribute length is smaller than the structure the parser casts it to. No public exploit has been identified at time of analysis, but the network-reachable nature of STUN on media-handling deployments makes this a denial-of-service risk for any exposed FreeSWITCH instance handling WebRTC or NAT-traversal traffic.

Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0413 MEDIUM PATCH This Month

Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.

Netgear Stack Overflow Buffer Overflow Rbe37X Rbe77X +12
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-3088 MEDIUM PATCH This Month

Denial-of-service via out-of-bounds write in NETGEAR Orbi mesh router and satellite firmware allows unauthenticated, adjacent-network attackers to render affected devices unavailable by sending specially crafted requests. The vulnerability affects multiple Orbi 860/950/960/970/971-series devices across a broad firmware version range, with fixed builds available per vendor advisory. No public exploit code or active exploitation has been identified at time of analysis (CVSS E:U), though the low attack complexity and absence of any authentication requirement make this straightforward to reproduce for any attacker with local network access.

Memory Corruption Buffer Overflow Rbr860 Rbre950 Rbre960 +5
NVD VulDB
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-0409 MEDIUM PATCH This Month

Remote command execution in NETGEAR Orbi 370 series routers (firmware before V12.1.2.7) is achievable by a network-positioned adversary who can intercept and tamper with traffic between the device and the internet. Exploitation requires the device administrator to perform specific management actions while the attacker holds a man-in-the-middle position, at which point a buffer overflow (CWE-119) is triggered allowing arbitrary command execution on the device. No public exploit exists at time of analysis and the vendor has released a patching firmware (V12.1.2.7); no KEV listing has been issued by CISA.

Netgear Buffer Overflow Orbi 370
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-42488 HIGH PATCH This Week

Shadow paging error paths in Xen Hypervisor 4.15+ on x86 allow 64-bit PV guests operating in shadow mode to corrupt mapcache metadata by triggering a page-table switch that does not update the currently running vCPU reference. Successful exploitation by a guest can result in privilege escalation into the hypervisor, host-wide denial of service, and information leaks affecting all co-resident guests. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; vendor-released patches are available for all supported stable branches.

Buffer Overflow
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-11792 LOW Monitor

Heap buffer overflow in Red Hat Directory Server's audit logging subsystem allows an authenticated high-privilege attacker to corrupt heap memory and tamper with audit log output. The vulnerable function create_masked_entry_string() in auditlog.c writes a fixed-length password mask into a precisely-sized heap buffer without bounds checking, overflowing when a short cleartext password is processed. Exploitation requires two non-default preconditions - audit logging must be enabled AND either CLEAR password storage must be configured or a replication peer must already be compromised - limiting real-world exposure significantly. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 +5
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-11793 MEDIUM This Month

Stack buffer overflow in 389 Directory Server's pw.c checkPrefix() function allows a network-accessible Directory Manager to crash the LDAP server by storing a crafted credential with an oversized algorithm ID. The vulnerable code copies attacker-controlled input into a fixed 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. FORTIFY_SOURCE compiler hardening constrains impact to denial of service - preventing arbitrary code execution - but service disruption against a critical authentication infrastructure component remains operationally significant. No public exploit identified at time of analysis.

Denial Of Service Stack Overflow Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 +6
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-11787 MEDIUM This Month

Heap buffer over-read in Red Hat Directory Server's ldap_utf8prev() function exposes LDAP deployments to potential confidentiality, integrity, and availability impact via crafted string filter input. The flaw affects authenticated, network-accessible LDAP servers running Red Hat Directory Server 11, 12, and 13 as well as the 389-ds component shipped across Red Hat Enterprise Linux 6 through 10. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; however, its presence in filter parsing logic - a core LDAP code path - warrants prompt patching in internet-exposed or multi-tenant directory environments.

Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-11786 MEDIUM This Month

Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attacker during database import operations. Exploitation requires local system access, high attack complexity, and high privileges (administrator-level), producing only minor confidentiality impact with no integrity or availability consequences. No public exploit identified at time of analysis and no KEV listing; the CVSS score of 1.9 reflects the extremely constrained exploitation conditions, making this a low operational priority absent specific threat model considerations.

Information Disclosure Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 +5
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46332 HIGH PATCH This Week

Buffer overflow in the Linux kernel's greybus gb-beagleplay driver allows an adjacent attacker with control over the cc1352 bootloader serial data stream to overflow the fixed rx_buffer used to stage bootloader packets. The cc1352_bootloader_rx() handler appends serdev chunks without validating they fit in remaining buffer space, enabling memory corruption with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Linux Buffer Overflow
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-42771 MEDIUM PATCH This Month

Out-of-bounds read in OpenSSL 4.0.0's `X509_VERIFY_PARAM_set1_email()` function can crash applications performing email-based X.509 certificate verification when processing attacker-influenced email input, resulting in a denial-of-service condition. The vulnerability is scoped to OpenSSL 4.0.0 only and was patched in the June 9, 2026 security release (4.0.1), which bundled fixes for 18 CVEs. No public exploit identified at time of analysis and no CISA KEV listing.

OpenSSL Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-34180 HIGH PATCH This Week

Denial-of-service in OpenSSL's ASN.1 content parser allows remote unauthenticated attackers to trigger a heap buffer over-read that can crash applications relying on the library for cryptographic parsing. Disclosed via the OpenSSL 4.0.1 security release on 2026-06-09 alongside more than a dozen other fixes, this issue affects every supported branch from 1.0.2 through 3.6 and 4.0. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the broad install base of OpenSSL across servers, clients, and embedded devices makes patching a priority.

OpenSSL Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9076 HIGH PATCH This Week

Out-of-bounds read in OpenSSL's CMS password-based decryption code (CVE-2026-9076) allows remote attackers to cause denial of service against applications that decrypt attacker-supplied CMS messages. The flaw is fixed in OpenSSL 4.0.1 alongside a batch of other cryptographic vulnerabilities, with no public exploit identified at time of analysis and no CISA KEV listing. Multiple OpenSSL branches (1.0.2, 1.1.1, 3.0, 3.4, 3.5, 3.6, and 4.0.0) require updates per the upstream advisory.

OpenSSL Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-7383 HIGH PATCH This Week

Heap buffer overflow in OpenSSL's ASN.1 multibyte string conversion routine allows remote attackers to corrupt memory and potentially achieve code execution against applications using affected OpenSSL versions prior to 4.0.1. The flaw was disclosed via the OpenSSL 4.0.1 security patch release alongside 17 other CVEs and is classified as a high-severity issue (CVSS 8.1) with no public exploit identified at time of analysis.

OpenSSL Memory Corruption Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-9698 CRITICAL PATCH Act Now

Stack-based buffer overflow in Perl DBI module versions prior to 1.648 allows attackers who can influence database error message content to corrupt memory via a fixed 200-byte stack buffer used during error formatting. The flaw is triggered when applications enable RaiseError, PrintError, or HandleError handlers - a near-universal configuration in production Perl database code. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02% despite the CVSS 9.8 rating.

Memory Corruption Buffer Overflow Dbi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-41981 MEDIUM This Month

Heap-based buffer overflow in the HarmonyOS IPC (Inter-Process Communication) module allows a local low-privileged attacker to impact confidentiality, integrity, and availability of the affected system. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) confirms exploitation requires local authenticated access with low complexity, limiting but not eliminating real-world risk on consumer and wearable Huawei devices. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Heap Overflow Buffer Overflow
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-5068 HIGH This Week

Out-of-bounds heap write in the Zephyr RTOS Bluetooth host allows a remote, unauthenticated BLE peer within radio range to corrupt memory during L2CAP LE Connection-oriented Channel (CoC) SDU reassembly. The flaw affects builds where the application enables SDU segmentation via chan_ops.alloc_buf and selects an RX net_buf pool whose user_data_size is smaller than 2 bytes, causing the reassembly segmentation counter in l2cap_chan_le_recv_seg() to be written past the allocated user_data region. There is no public exploit identified at time of analysis and EPSS probability is negligible (0.01%), so realistic impact is a triggered fatal error / heap corruption rather than demonstrated code execution.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-62858 MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP QTS and QuTS hero NAS operating systems enables an authenticated administrator to corrupt stack memory or crash processes via a network-accessible attack path. Affected versions span QTS 5.2.x and multiple QuTS hero release trains (h5.2.x, h5.3.x, h6.0.x), with vendor-released patches dated February-May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory high-privilege prerequisite substantially limits realistic attack surface.

Stack Overflow Qnap Buffer Overflow Qts Quts Hero
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-5067 CRITICAL Act Now

Remote code execution and denial of service in Zephyr RTOS HTTP server (versions 3.7.0 through 4.3.0) allow unauthenticated network attackers to corrupt stack memory by sending a crafted Sec-WebSocket-Key header during WebSocket upgrade. The flaw is a CWE-170 improper NUL-termination issue where a bounded copy fails to terminate the header buffer, causing strlen() and subsequent concatenation to read and write past stack bounds. No public exploit identified at time of analysis, but the CVSS 9.8 rating and trivially reachable attack surface make this a high-priority issue for any Zephyr deployment with CONFIG_HTTP_SERVER_WEBSOCKET enabled.

Denial Of Service Buffer Overflow RCE Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-27671 CRITICAL NEWS Act Now

Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV.

SAP Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-11690 HIGH PATCH This Week

Sandbox-confined arbitrary code execution in Google Chrome on macOS versions prior to 149.0.7827.103 stems from an out-of-bounds read and write in the Media component, exploitable by a remote attacker who has already compromised the renderer process and lures a user to a crafted HTML page. Google rates the Chromium severity as High and has released a patched stable channel update; no public exploit identified at time of analysis, and SSVC reports no observed exploitation.

Information Disclosure Google Buffer Overflow RCE Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11675 LOW PATCH Monitor

Out-of-bounds read in Chrome's Skia graphics engine (versions prior to 149.0.7827.103) enables cross-origin data leakage via a crafted HTML page, but only after a prior renderer process compromise. The CVSS score of 3.1 (Low) reflects the constrained impact: confidentiality loss is limited in scope, and the prerequisite renderer compromise represents a significant barrier. No public exploit identified at time of analysis, and CISA SSVC confirms exploitation status as none with non-automatable attack surface.

Google Buffer Overflow
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-11672 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a heap buffer overflow in the GPU process triggered by a crafted HTML page. Rated High severity by Chromium with a CVSS 8.3 reflecting scope change and full CIA impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Google Memory Corruption Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11669 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's Media component on ChromeOS allows an attacker who has already compromised the renderer process to exfiltrate potentially sensitive data from process memory via a crafted HTML page. Affected are all Chrome for ChromeOS releases prior to 149.0.7827.103. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained by both the ChromeOS-only scope and the mandatory prerequisite of a pre-compromised renderer, making this a chained attack scenario rather than a standalone critical threat.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11667 HIGH PATCH This Week

Out-of-bounds read in the WebRTC component of Google Chrome before 149.0.7827.103 enables a remote attacker who has already compromised the GPU process to escalate into heap corruption via a crafted HTML page. Google rates this High severity and a vendor patch is available; no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring a prior sandbox-adjacent foothold plus user interaction.

Information Disclosure Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11665 MEDIUM PATCH This Month

Out-of-bounds read in Dawn, Chrome's WebGPU graphics API layer, on Windows enables unauthenticated remote attackers to leak cross-origin data by serving a crafted HTML page. Affected versions of Google Chrome on Windows are all releases prior to 149.0.7827.103. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) confirms this is a network-exploitable, low-complexity information disclosure with no authentication requirement - limited only by the need for a user to visit the attacker-controlled page. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Microsoft Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11659 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 can be triggered by an integer overflow in the browser's UI component when a victim visits a crafted HTML page. Rated CVSS 9.6 with scope change, this issue allows a remote attacker to break out of the Chrome renderer sandbox after one click or navigation, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11655 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to version 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers an integer overflow in the Media component. Google rates the Chromium severity as High, and no public exploit has been identified at time of analysis. Because exploitation requires chaining with a separate renderer compromise plus user interaction (visiting a malicious page), the attack complexity is High despite the network attack vector.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11645 HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Google Chrome's V8 JavaScript engine prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw is an out-of-bounds read and write (CWE-125) rated High severity by Chromium with a CVSS 8.8, and no public exploit identified at time of analysis, though V8 memory-corruption issues historically attract exploit development.

Information Disclosure Google Buffer Overflow RCE Red Hat +1
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2026-11640 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an integer overflow in the libyuv image conversion library. Exploitation requires user interaction with a crafted HTML page and a chained renderer compromise, but Google rated the underlying issue Critical because a successful chain yields code execution outside Chrome's sandbox. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.03%.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-36777 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device via the formSetCfm HTTP endpoint. The vulnerability resides in the param_1 parameter of the formSetCfm function, where insufficient input validation allows a crafted HTTP request to overflow a stack buffer, resulting in a Denial of Service. A public GitHub repository linked in the references (xhh0124/SemVulLLM) appears to document or demonstrate the issue; no public exploit identified at time of analysis beyond that reference, and the EPSS score of 0.01% (2nd percentile) reflects very low exploitation probability.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36807 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser handler. CVSS 7.5 reflects the network-reachable, no-auth attack path with high availability impact but no confidentiality or integrity loss, and EPSS is very low (0.01%) with no public exploit identified at time of analysis.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36778 MEDIUM This Month

Stack-based buffer overflow in Tenda O3 Wireless Router firmware v1.0.0.5(4180) enables authenticated remote attackers to crash the device by submitting an oversized username value to the R7WebsSecurityHandler HTTP handler. The CVSS vector (PR:H) confirms that exploitation requires high-privilege authentication, constraining the attack surface to compromised admin credentials or insider threat scenarios. No public exploit identified at time of analysis and EPSS sits at the 2nd percentile (0.01%), reflecting low observed exploitation interest.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-36819 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects easy network-based exploitation with high availability impact but no confidentiality or integrity loss, and no public exploit identified at time of analysis beyond a research repository reference.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36794 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows unauthenticated remote attackers to crash the device by sending crafted HTTP requests with oversized username or password parameters that overflow stack buffers in the R7WebsSecurityHandler function. The flaw affects the router's web management interface and carries a CVSS 7.5 (availability-only impact); no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36811 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request with an oversized picName parameter to the formDelwebAuthPic handler. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability at just 0.02% (4th percentile), but the affected SOHO/SMB router class is a frequent target once weaponized PoCs emerge.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36802 HIGH This Week

Denial of service in Tenda PW201A v1.0.5 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the page parameter of the SafeMacFilter function. EPSS scores exploitation probability at just 0.02% (4th percentile), and no public exploit identified at time of analysis, though a research repository on GitHub references the vulnerable function.

Denial Of Service Buffer Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36770 HIGH This Week

Remote denial of service in Tenda US_W3V1.0BR router firmware v1.0.0.3 allows unauthenticated network attackers to crash the device by sending a crafted value in the 'Go' parameter to the ask_to_reboot function, triggering a stack-based buffer overflow. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36800 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the IPMacBindIndex parameter handler of the formIPMacBindDel function. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.01%, 2nd percentile), but the network-reachable, no-auth attack surface on an edge networking device warrants attention from operators of affected hardware.

Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36813 HIGH This Week

Denial of service in Tenda W15E router firmware version 15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, and EPSS scoring of 0.01% indicates very low predicted exploitation probability, though a research repository hosting analysis artifacts exists on GitHub.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36805 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers stack-based buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. CVSS 7.5 reflects the network-reachable, no-privilege availability impact, while EPSS sits at 0.01% (2nd percentile) and no public exploit identified at time of analysis indicates limited near-term opportunistic exploitation despite the easy attack profile.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36806 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.01% (2nd percentile), suggesting low near-term mass-exploitation likelihood despite the network-reachable attack surface. The flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30141 CRITICAL Act Now

Remote code execution and denial-of-service in bitbank2 AnimatedGIF v2.2.0 arises from a buffer overflow in the DecodeLZW function when processing a crafted GIF file. SSVC data indicates a proof-of-concept exists and exploitation is automatable, though it is not listed in CISA KEV; with CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) the vulnerability is network-reachable wherever this library decodes attacker-supplied GIFs.

Denial Of Service Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-36771 HIGH This Week

Denial-of-service in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) allows remote unauthenticated attackers to crash the device by sending crafted input to the wl_radio parameter of the formwrlSSIDset function, triggering a stack-based buffer overflow. Publicly available exploit research exists in a GitHub repository, but no public exploit identified for weaponized use at time of analysis and the issue is not listed in CISA KEV. The CVSS 7.5 score reflects high availability impact without confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36797 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formIPMacBindModify handler via the IPMacBindRuleIp parameter. No public exploit identified at time of analysis, EPSS is very low (0.01%), and SSVC reports no observed exploitation, though CISA's SSVC marks the attack as automatable with partial technical impact.

Denial Of Service Tenda Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52292 HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted MP4 file that triggers a stack buffer overflow in the filein_process function. The flaw resides in in_file.c and impacts availability only, with no confirmed code-execution path; no public exploit identified at time of analysis, though POC details may surface via the linked infosec.exchange post.

Denial Of Service Stack Overflow Buffer Overflow N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36783 HIGH This Week

Denial-of-service via stack buffer overflow affects the Tenda O3 wireless router firmware v1.0.0.5(4180), where the fromNetToolGet handler fails to bound-check the domain parameter supplied in HTTP requests. Remote attackers can crash the router's web management service by sending a crafted request, disrupting network connectivity for downstream clients. SSVC flags the issue as proof-of-concept with automatable exploitation and partial technical impact, though EPSS remains low at 0.01% and no in-the-wild exploitation has been confirmed.

Tenda Denial Of Service Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-43688 HIGH This Week

An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36818 HIGH This Week

Remote denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated network attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the wewifiWhiteUserInfo parameter handled by the formAddWewifiWhiteUser function. EPSS scores exploitation probability at only 0.02% (4th percentile) and no public exploit code or active exploitation has been reported, though a research repository documenting the finding exists on GitHub. The vulnerability is not listed in CISA KEV.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36779 HIGH This Week

Denial of service in Tenda O3 Wireless Router firmware v1.0.0.5(4180) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack buffer overflows in the fromVirtualSer function. Five distinct overflow sinks (puVar2, puVar1, __s2, __s1_00, puVar3) are reachable via the same handler. No public exploit identified at time of analysis, and EPSS rates exploitation likelihood at 0.01%, but a research repository with vulnerability artifacts is referenced.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36817 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser handler. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though a GitHub research repository documents the flaw. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity compromise.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36784 HIGH This Week

Denial of service in the Tenda O3 Wireless Router (firmware v1.0.0.5(4180)) allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the ip parameter of the fromNetToolGet function. Publicly available exploit code exists in a GitHub research repository, though EPSS rates exploitation probability at only 0.02% and the issue is not on CISA KEV. Impact is limited to availability (the CVSS A:H, C:N, I:N profile), making this primarily a device-crash bug rather than a code-execution vector based on the reported analysis.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36792 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing a malicious wl_radio parameter to the formWifiRadioSet function. EPSS scoring (0.01%, 2nd percentile) indicates very low real-world exploitation probability, and no public exploit identified at time of analysis beyond a research repository referencing the vulnerable function.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36799 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows the portalAuth parameter handled by the formPortalAuth function. No public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.01%), but a public proof-of-concept research repository on GitHub references the vulnerable function.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36808 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. EPSS is extremely low at 0.02% and no public exploit identified at time of analysis beyond a research repository, though the affected component is the web administration interface of a SOHO/SMB router.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36809 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%), but the network-reachable attack surface on a customer-premises router warrants timely mitigation. The flaw is limited to availability impact per the CVSS vector, with no confidentiality or integrity consequences claimed.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36810 HIGH This Week

Denial of service in Tenda W15E v15.11.0.10 routers can be triggered by remote unauthenticated attackers sending a crafted HTTP request that overflows the gotoUrl parameter in the formPortalAuth function. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and at the time of analysis no public exploit identified at time of analysis though a proof-of-concept research repository is referenced. EPSS is very low (0.02%, 4th percentile), suggesting limited real-world exploitation interest despite the network-reachable attack surface.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36815 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing an oversized hostname parameter to the formSetNetCheckTools handler. The classic stack buffer overflow (CWE-120) currently shows no public exploit identified at time of analysis and a very low EPSS score of 0.01%, but the network-reachable management interface makes any exposed device trivially disruptable.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36816 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows a buffer in the wewifiWhiteUserInfo parameter handled by the formAddWewifiWhiteUser function. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function, and EPSS is very low (0.02%, 4th percentile).

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36798 MEDIUM This Month

Multiple stack-based buffer overflows in Tenda G0 router firmware v15.11.0.5 allow network-adjacent or remote attackers to crash the device by sending crafted HTTP requests to the `formSetDebugCfgr` debug configuration endpoint, with three independent overflow vectors (`enable`, `level`, `module` parameters) each capable of triggering a denial-of-service condition. The official CVSS vector includes UI:R, suggesting a possible CSRF-style delivery mechanism requiring an authenticated administrator to be tricked into issuing the malicious request, which meaningfully constrains exploitation compared to a purely unauthenticated remote attack. No public exploit confirmed in CISA KEV; an associated GitHub repository referenced in the CVE may contain proof-of-concept material, though EPSS remains extremely low at 0.01% (2nd percentile).

Tenda Stack Overflow Buffer Overflow Denial Of Service N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36796 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request with an oversized picCropName parameter to the formCropAndSetWewifiPic handler. The flaw is a classic stack buffer overflow in the web management interface, and while no public weaponized exploit is identified, proof-of-concept research artifacts are published on GitHub. EPSS scores exploitation probability at just 0.01%, reflecting limited attacker interest despite trivial reachability.

Denial Of Service Tenda Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36772 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device by supplying an oversized wl_radio parameter to the formwrlSSIDget function. Impact is limited strictly to Denial of Service (availability loss); no confidentiality or integrity impact is possible per CVSS vector analysis. No public exploit identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02% (5th percentile), placing this firmly in the lower-priority tier despite the High availability impact rating.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36773 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) allows adjacent-network unauthenticated attackers to crash the device via a crafted Go parameter submitted to the ask_to_reboot function, resulting in a complete Denial of Service condition. The vulnerability carries a CVSS 6.5 score with High availability impact but no confidentiality or integrity loss, and the attack vector is constrained to adjacent network access. No public exploit confirmation or CISA KEV listing is present, and EPSS at 0.02% (5th percentile) indicates low observed exploitation probability at time of analysis.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36791 HIGH This Week

Denial of service in Tenda O3v3 firmware v1.0.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formSetCfm handler. No public exploit identified at time of analysis, and EPSS is very low (0.01%), but the network-reachable, no-authentication attack surface on a CPE/router device makes this relevant for exposed deployments.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36793 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack-based buffer overflows in the formwrlSSIDset handler. The flaw is reachable without authentication or user interaction (CVSS 7.5, AV:N/AC:L/PR:N), but EPSS is only 0.01% and no public exploit identified at time of analysis suggests low near-term mass-exploitation likelihood despite the trivial attack surface.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122), allowing the attacker to run arbitrary code in the context of the opened Office process. The CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) reflects a user-interaction-driven local exploit rather than a remote network attack, and no public exploit identified at time of analysis. The flaw was reported through Microsoft Security Response Center (secure@microsoft.com) and is tracked in MSRC's update guide.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Windows DHCP Client is possible when a stack-based buffer overflow (CWE-121) is triggered by a crafted DHCP server response, allowing an unauthorized network attacker to run arbitrary code with no user interaction. The flaw carries a CVSS 9.8 critical rating reflecting network reachability, low complexity, and full impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Because the DHCP client runs early in the network stack on virtually every Windows host, successful exploitation grants attacker-controlled code execution in a highly privileged context.

Microsoft Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds heap read in the Windows Desktop Window Manager (DWM) Core Library on Windows 11 26H1 enables authenticated local attackers to disclose high-confidence confidentiality data without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms low-complexity local exploitation limited to a single authenticated session, with no integrity or availability impact. No public exploit code has been identified at time of analysis, and the vulnerability does not appear in the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library stems from a use-after-free condition (CWE-122) that lets an authenticated low-privileged user gain elevated rights on affected Windows systems. The flaw was reported by Microsoft (secure@microsoft.com) and tracked via MSRC, with no public exploit identified at time of analysis and no CISA KEV listing. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability once the attacker has local foothold.

Denial Of Service Heap Overflow Microsoft +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RDP server, where a heap-based buffer overflow (linked to use-after-free memory corruption per vendor tags) enables arbitrary code execution on the client machine. The CVSS 7.5 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis. SSVC assessment from CISA rates exploitation as 'none' and automatable as 'no', though technical impact is total.

Use After Free Memory Corruption Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.

Heap Overflow Buffer Overflow Remote Desktop Client +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 21h2 +7
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Buffer Overflow Heap Overflow Windows App +12
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Likely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that runs attacker code in the client's context. The flaw (CWE-416 use-after-free / heap corruption) carries CVSS 8.8 and requires user interaction, with no public exploit identified at time of analysis. A vendor patch is available via Microsoft MSRC.

Use After Free Memory Corruption Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering an integer underflow condition. With a CVSS of 7.8 and no public exploit identified at time of analysis, this issue is primarily a post-compromise escalation vector commonly chained after initial access via phishing or commodity malware. Microsoft has released a patch through MSRC, and given Windows kernel EoP bugs are frequently weaponized by ransomware and APT actors historically, prompt patching is warranted despite the absence of confirmed in-the-wild exploitation.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Telephony Service exposes sensitive memory contents to locally authenticated attackers across a broad range of Windows client and server versions. The flaw (CWE-125) is exploitable with only low privileges and no user interaction, yielding high confidentiality impact while leaving integrity and availability unaffected. No public exploit code or active exploitation has been identified; CISA's SSVC framework rates this as non-automatable with partial technical impact, placing it at medium operational priority.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH Exploit Unlikely This Month

Windows Kerberos out-of-bounds read (CWE-125) allows a low-privilege network attacker to crash the Kerberos authentication service across all actively supported Windows client and server platforms, from Windows Server 2012 through Windows Server 2025 and Windows 11 26H1. The attack requires prior domain authentication and high-complexity triggering conditions (CVSS AC:H), limiting opportunistic mass exploitation, though a successful attack against a domain controller can deny authentication domain-wide by crashing the KDC. Vendor patches are available via the Microsoft MSRC advisory; no public exploit code exists and SSVC confirms no observed exploitation at time of analysis.

Denial Of Service Information Disclosure Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled RDP server, where a heap-based buffer overflow triggered by a race condition (CWE-362) allows arbitrary code execution on the client machine. The flaw carries a CVSS 7.5 (High) rating with high attack complexity and required user interaction, and no public exploit identified at time of analysis. Microsoft has released a patch via MSRC advisory CVE-2026-42913.

Race Condition Buffer Overflow Remote Desktop Client +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Hotpatch Monitoring Service enables an authenticated low-privileged attacker to gain elevated privileges through an out-of-bounds write (CWE-787) memory corruption flaw. The CVSS 7.8 (AV:L/AC:L/PR:L) reflects local attack vector with low complexity once a foothold is obtained, and no public exploit identified at time of analysis. The vulnerability was reported by Microsoft's own security team (secure@microsoft.com), suggesting internal discovery prior to disclosure.

Microsoft Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user connects to an attacker-controlled or compromised RDP endpoint, where a race condition (CWE-362) can be triggered to corrupt heap memory and execute arbitrary code in the client process. The flaw is unauthenticated from the network attacker's perspective but requires user interaction to initiate the connection, and no public exploit has been identified at time of analysis.

Race Condition Buffer Overflow Remote Desktop Client +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows unauthenticated remote attackers to read out-of-bounds memory contents over the network, potentially leaking sensitive data from the RDP service process. The vulnerability requires no authentication or user interaction and is rated CVSS 7.5 with high confidentiality impact only. At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver allows an authenticated low-privileged user on a Windows host to escalate to higher privileges by triggering a buffer over-read in the kernel-mode driver. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.8 with low attack complexity and no user interaction makes it an attractive post-compromise target for endpoint operators.

Information Disclosure Microsoft Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Projected File System (ProjFS) Filter Driver enables an authorized low-privileged user to elevate to higher privileges through a buffer over-read condition. The flaw affects Microsoft Windows installations where the ProjFS filter driver is present, and exploitation yields high impact across confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows DNS allows an authenticated low-privileged user to gain elevated privileges via a heap-based buffer overflow (CWE-122). The CVSS 7.0 score reflects high attack complexity and local-only access, and no public exploit is identified at time of analysis. The flaw was reported privately by Microsoft (MSRC) and is tracked under MSRC advisory CVE-2026-41108.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows an authenticated low-privileged user to gain SYSTEM-level code execution by triggering a heap-based buffer overflow (CWE-122). The flaw affects Windows endpoints where the UDFS kernel driver parses attacker-controlled UDF-formatted media (typically optical discs or mounted disc images). No public exploit identified at time of analysis and the issue is not currently listed on CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in NVIDIA DALI enables local authenticated attackers to achieve code execution, data tampering, denial of service, or information disclosure when a victim user interacts with attacker-supplied input. The flaw affects the Data Loading Library used in GPU-accelerated deep learning data pipelines and carries a CVSS 3.1 score of 7.3 (High). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Heap Overflow RCE +3
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt up to ~8 MiB of heap memory by sending a crafted HTTP POST request with an oversized Content-Length header. The flaw is triggered before HTTP basic-auth validation runs, enabling pre-authentication exploitation against any exposed mod_verto HTTP endpoint, with CVSS 9.8 reflecting potential for remote code execution; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Freeswitch
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds memory access in FreeSWITCH versions prior to 1.11.0 allows remote unauthenticated attackers to crash the telephony stack by sending a malformed STUN packet whose declared attribute length is smaller than the structure the parser casts it to. No public exploit has been identified at time of analysis, but the network-reachable nature of STUN on media-handling deployments makes this a denial-of-service risk for any exposed FreeSWITCH instance handling WebRTC or NAT-traversal traffic.

Buffer Overflow Freeswitch
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.

Netgear Stack Overflow Buffer Overflow +14
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Denial-of-service via out-of-bounds write in NETGEAR Orbi mesh router and satellite firmware allows unauthenticated, adjacent-network attackers to render affected devices unavailable by sending specially crafted requests. The vulnerability affects multiple Orbi 860/950/960/970/971-series devices across a broad firmware version range, with fixed builds available per vendor advisory. No public exploit code or active exploitation has been identified at time of analysis (CVSS E:U), though the low attack complexity and absence of any authentication requirement make this straightforward to reproduce for any attacker with local network access.

Memory Corruption Buffer Overflow Rbr860 +7
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Remote command execution in NETGEAR Orbi 370 series routers (firmware before V12.1.2.7) is achievable by a network-positioned adversary who can intercept and tamper with traffic between the device and the internet. Exploitation requires the device administrator to perform specific management actions while the attacker holds a man-in-the-middle position, at which point a buffer overflow (CWE-119) is triggered allowing arbitrary command execution on the device. No public exploit exists at time of analysis and the vendor has released a patching firmware (V12.1.2.7); no KEV listing has been issued by CISA.

Netgear Buffer Overflow Orbi 370
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Shadow paging error paths in Xen Hypervisor 4.15+ on x86 allow 64-bit PV guests operating in shadow mode to corrupt mapcache metadata by triggering a page-table switch that does not update the currently running vCPU reference. Successful exploitation by a guest can result in privilege escalation into the hypervisor, host-wide denial of service, and information leaks affecting all co-resident guests. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; vendor-released patches are available for all supported stable branches.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

Heap buffer overflow in Red Hat Directory Server's audit logging subsystem allows an authenticated high-privilege attacker to corrupt heap memory and tamper with audit log output. The vulnerable function create_masked_entry_string() in auditlog.c writes a fixed-length password mask into a precisely-sized heap buffer without bounds checking, overflowing when a short cleartext password is processed. Exploitation requires two non-default preconditions - audit logging must be enabled AND either CLEAR password storage must be configured or a replication peer must already be compromised - limiting real-world exposure significantly. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 +7
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Stack buffer overflow in 389 Directory Server's pw.c checkPrefix() function allows a network-accessible Directory Manager to crash the LDAP server by storing a crafted credential with an oversized algorithm ID. The vulnerable code copies attacker-controlled input into a fixed 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. FORTIFY_SOURCE compiler hardening constrains impact to denial of service - preventing arbitrary code execution - but service disruption against a critical authentication infrastructure component remains operationally significant. No public exploit identified at time of analysis.

Denial Of Service Stack Overflow Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Heap buffer over-read in Red Hat Directory Server's ldap_utf8prev() function exposes LDAP deployments to potential confidentiality, integrity, and availability impact via crafted string filter input. The flaw affects authenticated, network-accessible LDAP servers running Red Hat Directory Server 11, 12, and 13 as well as the 389-ds component shipped across Red Hat Enterprise Linux 6 through 10. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; however, its presence in filter parsing logic - a core LDAP code path - warrants prompt patching in internet-exposed or multi-tenant directory environments.

Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 +6
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attacker during database import operations. Exploitation requires local system access, high attack complexity, and high privileges (administrator-level), producing only minor confidentiality impact with no integrity or availability consequences. No public exploit identified at time of analysis and no KEV listing; the CVSS score of 1.9 reflects the extremely constrained exploitation conditions, making this a low operational priority absent specific threat model considerations.

Information Disclosure Buffer Overflow Red Hat Directory Server 11 +7
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Buffer overflow in the Linux kernel's greybus gb-beagleplay driver allows an adjacent attacker with control over the cc1352 bootloader serial data stream to overflow the fixed rx_buffer used to stage bootloader packets. The cc1352_bootloader_rx() handler appends serdev chunks without validating they fit in remaining buffer space, enabling memory corruption with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Out-of-bounds read in OpenSSL 4.0.0's `X509_VERIFY_PARAM_set1_email()` function can crash applications performing email-based X.509 certificate verification when processing attacker-influenced email input, resulting in a denial-of-service condition. The vulnerability is scoped to OpenSSL 4.0.0 only and was patched in the June 9, 2026 security release (4.0.1), which bundled fixes for 18 CVEs. No public exploit identified at time of analysis and no CISA KEV listing.

OpenSSL Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in OpenSSL's ASN.1 content parser allows remote unauthenticated attackers to trigger a heap buffer over-read that can crash applications relying on the library for cryptographic parsing. Disclosed via the OpenSSL 4.0.1 security release on 2026-06-09 alongside more than a dozen other fixes, this issue affects every supported branch from 1.0.2 through 3.6 and 4.0. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the broad install base of OpenSSL across servers, clients, and embedded devices makes patching a priority.

OpenSSL Information Disclosure Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in OpenSSL's CMS password-based decryption code (CVE-2026-9076) allows remote attackers to cause denial of service against applications that decrypt attacker-supplied CMS messages. The flaw is fixed in OpenSSL 4.0.1 alongside a batch of other cryptographic vulnerabilities, with no public exploit identified at time of analysis and no CISA KEV listing. Multiple OpenSSL branches (1.0.2, 1.1.1, 3.0, 3.4, 3.5, 3.6, and 4.0.0) require updates per the upstream advisory.

OpenSSL Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Heap buffer overflow in OpenSSL's ASN.1 multibyte string conversion routine allows remote attackers to corrupt memory and potentially achieve code execution against applications using affected OpenSSL versions prior to 4.0.1. The flaw was disclosed via the OpenSSL 4.0.1 security patch release alongside 17 other CVEs and is classified as a high-severity issue (CVSS 8.1) with no public exploit identified at time of analysis.

OpenSSL Memory Corruption Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Stack-based buffer overflow in Perl DBI module versions prior to 1.648 allows attackers who can influence database error message content to corrupt memory via a fixed 200-byte stack buffer used during error formatting. The flaw is triggered when applications enable RaiseError, PrintError, or HandleError handlers - a near-universal configuration in production Perl database code. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.02% despite the CVSS 9.8 rating.

Memory Corruption Buffer Overflow Dbi
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Heap-based buffer overflow in the HarmonyOS IPC (Inter-Process Communication) module allows a local low-privileged attacker to impact confidentiality, integrity, and availability of the affected system. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) confirms exploitation requires local authenticated access with low complexity, limiting but not eliminating real-world risk on consumer and wearable Huawei devices. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Heap Overflow Buffer Overflow
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Out-of-bounds heap write in the Zephyr RTOS Bluetooth host allows a remote, unauthenticated BLE peer within radio range to corrupt memory during L2CAP LE Connection-oriented Channel (CoC) SDU reassembly. The flaw affects builds where the application enables SDU segmentation via chan_ops.alloc_buf and selects an RX net_buf pool whose user_data_size is smaller than 2 bytes, causing the reassembly segmentation counter in l2cap_chan_le_recv_seg() to be written past the allocated user_data region. There is no public exploit identified at time of analysis and EPSS probability is negligible (0.01%), so realistic impact is a triggered fatal error / heap corruption rather than demonstrated code execution.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP QTS and QuTS hero NAS operating systems enables an authenticated administrator to corrupt stack memory or crash processes via a network-accessible attack path. Affected versions span QTS 5.2.x and multiple QuTS hero release trains (h5.2.x, h5.3.x, h6.0.x), with vendor-released patches dated February-May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory high-privilege prerequisite substantially limits realistic attack surface.

Stack Overflow Qnap Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution and denial of service in Zephyr RTOS HTTP server (versions 3.7.0 through 4.3.0) allow unauthenticated network attackers to corrupt stack memory by sending a crafted Sec-WebSocket-Key header during WebSocket upgrade. The flaw is a CWE-170 improper NUL-termination issue where a bounded copy fails to terminate the header buffer, causing strlen() and subsequent concatenation to read and write past stack bounds. No public exploit identified at time of analysis, but the CVSS 9.8 rating and trivially reachable attack surface make this a high-priority issue for any Zephyr deployment with CONFIG_HTTP_SERVER_WEBSOCKET enabled.

Denial Of Service Buffer Overflow RCE +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV.

SAP Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandbox-confined arbitrary code execution in Google Chrome on macOS versions prior to 149.0.7827.103 stems from an out-of-bounds read and write in the Media component, exploitable by a remote attacker who has already compromised the renderer process and lures a user to a crafted HTML page. Google rates the Chromium severity as High and has released a patched stable channel update; no public exploit identified at time of analysis, and SSVC reports no observed exploitation.

Information Disclosure Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Out-of-bounds read in Chrome's Skia graphics engine (versions prior to 149.0.7827.103) enables cross-origin data leakage via a crafted HTML page, but only after a prior renderer process compromise. The CVSS score of 3.1 (Low) reflects the constrained impact: confidentiality loss is limited in scope, and the prerequisite renderer compromise represents a significant barrier. No public exploit identified at time of analysis, and CISA SSVC confirms exploitation status as none with non-automatable attack surface.

Google Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a heap buffer overflow in the GPU process triggered by a crafted HTML page. Rated High severity by Chromium with a CVSS 8.3 reflecting scope change and full CIA impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Google Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in Chrome's Media component on ChromeOS allows an attacker who has already compromised the renderer process to exfiltrate potentially sensitive data from process memory via a crafted HTML page. Affected are all Chrome for ChromeOS releases prior to 149.0.7827.103. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained by both the ChromeOS-only scope and the mandatory prerequisite of a pre-compromised renderer, making this a chained attack scenario rather than a standalone critical threat.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in the WebRTC component of Google Chrome before 149.0.7827.103 enables a remote attacker who has already compromised the GPU process to escalate into heap corruption via a crafted HTML page. Google rates this High severity and a vendor patch is available; no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring a prior sandbox-adjacent foothold plus user interaction.

Information Disclosure Google Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds read in Dawn, Chrome's WebGPU graphics API layer, on Windows enables unauthenticated remote attackers to leak cross-origin data by serving a crafted HTML page. Affected versions of Google Chrome on Windows are all releases prior to 149.0.7827.103. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) confirms this is a network-exploitable, low-complexity information disclosure with no authentication requirement - limited only by the need for a user to visit the attacker-controlled page. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 can be triggered by an integer overflow in the browser's UI component when a victim visits a crafted HTML page. Rated CVSS 9.6 with scope change, this issue allows a remote attacker to break out of the Chrome renderer sandbox after one click or navigation, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to version 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers an integer overflow in the Media component. Google rates the Chromium severity as High, and no public exploit has been identified at time of analysis. Because exploitation requires chaining with a separate renderer compromise plus user interaction (visiting a malicious page), the attack complexity is High despite the network attack vector.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Google Chrome's V8 JavaScript engine prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw is an out-of-bounds read and write (CWE-125) rated High severity by Chromium with a CVSS 8.8, and no public exploit identified at time of analysis, though V8 memory-corruption issues historically attract exploit development.

Information Disclosure Google Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an integer overflow in the libyuv image conversion library. Exploitation requires user interaction with a crafted HTML page and a chained renderer compromise, but Google rated the underlying issue Critical because a successful chain yields code execution outside Chrome's sandbox. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.03%.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device via the formSetCfm HTTP endpoint. The vulnerability resides in the param_1 parameter of the formSetCfm function, where insufficient input validation allows a crafted HTTP request to overflow a stack buffer, resulting in a Denial of Service. A public GitHub repository linked in the references (xhh0124/SemVulLLM) appears to document or demonstrate the issue; no public exploit identified at time of analysis beyond that reference, and the EPSS score of 0.01% (2nd percentile) reflects very low exploitation probability.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser handler. CVSS 7.5 reflects the network-reachable, no-auth attack path with high availability impact but no confidentiality or integrity loss, and EPSS is very low (0.01%) with no public exploit identified at time of analysis.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Stack-based buffer overflow in Tenda O3 Wireless Router firmware v1.0.0.5(4180) enables authenticated remote attackers to crash the device by submitting an oversized username value to the R7WebsSecurityHandler HTTP handler. The CVSS vector (PR:H) confirms that exploitation requires high-privilege authentication, constraining the attack surface to compromised admin credentials or insider threat scenarios. No public exploit identified at time of analysis and EPSS sits at the 2nd percentile (0.01%), reflecting low observed exploitation interest.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects easy network-based exploitation with high availability impact but no confidentiality or integrity loss, and no public exploit identified at time of analysis beyond a research repository reference.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows unauthenticated remote attackers to crash the device by sending crafted HTTP requests with oversized username or password parameters that overflow stack buffers in the R7WebsSecurityHandler function. The flaw affects the router's web management interface and carries a CVSS 7.5 (availability-only impact); no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request with an oversized picName parameter to the formDelwebAuthPic handler. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability at just 0.02% (4th percentile), but the affected SOHO/SMB router class is a frequent target once weaponized PoCs emerge.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda PW201A v1.0.5 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the page parameter of the SafeMacFilter function. EPSS scores exploitation probability at just 0.02% (4th percentile), and no public exploit identified at time of analysis, though a research repository on GitHub references the vulnerable function.

Denial Of Service Buffer Overflow Tenda +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Tenda US_W3V1.0BR router firmware v1.0.0.3 allows unauthenticated network attackers to crash the device by sending a crafted value in the 'Go' parameter to the ask_to_reboot function, triggering a stack-based buffer overflow. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the IPMacBindIndex parameter handler of the formIPMacBindDel function. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.01%, 2nd percentile), but the network-reachable, no-auth attack surface on an edge networking device warrants attention from operators of affected hardware.

Tenda Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware version 15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, and EPSS scoring of 0.01% indicates very low predicted exploitation probability, though a research repository hosting analysis artifacts exists on GitHub.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers stack-based buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. CVSS 7.5 reflects the network-reachable, no-privilege availability impact, while EPSS sits at 0.01% (2nd percentile) and no public exploit identified at time of analysis indicates limited near-term opportunistic exploitation despite the easy attack profile.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.01% (2nd percentile), suggesting low near-term mass-exploitation likelihood despite the network-reachable attack surface. The flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution and denial-of-service in bitbank2 AnimatedGIF v2.2.0 arises from a buffer overflow in the DecodeLZW function when processing a crafted GIF file. SSVC data indicates a proof-of-concept exists and exploitation is automatable, though it is not listed in CISA KEV; with CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) the vulnerability is network-reachable wherever this library decodes attacker-supplied GIFs.

Denial Of Service Buffer Overflow RCE
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) allows remote unauthenticated attackers to crash the device by sending crafted input to the wl_radio parameter of the formwrlSSIDset function, triggering a stack-based buffer overflow. Publicly available exploit research exists in a GitHub repository, but no public exploit identified for weaponized use at time of analysis and the issue is not listed in CISA KEV. The CVSS 7.5 score reflects high availability impact without confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formIPMacBindModify handler via the IPMacBindRuleIp parameter. No public exploit identified at time of analysis, EPSS is very low (0.01%), and SSVC reports no observed exploitation, though CISA's SSVC marks the attack as automatable with partial technical impact.

Denial Of Service Tenda Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted MP4 file that triggers a stack buffer overflow in the filein_process function. The flaw resides in in_file.c and impacts availability only, with no confirmed code-execution path; no public exploit identified at time of analysis, though POC details may surface via the linked infosec.exchange post.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service via stack buffer overflow affects the Tenda O3 wireless router firmware v1.0.0.5(4180), where the fromNetToolGet handler fails to bound-check the domain parameter supplied in HTTP requests. Remote attackers can crash the router's web management service by sending a crafted request, disrupting network connectivity for downstream clients. SSVC flags the issue as proof-of-concept with automatable exploitation and partial technical impact, though EPSS remains low at 0.01% and no in-the-wild exploitation has been confirmed.

Tenda Denial Of Service Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated network attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the wewifiWhiteUserInfo parameter handled by the formAddWewifiWhiteUser function. EPSS scores exploitation probability at only 0.02% (4th percentile) and no public exploit code or active exploitation has been reported, though a research repository documenting the finding exists on GitHub. The vulnerability is not listed in CISA KEV.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda O3 Wireless Router firmware v1.0.0.5(4180) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack buffer overflows in the fromVirtualSer function. Five distinct overflow sinks (puVar2, puVar1, __s2, __s1_00, puVar3) are reachable via the same handler. No public exploit identified at time of analysis, and EPSS rates exploitation likelihood at 0.01%, but a research repository with vulnerability artifacts is referenced.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser handler. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though a GitHub research repository documents the flaw. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity compromise.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the Tenda O3 Wireless Router (firmware v1.0.0.5(4180)) allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the ip parameter of the fromNetToolGet function. Publicly available exploit code exists in a GitHub research repository, though EPSS rates exploitation probability at only 0.02% and the issue is not on CISA KEV. Impact is limited to availability (the CVSS A:H, C:N, I:N profile), making this primarily a device-crash bug rather than a code-execution vector based on the reported analysis.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing a malicious wl_radio parameter to the formWifiRadioSet function. EPSS scoring (0.01%, 2nd percentile) indicates very low real-world exploitation probability, and no public exploit identified at time of analysis beyond a research repository referencing the vulnerable function.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows the portalAuth parameter handled by the formPortalAuth function. No public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.01%), but a public proof-of-concept research repository on GitHub references the vulnerable function.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. EPSS is extremely low at 0.02% and no public exploit identified at time of analysis beyond a research repository, though the affected component is the web administration interface of a SOHO/SMB router.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%), but the network-reachable attack surface on a customer-premises router warrants timely mitigation. The flaw is limited to availability impact per the CVSS vector, with no confidentiality or integrity consequences claimed.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E v15.11.0.10 routers can be triggered by remote unauthenticated attackers sending a crafted HTTP request that overflows the gotoUrl parameter in the formPortalAuth function. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and at the time of analysis no public exploit identified at time of analysis though a proof-of-concept research repository is referenced. EPSS is very low (0.02%, 4th percentile), suggesting limited real-world exploitation interest despite the network-reachable attack surface.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing an oversized hostname parameter to the formSetNetCheckTools handler. The classic stack buffer overflow (CWE-120) currently shows no public exploit identified at time of analysis and a very low EPSS score of 0.01%, but the network-reachable management interface makes any exposed device trivially disruptable.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows a buffer in the wewifiWhiteUserInfo parameter handled by the formAddWewifiWhiteUser function. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function, and EPSS is very low (0.02%, 4th percentile).

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple stack-based buffer overflows in Tenda G0 router firmware v15.11.0.5 allow network-adjacent or remote attackers to crash the device by sending crafted HTTP requests to the `formSetDebugCfgr` debug configuration endpoint, with three independent overflow vectors (`enable`, `level`, `module` parameters) each capable of triggering a denial-of-service condition. The official CVSS vector includes UI:R, suggesting a possible CSRF-style delivery mechanism requiring an authenticated administrator to be tricked into issuing the malicious request, which meaningfully constrains exploitation compared to a purely unauthenticated remote attack. No public exploit confirmed in CISA KEV; an associated GitHub repository referenced in the CVE may contain proof-of-concept material, though EPSS remains extremely low at 0.01% (2nd percentile).

Tenda Stack Overflow Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request with an oversized picCropName parameter to the formCropAndSetWewifiPic handler. The flaw is a classic stack buffer overflow in the web management interface, and while no public weaponized exploit is identified, proof-of-concept research artifacts are published on GitHub. EPSS scores exploitation probability at just 0.01%, reflecting limited attacker interest despite trivial reachability.

Denial Of Service Tenda Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device by supplying an oversized wl_radio parameter to the formwrlSSIDget function. Impact is limited strictly to Denial of Service (availability loss); no confidentiality or integrity impact is possible per CVSS vector analysis. No public exploit identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02% (5th percentile), placing this firmly in the lower-priority tier despite the High availability impact rating.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) allows adjacent-network unauthenticated attackers to crash the device via a crafted Go parameter submitted to the ask_to_reboot function, resulting in a complete Denial of Service condition. The vulnerability carries a CVSS 6.5 score with High availability impact but no confidentiality or integrity loss, and the attack vector is constrained to adjacent network access. No public exploit confirmation or CISA KEV listing is present, and EPSS at 0.02% (5th percentile) indicates low observed exploitation probability at time of analysis.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda O3v3 firmware v1.0.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formSetCfm handler. No public exploit identified at time of analysis, and EPSS is very low (0.01%), but the network-reachable, no-authentication attack surface on a CPE/router device makes this relevant for exposed deployments.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack-based buffer overflows in the formwrlSSIDset handler. The flaw is reachable without authentication or user interaction (CVSS 7.5, AV:N/AC:L/PR:N), but EPSS is only 0.01% and no public exploit identified at time of analysis suggests low near-term mass-exploitation likelihood despite the trivial attack surface.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
Prev Page 13 of 402 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy