Skip to main content

Buffer Overflow

36140 CVEs technique

Monthly

CVE-2026-4720 CRITICAL PATCH Act Now

Multiple memory safety bugs affecting Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR allow remote attackers to achieve arbitrary code execution through memory corruption vulnerabilities. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are confirmed affected, with evidence suggesting these memory corruption issues could be exploited under sufficient effort. The vulnerability class encompasses buffer overflow and memory safety defects that demonstrate exploitation potential, though no active public exploitation has been documented at this time.

Mozilla RCE Buffer Overflow Firefox Esr
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4710 CRITICAL PATCH Act Now

An incorrect boundary conditions vulnerability exists in Firefox and Firefox ESR's Audio/Video component that enables information disclosure attacks. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. Attackers can exploit improper boundary validation in audio/video processing to leak sensitive information from the browser process.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4694 HIGH PATCH This Week

A boundary condition vulnerability combined with an integer overflow flaw exists in the Graphics component of Mozilla Firefox, affecting Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. This vulnerability could allow an attacker to trigger a buffer overflow through specially crafted graphics data, potentially leading to memory corruption and arbitrary code execution. While no CVSS score or EPSS data is currently available, the Mozilla security advisories confirm the vulnerability affects multiple product lines across different release channels.

Mozilla Integer Overflow Buffer Overflow Firefox Esr
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4690 HIGH PATCH This Week

A sandbox escape vulnerability exists in Mozilla Firefox due to incorrect boundary conditions and integer overflow within the XPCOM component, allowing attackers to break out of the browser's security sandbox and potentially execute arbitrary code with elevated privileges. Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9 are affected. An attacker capable of triggering the integer overflow in XPCOM can exploit the boundary condition flaw to escape the sandbox, potentially leading to full system compromise depending on browser privilege level and operating system context.

Buffer Overflow Mozilla Integer Overflow Firefox Esr
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-4689 CRITICAL POC PATCH Act Now

A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system.

Mozilla Buffer Overflow Firefox Esr
NVD VulDB GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2019-25646 CRITICAL POC Act Now

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Mail Carrier
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2019-25644 MEDIUM POC This Month

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Winmpg Video Convert Local Dos Exploit
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25637 HIGH POC This Week

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Netstat Pro
NVD Exploit-DB VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2019-25634 HIGH POC This Week

Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.

Buffer Overflow Memory Corruption RCE Base64 Decoder
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25633 HIGH POC This Week

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Aida64 Extreme
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25631 HIGH POC This Week

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Aida64 Business
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25629 HIGH POC This Week

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Aida64 Extreme
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25628 CRITICAL POC Act Now

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Download Accelerator Plus Dap
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25627 HIGH POC This Week

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE File Upload Flexhex
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25626 HIGH POC This Week

Local buffer overflow in River Past Cam Do 3.7.6's activation code field enables arbitrary code execution with SYSTEM privileges through specially crafted 608-byte input followed by shellcode and SEH chain overwrite. While exploitation requires local access and a publicly available exploit exists (Exploit-DB 46670), EPSS score of 0.01% indicates minimal real-world exploitation activity. The vulnerability affects a legacy multimedia application with no confirmed vendor patch, making it primarily relevant for environments still running this discontinued software.

Buffer Overflow RCE File Upload River Past Cam Do
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-4756 HIGH PATCH This Week

Memory corruption through out-of-bounds writes in Android-ImageMagick7 prior to version 7.1.2-11 enables local attackers to achieve arbitrary code execution with user interaction. The vulnerability affects Google's implementation of ImageMagick and carries a CVSS score of 7.8, indicating high severity with complete confidentiality, integrity, and availability impact. A patch is available for affected users.

Buffer Overflow Google Memory Corruption Android
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33855 MEDIUM PATCH This Month

Android-ImageMagick7 versions prior to 7.1.2-11 are vulnerable to integer overflow that allows local attackers with user interaction to cause a denial of service condition. The vulnerability requires local access and user interaction to trigger, making it a lower-risk but still exploitable flaw in image processing operations. A patch is available for affected installations.

Integer Overflow Buffer Overflow Google Android
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33854 HIGH PATCH This Week

Memory corruption through out-of-bounds write in Android-ImageMagick7 before version 7.1.2-10 enables remote code execution when a user processes a malicious image file. An attacker can exploit this vulnerability over the network without authentication to achieve complete system compromise including data theft, modification, and denial of service. A patch is available for affected Android devices running vulnerable versions of the ImageMagick library.

Google Buffer Overflow Memory Corruption Android
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33847 HIGH PATCH This Week

This is a memory buffer boundary restriction vulnerability (buffer overflow) in LinkingVision RapidVMS that allows an attacker with local access to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of RapidVMS prior to PR#96 and has been patched by the vendor via GitHub pull request #98. While the CVSS score is 7.8 (high severity), the local attack vector and required user interaction reduce the immediate remote exploitation risk, and there is no evidence of active exploitation or public proof-of-concept at this time.

Buffer Overflow Rapidvms
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33849 HIGH PATCH This Week

RapidVMS before PR#96 contains a buffer overflow vulnerability that allows unauthenticated remote attackers to achieve code execution, data theft, or system compromise with minimal user interaction. The flaw stems from improper memory bounds checking and carries a high CVSS score of 8.8 with network-based attack vectors. A patch is available to address this critical memory safety issue.

Buffer Overflow Rapidvms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33848 HIGH PATCH This Week

RapidVMS before patch PR#96 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication or user interaction. The high CVSS score (8.8) reflects the critical nature of this network-accessible flaw affecting confidentiality, integrity, and availability of affected systems. A patch is available and should be prioritized immediately given the severe exploitation potential.

Buffer Overflow Rapidvms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33851 HIGH PATCH This Week

Buffer overflow in doslib versions prior to 20250729 allows local attackers with user interaction to achieve full system compromise including code execution, data theft, and denial of service. The vulnerability requires local access and user interaction to trigger, but once exploited grants complete control over affected systems.

Buffer Overflow Doslib
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33850 HIGH PATCH This Week

WujekFoliarz DualSenseY-v2 versions prior to 54 contain an out-of-bounds write vulnerability that allows local attackers with user interaction to achieve arbitrary code execution with full system compromise. The CVSS 7.8 rating reflects the high impact on confidentiality, integrity, and availability through memory corruption exploitation. A patch is available for affected users to mitigate this local privilege escalation risk.

Buffer Overflow Memory Corruption Dualsensey V2
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-4753 CRITICAL PATCH Act Now

RetroDebugger versions before 0.64.72 contain an out-of-bounds read vulnerability that allows remote attackers to cause denial of service and potentially disclose sensitive information without authentication or user interaction. The network-accessible vulnerability has a CVSS score of 9.1 and a patch is available.

Buffer Overflow Information Disclosure Retrodebugger
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-4750 CRITICAL PATCH Act Now

Out-of-bounds read in woof before version 15.3.0 allows remote attackers to trigger information disclosure and denial of service without authentication or user interaction. This critical vulnerability affects Debian systems and can be exploited over the network to leak sensitive data or crash the application. A patch is available and should be applied immediately.

Buffer Overflow Information Disclosure Woof
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-4746 CRITICAL PATCH Act Now

Out-of-bounds write vulnerability in Proton versions before 1.6.16 allows remote attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the inflate.C module within the base/poco/Foundation components and can be exploited over the network without authentication or user interaction. A patch is available to remediate this critical flaw.

Buffer Overflow Proton
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-4744 CRITICAL PATCH Act Now

Out-of-bounds read vulnerability in Notepad3's Oniguruma regex engine (regcomp.C) allows local attackers with user interaction to trigger memory disclosure or potential code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions before 6.25.714.1 and has a critical CVSS score of 9.3. A patch is available and users should update immediately.

Buffer Overflow Information Disclosure Notepad3
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-4739 CRITICAL PATCH Act Now

Integer overflow in the Expat XML parser module within InsightSoftwareConsortium ITK before version 2.7.1 allows remote attackers to cause denial of service or potentially execute arbitrary code through specially crafted XML input. The vulnerability affects all users of vulnerable ITK versions and requires only network access and user interaction to exploit. A patch is available in ITK 2.7.1 and later.

Buffer Overflow Integer Overflow Itk
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-4738 CRITICAL PATCH Act Now

A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers to achieve arbitrary code execution or cause denial of service through specially crafted compressed data. The vulnerability requires user interaction to trigger but has a network attack vector with no authentication needed. A patch is available and should be applied immediately to affected GDAL installations.

Buffer Overflow Gdal Suse
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-4734 CRITICAL PATCH Act Now

A buffer overflow vulnerability in Modizer before v4.3 allows remote attackers to execute arbitrary code with high privileges by sending specially crafted input that bypasses memory boundary restrictions in the IMAP module. The network-accessible flaw requires minimal user interaction and affects the integrated libopenmpt curl library. A patch is available and should be applied immediately given the critical severity and confirmed attack vector.

Buffer Overflow Modizer
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-4732 HIGH PATCH This Week

Out-of-bounds read in Furnace before version 0.7 allows local attackers to read sensitive memory contents through a crafted FLAC file processed by the modified libsndfile module. This vulnerability could enable information disclosure or potentially facilitate further exploitation of the audio processing application.

Buffer Overflow Information Disclosure Furnace
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-4731 HIGH PATCH This Week

Integer overflow in ART's rtengine dcraw.C module before version 1.25.12 allows local attackers with user interaction to achieve high-impact compromise of confidentiality, integrity, and availability. This vulnerability requires local access and user interaction to trigger, making it exploitable primarily through malicious image files or project files opened by victims.

Buffer Overflow Integer Overflow Art
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-33307 HIGH PATCH This Week

Mod_gnutls, a TLS module for Apache HTTPD, contains a stack-based buffer overflow vulnerability in its client certificate verification code. Versions prior to 0.12.3 and 0.13.0 fail to validate the length of client-provided certificate chains before writing pointers to a fixed-size array, typically causing segmentation faults (denial of service) and theoretically enabling stack corruption. Only configurations explicitly requiring client certificate verification are affected; default configurations using 'GnuTLSClientVerify ignore' are not vulnerable.

Apache Buffer Overflow Stack Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-4679 HIGH PATCH This Week

Out-of-bounds memory write in Google Chrome's font handling prior to version 146.0.7680.165 enables remote code execution when users visit malicious HTML pages. An unauthenticated attacker can exploit an integer overflow vulnerability to achieve complete system compromise with high integrity and confidentiality impact. Patches are available for Chrome and affected Debian systems.

Google Buffer Overflow Debian Chrome Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4677 HIGH PATCH This Week

This vulnerability is an out-of-bounds memory read flaw in the WebAudio API implementation within Google Chrome prior to version 146.0.7680.165. A remote attacker can craft a malicious HTML page to trigger the vulnerability and read sensitive memory contents, leading to information disclosure. Although no CVSS score or EPSS data is provided, the Chromium security severity is rated as High, and the vulnerability affects all users of vulnerable Chrome versions until patching.

Debian Google Buffer Overflow Information Disclosure Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4675 HIGH PATCH This Week

Google Chrome's WebGL implementation contains a heap buffer overflow that enables remote attackers to read arbitrary memory by serving a specially crafted HTML page to users prior to version 146.0.7680.165. This network-based vulnerability requires only user interaction and affects Chrome on all platforms, granting attackers access to sensitive data in the browser's memory. A patch is available and should be applied immediately given the high severity and potential for exploitation.

Debian Google Heap Overflow Buffer Overflow Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4674 HIGH PATCH This Week

Out of bounds memory read in Google Chrome's CSS parser prior to version 146.0.7680.165 allows remote attackers to access sensitive memory contents through a malicious HTML page. The vulnerability requires user interaction and affects Chrome on multiple platforms including Debian systems, enabling attackers to potentially leak confidential data with high impact on confidentiality and integrity.

Debian Google Buffer Overflow Information Disclosure Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4673 HIGH PATCH This Week

Unauthenticated remote attackers can exploit a heap buffer overflow in Google Chrome's WebAudio component (versions prior to 146.0.7680.165) by hosting malicious HTML pages that trigger out-of-bounds memory writes. This vulnerability enables arbitrary code execution with full system compromise potential. A patch is available from Google and Debian.

Debian Google Buffer Overflow Heap Overflow Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-33298 HIGH PATCH This Week

Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an integer overflow in the `ggml_nbytes` function, causing heap buffer overflow during tensor processing. An attacker can bypass memory validation by specifying tensor dimensions that cause the size calculation to underflow dramatically, allowing memory corruption and potential code execution. The vulnerability affects Debian and other systems running vulnerable versions of llama.cpp, with no patch currently available.

RCE Buffer Overflow Heap Overflow Llama Cpp
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33554 HIGH PATCH This Week

FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. No CVSS score, EPSS data, or public exploitation confirmation is currently available, but the vulnerabilities are documented in Savannah bug reports with clear technical details.

Buffer Overflow Dell Stack Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1940 MEDIUM PATCH This Month

A security vulnerability in An incomplete fix for CVE-2024-47778 (CVSS 5.1) that allows an out-of-bounds read. Remediation should follow standard vulnerability management procedures.

Buffer Overflow Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-3055 CRITICAL POC KEV PATCH THREAT NEWS Act Now

An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.

Information Disclosure Citrix Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
9.3
EPSS
0.0%
Threat
4.9
CVE-2026-4647 MEDIUM PATCH This Month

A specially crafted XCOFF object file can trigger an out-of-bounds memory read in the GNU Binutils BFD library due to improper validation of relocation type values. This affects Red Hat Enterprise Linux versions 6 through 10 and Red Hat OpenShift Container Platform 4, potentially allowing local attackers with user interaction to crash affected tools or disclose sensitive memory contents. While not currently listed in CISA KEV as actively exploited, the vulnerability is tracked across Red Hat, Sourceware, and Bugzilla with upstream references indicating visibility and likely patch development.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +3
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4567 HIGH POC This Week

Stack-based buffer overflow in Tenda A15 router firmware version 15.13.07.13 allows unauthenticated remote attackers to achieve complete system compromise through a malicious file upload to the UploadCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with trivial complexity.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-4566 HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1122 firmware version 1.00.33 allows authenticated remote attackers to achieve complete system compromise through manipulation of the webpage parameter in the formWISP5G function. Public exploit code exists for this vulnerability and the vendor has not provided patches or responded to disclosure attempts. An attacker with network access can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4565 HIGH POC PATCH This Week

Buffer overflow in Tenda AC21 firmware version 16.03.08.16 allows authenticated remote attackers to achieve complete system compromise through crafted QoS configuration requests to the SetNetControlList endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).

Buffer Overflow Tenda
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-30006 MEDIUM This Month

XnSoft NConvert version 7.230 contains a stack buffer overflow vulnerability triggered by specially crafted TIFF files, allowing an attacker to overwrite stack memory and potentially execute arbitrary code or cause denial of service. The vulnerability affects the image conversion functionality of NConvert, a widely-used command-line image conversion tool. A proof-of-concept exploit has been documented on GitHub (PassMoon/Nconvert_Vul), indicating public awareness and potential active exploitation risk.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-4555 HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4553 HIGH POC This Week

Tenda F453 1.0.0.3 contains a stack-based buffer overflow in the Natlimit parameter handler that allows authenticated remote attackers to achieve full system compromise through a malicious page argument. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow to execute arbitrary code with high integrity and confidentiality impact.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4552 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access can execute arbitrary code with high impact on confidentiality, integrity, and availability.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4551 HIGH POC This Week

Tenda F453 version 1.0.0.3 contains a stack-based buffer overflow in the SafeClientFilter parameter handler that allows authenticated remote attackers to execute arbitrary code by manipulating the manufacturer/Go argument. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2019-25619 HIGH POC This Week

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Ftp Shell Server
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25616 MEDIUM POC This Month

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service File Upload Buffer Overflow Anming Mp3 Cd Burner
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25615 HIGH POC This Week

Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field.

Memory Corruption Buffer Overflow RCE Lavavo Cd Ripper
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25614 CRITICAL POC Act Now

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Free Float Ftp
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25612 HIGH POC This Week

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field.

Memory Corruption Buffer Overflow RCE Admin Express
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2019-25611 HIGH POC This Week

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values.

Memory Corruption Buffer Overflow RCE Miniftp
NVD Exploit-DB GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25609 HIGH POC This Week

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers.

Memory Corruption Buffer Overflow RCE Server
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25607 HIGH POC This Week

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename.

Memory Corruption Buffer Overflow RCE Axessh
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25606 MEDIUM POC This Month

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Fast Avi Mpeg Joiner
NVD Exploit-DB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2019-25604 HIGH POC This Week

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files.

Memory Corruption Buffer Overflow RCE Dvdxplayer
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25603 HIGH POC This Week

TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string.

Memory Corruption Buffer Overflow RCE Tuneclone
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25601 MEDIUM POC This Month

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Ultravnc Launcher
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25600 HIGH POC This Week

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field.

Memory Corruption Buffer Overflow Denial Of Service Ultravnc Viewer
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2019-25598 MEDIUM POC This Month

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft Denial Of Service
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25597 MEDIUM POC This Month

NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Nsauditor
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25591 MEDIUM POC This Month

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Dnss Domain Name Search Software
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4535 HIGH POC This Week

Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers with valid credentials to execute arbitrary code with full system privileges.

Stack Overflow Tenda Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4534 HIGH POC This Week

Stack overflow in Tenda FH451 firmware version 1.0.0.9 allows authenticated remote attackers to execute arbitrary code through improper input validation in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires network access and valid credentials but can completely compromise the affected device's confidentiality, integrity, and availability.

Stack Overflow Tenda Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2019-25589 MEDIUM POC This Month

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zoc Terminal
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25584 MEDIUM POC This Month

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rarmaradio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-4529 HIGH POC This Week

Stack-based buffer overflow in D-Link DHP-1320 PowerLine AV adapter (firmware 1.00WWB04) allows remote authenticated attackers to execute arbitrary code with full device control via malformed SOAP requests to the redirect_count_down_page function. Publicly available exploit code exists on GitHub (confirmed by VulDB). EPSS score of 0.04% (14th percentile) indicates low observed exploitation in the wild despite POC availability. Product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices.

Stack Overflow D-Link Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2019-25569 MEDIUM POC This Month

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Realterm
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25567 MEDIUM POC This Month

Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Valentina Studio
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25566 MEDIUM POC This Month

TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Transmac
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25565 MEDIUM POC This Month

Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Magic Iso Maker
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25564 MEDIUM POC This Month

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Pchelpwarev2
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2019-25562 MEDIUM POC This Month

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Convert Video Jetaudio
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2019-25561 MEDIUM POC This Month

Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Lyric Maker
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25558 MEDIUM POC This Month

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Selfie Studio
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25556 MEDIUM POC This Month

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Twistedbrush Pro Studio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25554 MEDIUM POC This Month

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Mp4 Converter
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2019-25550 MEDIUM POC This Month

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Encrypt Pdf
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25549 MEDIUM POC This Month

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Verypdf Pcl Converter
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25547 MEDIUM POC This Month

NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netaware
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25546 MEDIUM POC This Month

NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Netaware
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25545 MEDIUM POC This Month

Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Terminal Services Manager
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-21732 CRITICAL Act Now

GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.

Buffer Overflow Memory Corruption Graphics Ddk
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-33164 HIGH PATCH This Week

A malformed H.265 PPS (Picture Parameter Set) NAL unit in libde265 prior to version 1.0.17 triggers a segmentation fault in the pic_parameter_set::set_derived_values() function, causing denial of service. Any application using affected versions of libde265 to decode H.265 video streams is vulnerable to crash via specially crafted video files or streams. The vulnerability has been patched in version 1.0.17, and a GitHub security advisory documents the issue.

Buffer Overflow Heap Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33165 MEDIUM PATCH This Month

A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Multiple memory safety bugs affecting Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR allow remote attackers to achieve arbitrary code execution through memory corruption vulnerabilities. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are confirmed affected, with evidence suggesting these memory corruption issues could be exploited under sufficient effort. The vulnerability class encompasses buffer overflow and memory safety defects that demonstrate exploitation potential, though no active public exploitation has been documented at this time.

Mozilla RCE Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An incorrect boundary conditions vulnerability exists in Firefox and Firefox ESR's Audio/Video component that enables information disclosure attacks. Firefox versions below 149 and Firefox ESR versions below 140.9 are affected. Attackers can exploit improper boundary validation in audio/video processing to leak sensitive information from the browser process.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A boundary condition vulnerability combined with an integer overflow flaw exists in the Graphics component of Mozilla Firefox, affecting Firefox versions prior to 149, Firefox ESR versions prior to 115.34, and Firefox ESR versions prior to 140.9. This vulnerability could allow an attacker to trigger a buffer overflow through specially crafted graphics data, potentially leading to memory corruption and arbitrary code execution. While no CVSS score or EPSS data is currently available, the Mozilla security advisories confirm the vulnerability affects multiple product lines across different release channels.

Mozilla Integer Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

A sandbox escape vulnerability exists in Mozilla Firefox due to incorrect boundary conditions and integer overflow within the XPCOM component, allowing attackers to break out of the browser's security sandbox and potentially execute arbitrary code with elevated privileges. Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9 are affected. An attacker capable of triggering the integer overflow in XPCOM can exploit the boundary condition flaw to escape the sandbox, potentially leading to full system compromise depending on browser privilege level and operating system context.

Buffer Overflow Mozilla Integer Overflow +1
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system.

Mozilla Buffer Overflow Firefox Esr
NVD VulDB GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE File Upload +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Local buffer overflow in River Past Cam Do 3.7.6's activation code field enables arbitrary code execution with SYSTEM privileges through specially crafted 608-byte input followed by shellcode and SEH chain overwrite. While exploitation requires local access and a publicly available exploit exists (Exploit-DB 46670), EPSS score of 0.01% indicates minimal real-world exploitation activity. The vulnerability affects a legacy multimedia application with no confirmed vendor patch, making it primarily relevant for environments still running this discontinued software.

Buffer Overflow RCE File Upload +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption through out-of-bounds writes in Android-ImageMagick7 prior to version 7.1.2-11 enables local attackers to achieve arbitrary code execution with user interaction. The vulnerability affects Google's implementation of ImageMagick and carries a CVSS score of 7.8, indicating high severity with complete confidentiality, integrity, and availability impact. A patch is available for affected users.

Buffer Overflow Google Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Android-ImageMagick7 versions prior to 7.1.2-11 are vulnerable to integer overflow that allows local attackers with user interaction to cause a denial of service condition. The vulnerability requires local access and user interaction to trigger, making it a lower-risk but still exploitable flaw in image processing operations. A patch is available for affected installations.

Integer Overflow Buffer Overflow Google +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption through out-of-bounds write in Android-ImageMagick7 before version 7.1.2-10 enables remote code execution when a user processes a malicious image file. An attacker can exploit this vulnerability over the network without authentication to achieve complete system compromise including data theft, modification, and denial of service. A patch is available for affected Android devices running vulnerable versions of the ImageMagick library.

Google Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

This is a memory buffer boundary restriction vulnerability (buffer overflow) in LinkingVision RapidVMS that allows an attacker with local access to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of RapidVMS prior to PR#96 and has been patched by the vendor via GitHub pull request #98. While the CVSS score is 7.8 (high severity), the local attack vector and required user interaction reduce the immediate remote exploitation risk, and there is no evidence of active exploitation or public proof-of-concept at this time.

Buffer Overflow Rapidvms
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

RapidVMS before PR#96 contains a buffer overflow vulnerability that allows unauthenticated remote attackers to achieve code execution, data theft, or system compromise with minimal user interaction. The flaw stems from improper memory bounds checking and carries a high CVSS score of 8.8 with network-based attack vectors. A patch is available to address this critical memory safety issue.

Buffer Overflow Rapidvms
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

RapidVMS before patch PR#96 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication or user interaction. The high CVSS score (8.8) reflects the critical nature of this network-accessible flaw affecting confidentiality, integrity, and availability of affected systems. A patch is available and should be prioritized immediately given the severe exploitation potential.

Buffer Overflow Rapidvms
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in doslib versions prior to 20250729 allows local attackers with user interaction to achieve full system compromise including code execution, data theft, and denial of service. The vulnerability requires local access and user interaction to trigger, but once exploited grants complete control over affected systems.

Buffer Overflow Doslib
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

WujekFoliarz DualSenseY-v2 versions prior to 54 contain an out-of-bounds write vulnerability that allows local attackers with user interaction to achieve arbitrary code execution with full system compromise. The CVSS 7.8 rating reflects the high impact on confidentiality, integrity, and availability through memory corruption exploitation. A patch is available for affected users to mitigate this local privilege escalation risk.

Buffer Overflow Memory Corruption Dualsensey V2
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

RetroDebugger versions before 0.64.72 contain an out-of-bounds read vulnerability that allows remote attackers to cause denial of service and potentially disclose sensitive information without authentication or user interaction. The network-accessible vulnerability has a CVSS score of 9.1 and a patch is available.

Buffer Overflow Information Disclosure Retrodebugger
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Out-of-bounds read in woof before version 15.3.0 allows remote attackers to trigger information disclosure and denial of service without authentication or user interaction. This critical vulnerability affects Debian systems and can be exploited over the network to leak sensitive data or crash the application. A patch is available and should be applied immediately.

Buffer Overflow Information Disclosure Woof
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Out-of-bounds write vulnerability in Proton versions before 1.6.16 allows remote attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the inflate.C module within the base/poco/Foundation components and can be exploited over the network without authentication or user interaction. A patch is available to remediate this critical flaw.

Buffer Overflow Proton
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Out-of-bounds read vulnerability in Notepad3's Oniguruma regex engine (regcomp.C) allows local attackers with user interaction to trigger memory disclosure or potential code execution with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions before 6.25.714.1 and has a critical CVSS score of 9.3. A patch is available and users should update immediately.

Buffer Overflow Information Disclosure Notepad3
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Integer overflow in the Expat XML parser module within InsightSoftwareConsortium ITK before version 2.7.1 allows remote attackers to cause denial of service or potentially execute arbitrary code through specially crafted XML input. The vulnerability affects all users of vulnerable ITK versions and requires only network access and user interaction to exploit. A patch is available in ITK 2.7.1 and later.

Buffer Overflow Integer Overflow Itk
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

A buffer overflow vulnerability in GDAL versions before 3.11.0 within the zlib infback9 module allows remote attackers to achieve arbitrary code execution or cause denial of service through specially crafted compressed data. The vulnerability requires user interaction to trigger but has a network attack vector with no authentication needed. A patch is available and should be applied immediately to affected GDAL installations.

Buffer Overflow Gdal Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

A buffer overflow vulnerability in Modizer before v4.3 allows remote attackers to execute arbitrary code with high privileges by sending specially crafted input that bypasses memory boundary restrictions in the IMAP module. The network-accessible flaw requires minimal user interaction and affects the integrated libopenmpt curl library. A patch is available and should be applied immediately given the critical severity and confirmed attack vector.

Buffer Overflow Modizer
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Out-of-bounds read in Furnace before version 0.7 allows local attackers to read sensitive memory contents through a crafted FLAC file processed by the modified libsndfile module. This vulnerability could enable information disclosure or potentially facilitate further exploitation of the audio processing application.

Buffer Overflow Information Disclosure Furnace
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Integer overflow in ART's rtengine dcraw.C module before version 1.25.12 allows local attackers with user interaction to achieve high-impact compromise of confidentiality, integrity, and availability. This vulnerability requires local access and user interaction to trigger, making it exploitable primarily through malicious image files or project files opened by victims.

Buffer Overflow Integer Overflow Art
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Mod_gnutls, a TLS module for Apache HTTPD, contains a stack-based buffer overflow vulnerability in its client certificate verification code. Versions prior to 0.12.3 and 0.13.0 fail to validate the length of client-provided certificate chains before writing pointers to a fixed-size array, typically causing segmentation faults (denial of service) and theoretically enabling stack corruption. Only configurations explicitly requiring client certificate verification are affected; default configurations using 'GnuTLSClientVerify ignore' are not vulnerable.

Apache Buffer Overflow Stack Overflow
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory write in Google Chrome's font handling prior to version 146.0.7680.165 enables remote code execution when users visit malicious HTML pages. An unauthenticated attacker can exploit an integer overflow vulnerability to achieve complete system compromise with high integrity and confidentiality impact. Patches are available for Chrome and affected Debian systems.

Google Buffer Overflow Debian +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

This vulnerability is an out-of-bounds memory read flaw in the WebAudio API implementation within Google Chrome prior to version 146.0.7680.165. A remote attacker can craft a malicious HTML page to trigger the vulnerability and read sensitive memory contents, leading to information disclosure. Although no CVSS score or EPSS data is provided, the Chromium security severity is rated as High, and the vulnerability affects all users of vulnerable Chrome versions until patching.

Debian Google Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Google Chrome's WebGL implementation contains a heap buffer overflow that enables remote attackers to read arbitrary memory by serving a specially crafted HTML page to users prior to version 146.0.7680.165. This network-based vulnerability requires only user interaction and affects Chrome on all platforms, granting attackers access to sensitive data in the browser's memory. A patch is available and should be applied immediately given the high severity and potential for exploitation.

Debian Google Heap Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds memory read in Google Chrome's CSS parser prior to version 146.0.7680.165 allows remote attackers to access sensitive memory contents through a malicious HTML page. The vulnerability requires user interaction and affects Chrome on multiple platforms including Debian systems, enabling attackers to potentially leak confidential data with high impact on confidentiality and integrity.

Debian Google Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Unauthenticated remote attackers can exploit a heap buffer overflow in Google Chrome's WebAudio component (versions prior to 146.0.7680.165) by hosting malicious HTML pages that trigger out-of-bounds memory writes. This vulnerability enables arbitrary code execution with full system compromise potential. A patch is available from Google and Debian.

Debian Google Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an integer overflow in the `ggml_nbytes` function, causing heap buffer overflow during tensor processing. An attacker can bypass memory validation by specifying tensor dimensions that cause the size calculation to underflow dramatically, allowing memory corruption and potential code execution. The vulnerability affects Debian and other systems running vulnerable versions of llama.cpp, with no patch currently available.

RCE Buffer Overflow Heap Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. No CVSS score, EPSS data, or public exploitation confirmation is currently available, but the vulnerabilities are documented in Savannah bug reports with clear technical details.

Buffer Overflow Dell Stack Overflow
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

A security vulnerability in An incomplete fix for CVE-2024-47778 (CVSS 5.1) that allows an out-of-bounds read. Remediation should follow standard vulnerability management procedures.

Buffer Overflow Information Disclosure Red Hat Enterprise Linux 10 +4
NVD VulDB
EPSS 0% 4.9 CVSS 9.3
CRITICAL POC KEV PATCH THREAT Act Now

An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.

Information Disclosure Citrix Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A specially crafted XCOFF object file can trigger an out-of-bounds memory read in the GNU Binutils BFD library due to improper validation of relocation type values. This affects Red Hat Enterprise Linux versions 6 through 10 and Red Hat OpenShift Container Platform 4, potentially allowing local attackers with user interaction to crash affected tools or disclose sensitive memory contents. While not currently listed in CISA KEV as actively exploited, the vulnerability is tracked across Red Hat, Sourceware, and Bugzilla with upstream references indicating visibility and likely patch development.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 +5
NVD VulDB
EPSS 0% CVSS 8.9
HIGH POC This Week

Stack-based buffer overflow in Tenda A15 router firmware version 15.13.07.13 allows unauthenticated remote attackers to achieve complete system compromise through a malicious file upload to the UploadCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with trivial complexity.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Belkin F9K1122 firmware version 1.00.33 allows authenticated remote attackers to achieve complete system compromise through manipulation of the webpage parameter in the formWISP5G function. Public exploit code exists for this vulnerability and the vendor has not provided patches or responded to disclosure attempts. An attacker with network access can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

Buffer overflow in Tenda AC21 firmware version 16.03.08.16 allows authenticated remote attackers to achieve complete system compromise through crafted QoS configuration requests to the SetNetControlList endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).

Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

XnSoft NConvert version 7.230 contains a stack buffer overflow vulnerability triggered by specially crafted TIFF files, allowing an attacker to overwrite stack memory and potentially execute arbitrary code or cause denial of service. The vulnerability affects the image conversion functionality of NConvert, a widely-used command-line image conversion tool. A proof-of-concept exploit has been documented on GitHub (PassMoon/Nconvert_Vul), indicating public awareness and potential active exploitation risk.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 through stack-based buffer overflow in the /goform/formEasySetTimezone endpoint allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with valid credentials can exploit this remotely without user interaction to execute arbitrary commands with system privileges.

D-Link Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Tenda F453 1.0.0.3 contains a stack-based buffer overflow in the Natlimit parameter handler that allows authenticated remote attackers to achieve full system compromise through a malicious page argument. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow to execute arbitrary code with high integrity and confidentiality impact.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access can execute arbitrary code with high impact on confidentiality, integrity, and availability.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Tenda F453 version 1.0.0.3 contains a stack-based buffer overflow in the SafeClientFilter parameter handler that allows authenticated remote attackers to execute arbitrary code by manipulating the manufacturer/Go argument. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Buffer Overflow Tenda Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service File Upload Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers with valid credentials to execute arbitrary code with full system privileges.

Stack Overflow Tenda Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack overflow in Tenda FH451 firmware version 1.0.0.9 allows authenticated remote attackers to execute arbitrary code through improper input validation in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires network access and valid credentials but can completely compromise the affected device's confidentiality, integrity, and availability.

Stack Overflow Tenda Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM POC This Month

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zoc Terminal
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rarmaradio
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link DHP-1320 PowerLine AV adapter (firmware 1.00WWB04) allows remote authenticated attackers to execute arbitrary code with full device control via malformed SOAP requests to the redirect_count_down_page function. Publicly available exploit code exists on GitHub (confirmed by VulDB). EPSS score of 0.04% (14th percentile) indicates low observed exploitation in the wild despite POC availability. Product reached end-of-life and receives no security updates from D-Link, making this a permanent risk for deployed devices.

Stack Overflow D-Link Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 6.2
MEDIUM POC This Month

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Transmac
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Encrypt Pdf
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netaware
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 9.6
CRITICAL Act Now

GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.

Buffer Overflow Memory Corruption Graphics Ddk
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A malformed H.265 PPS (Picture Parameter Set) NAL unit in libde265 prior to version 1.0.17 triggers a segmentation fault in the pic_parameter_set::set_derived_values() function, causing denial of service. Any application using affected versions of libde265 to decode H.265 video streams is vulnerable to crash via specially crafted video files or streams. The vulnerability has been patched in version 1.0.17, and a GitHub security advisory documents the issue.

Buffer Overflow Heap Overflow Libde265
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
Prev Page 35 of 402 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy