Skip to main content

Buffer Overflow

36142 CVEs technique

Monthly

CVE-2026-2776 CRITICAL PATCH Act Now

Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-2774 CRITICAL PATCH Act Now

Integer overflow in Firefox Audio/Video component before 148. Overflow in media processing leads to incorrect memory allocations.

Integer Overflow Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2773 CRITICAL PATCH Act Now

Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2771 CRITICAL PATCH Act Now

Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.

Buffer Overflow Mozilla Information Disclosure Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2762 CRITICAL PATCH Act Now

Integer overflow in Firefox JavaScript Standard Library before 148 leads to memory corruption through crafted JavaScript operations.

Integer Overflow Mozilla Buffer Overflow Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26981 PyPI MEDIUM POC PATCH GHSA This Month

OpenEXR versions 3.3.0-3.3.6 and 3.4.0-3.4.4 are vulnerable to a heap buffer overflow in file parsing due to improper integer handling when processing malformed EXR files, allowing attackers to trigger a denial of service through memory-mapped streams. Public exploit code exists for this vulnerability. Patched versions 3.3.7 and 3.4.5 are available.

Buffer Overflow Openexr Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26284 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. The pcd coder lacks proper boundary checking when processing Huffman-coded data. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25987 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Buffer Overflow Denial Of Service Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25986 NuGet MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to a heap buffer overflow in the YUV image decoder that allows remote attackers to trigger a denial of service condition by processing specially crafted YUV 4:2:2 images. The vulnerability stems from an off-by-one write error in the pixel processing loop that exceeds allocated buffer boundaries. No patch is currently available for affected installations.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25968 NuGet CRITICAL PATCH Act Now

Stack buffer overflow in ImageMagick's MSL (Magick Scripting Language) parser allows remote attackers to corrupt memory and potentially execute arbitrary code by supplying an MSL document with an oversized attribute value processed by msl.c. All ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected, as well as Magick.NET bindings below 14.10.3. No public exploit identified at time of analysis and EPSS is very low (0.06%, 17th percentile), but the CVSS 9.8 reflects the worst-case unauthenticated RCE potential against any service that parses attacker-controlled MSL input.

Buffer Overflow Imagemagick Stack Overflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25967 NuGet HIGH PATCH This Week

Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. No patch is currently available for this HIGH severity issue (CVSS 7.4).

Buffer Overflow Stack Overflow Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-25898 NuGet MEDIUM PATCH This Month

ImageMagick's UIL and XPM image encoders fail to validate pixel index values before using them as array subscripts, allowing an attacker to craft malicious images that trigger out-of-bounds reads in HDRI builds. Exploitation can result in information disclosure or denial of service through process crashes. Versions prior to 7.1.2-15 and 6.9.13-40 are affected, and no patch is currently available.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick Red Hat +1
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25794 NuGet HIGH PATCH GHSA This Week

Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplying specially crafted images with large dimensions, potentially crashing the application or corrupting heap memory. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and requires no user interaction or authentication to exploit. Organizations using vulnerable versions should upgrade immediately, as no workaround is available.

Imagemagick Buffer Overflow Heap Overflow
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-25576 NuGet MEDIUM PATCH This Month

Heap buffer over-read in ImageMagick and Magick.Net raw image format handlers allows local attackers to read sensitive data from heap memory when processing specially crafted images with mismatched extraction and size parameters. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, potentially exposing confidential information through out-of-bounds memory access. A patch is available for affected users.

Buffer Overflow Imagemagick Magick.Net Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-3044 HIGH This Week

Remote code execution in Tenda AC8 firmware versions up to 16.03.34.06 allows authenticated attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP upload handler. Public exploit code exists for this vulnerability, which has no patch available. An attacker with valid credentials can trigger the overflow by manipulating the boundary parameter in multipart upload requests.

Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-69248 HIGH POC PATCH This Week

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Amf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-69247 HIGH POC PATCH This Week

free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]

Buffer Overflow Heap Overflow Denial Of Service Go Upf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-21863 HIGH PATCH This Week

Out-of-bounds read in Valkey clusterbus port processing allows network-adjacent attackers to crash affected systems by sending specially crafted packets that bypass buffer validation checks. This vulnerability affects Valkey versions prior to 9.0.2, 8.1.6, 8.0.7, and 7.2.12, impacting any deployment exposing the clusterbus port to untrusted networks. Patches are available and administrators should restrict clusterbus access with network ACLs as an immediate mitigation.

Valkey Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-61147 MEDIUM This Month

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). [CVSS 6.2 MEDIUM]

Buffer Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-3016 HIGH POC This Week

Remote code execution in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated attackers to achieve full system compromise through a buffer overflow in the P2P limit configuration function. The vulnerability exists due to unsafe use of strcpy() in the /goform/formP2PLimitConfig endpoint and is exploitable over the network with public exploit code currently available. No patch has been released, making this a critical risk for deployed devices.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3015 HIGH POC This Week

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated remote attackers to achieve code execution by supplying an oversized GroupName parameter to the /goform/formPolicyRouteConf endpoint. Public exploit code exists for this vulnerability and no patch is currently available.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14905 HIGH PATCH This Week

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. [CVSS 7.2 HIGH]

RCE Buffer Overflow Heap Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-69700 HIGH POC This Week

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Fh1203 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2981 HIGH POC This Week

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 allows authenticated remote attackers to execute arbitrary code by exploiting a buffer overflow in the /goform/formTaskEdit_ap endpoint. An attacker can trigger the vulnerability by crafting a malicious txtMin2 parameter that overflows the strcpy function, and public exploit code exists for this flaw. No patch is currently available for affected devices.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2980 HIGH POC This Week

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-1711 allows remote attackers with high privileges to execute arbitrary code through the passwd1 parameter in the /goform/setSysAdm function. Public exploit code exists for this vulnerability and no patch is currently available. An authenticated attacker can leverage this flaw to achieve complete system compromise with high impact on confidentiality, integrity, and availability.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2962 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2961 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2960 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2959 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2958 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2940 MEDIUM This Month

Out-of-bounds write in the URL handler of Zaher1307's tiny_web_server allows remote attackers to achieve code execution, information disclosure, or denial of service without authentication. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. Users of tiny_web_server should implement network segmentation or disable this service until a fix becomes available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-2935 HIGH POC This Week

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overflow a buffer via the remark parameter in the /goform/ConfigExceptMSN endpoint. Public exploit code is available and no patch has been released, creating immediate risk for exposed devices.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2930 LOW Monitor

Stack buffer overflow in Tenda A18 15.13.07.13 firmware allows authenticated remote attackers to execute arbitrary code through malformed boundary parameters in the /cgi-bin/UploadCfg HTTP endpoint. The vulnerability affects the webCgiGetUploadFile function within the Httpd service and has public exploit code available. Affected users should apply patches when available, as the vulnerability requires valid credentials but no user interaction.

Buffer Overflow Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2929 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2928 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) WLAN encryption configuration endpoint allows authenticated remote attackers to execute arbitrary code with high integrity and confidentiality impact. The vulnerability exists in the submit-url parameter handling within the /boafrm/formWlEncrypt component and has public exploit code available. No patch is currently available for this vulnerability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2927 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve code execution by manipulating the submit-url parameter in the Operation Mode Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this flaw to fully compromise affected devices.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2926 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the LTE Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this flaw to achieve complete system compromise including confidentiality, integrity, and availability breaches.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2925 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2913 LOW POC PATCH Monitor

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. [CVSS 2.5 LOW]

Buffer Overflow Libvips
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-2911 HIGH POC This Week

Buffer overflow in Tenda FH451 firmware versions up to 1.0.0.9 allows authenticated remote attackers to achieve code execution through crafted requests to the /goform/GstDhcpSetSer endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all affected devices at risk.

Buffer Overflow Fh451 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2910 HIGH POC This Week

Stack-based buffer overflow in Tenda HG9 firmware's pingAddr parameter allows unauthenticated remote attackers to achieve code execution through the /boaform/formPing6 endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries high severity with complete compromise potential across confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2909 HIGH POC This Week

Stack-based buffer overflow in the Diagnostic Ping Endpoint of Tenda HG9 firmware allows unauthenticated remote attackers to achieve code execution by supplying a malicious pingAddr parameter. The vulnerability exists in the /boaform/formPing component and is exploitable over the network with low complexity. Public exploit code exists and no patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2908 HIGH POC This Week

Stack-based buffer overflow in Tenda HG9 firmware's loopback detection endpoint allows remote attackers with valid credentials to achieve complete system compromise through manipulation of the Ethtype parameter. Public exploit code exists for this vulnerability, creating immediate risk in deployed environments. No patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2907 HIGH POC This Week

Remote code execution in Tenda HG9 firmware via stack buffer overflow in the GPON configuration endpoint allows authenticated attackers to achieve full system compromise through manipulation of LOID parameters. Public exploit code exists for this vulnerability, increasing the risk of active exploitation in deployed devices. No patch is currently available, making network segmentation and access controls critical for mitigation.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2906 HIGH POC This Week

Remote code execution in Tenda HG9 firmware via stack buffer overflow in the Samba configuration endpoint allows authenticated attackers to achieve complete system compromise through manipulation of the sambaCap parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2905 HIGH POC This Week

Stack buffer overflow in Tenda HG9 firmware's wireless configuration endpoint allows authenticated remote attackers to achieve arbitrary code execution through a malicious SSID parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability affects the /boaform/formWlanSetup component and currently has no available patch.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2904 HIGH POC This Week

Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G firmware's /goform/ConfigExceptAli endpoint via unsafe string handling. Public exploit code is available for this vulnerability, increasing exploitation risk for unpatched devices. The flaw requires only network access and affects firmware version 1.7.7-171114 with no patch currently available.

Buffer Overflow 810g Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2889 LOW Monitor

A vulnerability was detected in CCExtractor versions up to 0.96.5. is affected by buffer overflow (CVSS 3.3).

Buffer Overflow Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2886 HIGH POC This Week

Stack Overflow and Tenda A21 1.0.0.0 are vulnerable to remote code execution through a stack-based buffer overflow in the device name configuration function, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve complete compromise of affected systems. No patch is currently available.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2885 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2884 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution through a malformed submit-url parameter in the WAN interface configuration handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this to gain complete system compromise.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2883 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the submit-url parameter in the /boafrm/formIpQoS function. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for affected deployments.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2882 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the /boafrm/formDosCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires low complexity with no user interaction, affecting device confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2881 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configuration endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the /boafrm/formFirewallAdv component where improper input validation on the submit-url parameter enables stack overflow attacks. Public exploit code is available and no patch has been released.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2877 HIGH This Week

Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges to achieve code execution through the wpapsk_crypto5g parameter in the /goform/WifiExtraSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the combination of remote exploitability and complete system compromise potential.

Buffer Overflow Stack Overflow A18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2876 HIGH This Week

Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete system compromise through a malformed deviceList parameter in the /goform/setBlackRule endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for affected devices.

Buffer Overflow Stack Overflow A18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2874 HIGH POC This Week

Remote code execution in Tenda A21 1.0.0.0 firmware via stack-based buffer overflow in the WiFi settings endpoint allows authenticated attackers to execute arbitrary code with full system privileges. The vulnerability exists in the fast_setting_wifi_set function where unsanitized SSID parameter input can overflow the stack, and public exploit code is currently available. No patch has been released for this high-severity vulnerability affecting both the A21 firmware and Stack Overflow products.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2873 HIGH POC This Week

Stack-based buffer overflow in Tenda A21 firmware allows remote attackers with valid credentials to achieve complete system compromise through malicious input to the schedStartTime/schedEndTime parameters in the openSchedWifi function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects confidentiality, integrity, and availability with high severity (CVSS 8.8).

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2872 HIGH POC This Week

Stack-based buffer overflow in Tenda A21 1.0.0.0 MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through malicious devName/mac parameters. Public exploit code exists for this vulnerability, which remains unpatched. The flaw affects the set_device_name function in the /goform/setBlackRule endpoint with high exploitability due to network accessibility and low attack complexity.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2871 HIGH POC This Week

Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function accessible via the /goform/SetIpMacBind endpoint, allowing unauthenticated remote attackers to execute arbitrary code with high integrity and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

DNS Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2870 HIGH POC This Week

Remote code execution in Tenda A21 firmware through a stack buffer overflow in the QoS bandwidth configuration endpoint allows unauthenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function when processing unsanitized input, enabling network-based attacks from authenticated users or potentially lower-privileged roles.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2869 LOW POC PATCH Monitor

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. [CVSS 3.3 LOW]

Buffer Overflow Janet
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-27168 HIGH POC This Week

The SAIL image library contains a heap buffer overflow in its XWD file parser that fails to validate the bytes_per_line value read from untrusted files, allowing attackers to trigger out-of-bounds memory writes during image processing. Public exploit code exists for this vulnerability affecting all versions of SAIL. No patch is currently available, leaving users of this cross-platform image loading library exposed to potential code execution or denial of service attacks.

Buffer Overflow Heap Overflow Sail
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2048 HIGH PATCH This Week

GIMP is vulnerable to out-of-bounds memory write during XWD file parsing due to insufficient input validation, enabling arbitrary code execution when a user opens a malicious image file. This high-severity vulnerability (CVSS 7.8) affects local attackers who can craft specially crafted XWD files to corrupt memory and execute code with the privileges of the GIMP process. No patch is currently available.

RCE Gimp Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2047 HIGH PATCH This Week

Remote code execution in GIMP through heap buffer overflow during ICNS file parsing allows attackers to execute arbitrary code when a user opens a malicious image file. The vulnerability stems from insufficient validation of user-supplied data lengths before copying to heap memory, requiring only user interaction to trigger. A patch is available for affected installations.

RCE Buffer Overflow Heap Overflow Gimp
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-2045 HIGH PATCH This Week

Out-of-bounds write in GIMP 3.0.6's XWD (X Window Dump) image file parser allows remote attackers to execute arbitrary code in the context of the user running GIMP, provided the victim is lured into opening a malicious XWD file or visiting a page that delivers one. The CVSS 3.1 vector (AV:L/UI:R) shows this is not a remote-network attack but a user-interaction-driven file-parsing flaw, scored 7.3 (High). There is no public exploit identified at time of analysis, and EPSS is very low (0.08%, 23rd percentile), consistent with an attack that depends on social engineering rather than mass automation.

RCE Gimp Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-2034 HIGH This Week

Remote code execution in Sante DICOM Viewer Pro via buffer overflow when parsing malicious DCM files allows attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient validation of user-supplied data length before copying to a buffer, requiring user interaction such as opening a malicious file or visiting a compromised page. No patch is currently available for this high-severity flaw.

RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2019-25437 MEDIUM POC This Month

Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25435 HIGH POC This Week

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. [CVSS 7.8 HIGH]

Buffer Overflow Stack Overflow Deviceviewer
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2019-25434 MEDIUM POC This Month

SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. [CVSS 7.5 HIGH]

Denial Of Service Spotauditor Buffer Overflow Stack Overflow
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.1%
CVE-2026-2858 LOW Monitor

A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. [CVSS 3.3 LOW]

Buffer Overflow Wren
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-0797 HIGH PATCH This Week

Remote code execution in GIMP 3.2.0-rc1 lets attackers run arbitrary code by tricking a user into opening a malicious ICO image file or visiting a page that delivers one. The flaw is a heap-based buffer overflow in the ICO file parser caused by missing length validation before a copy operation, and it executes code in the context of the GIMP process. No public exploit has been identified at time of analysis, and EPSS estimates exploitation probability at just 0.06% (19th percentile), consistent with a user-interaction-gated client-side bug rather than mass-exploited infrastructure.

RCE Buffer Overflow Heap Overflow Gimp
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2857 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve complete system compromise through the Port Forwarding Configuration endpoint. The vulnerability exists in the submit-url parameter processing and has public exploit code available. Affected devices are remotely exploitable by authenticated users with no user interaction required.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2856 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware 1.01.07 Filter Configuration endpoint allows authenticated remote attackers to achieve full system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but executes with no user interaction needed.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2855 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware's DDNS settings handler allows authenticated remote attackers to achieve complete system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.01.07 and can be exploited without user interaction.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2854 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 NTP configuration endpoint allows remote authenticated attackers to achieve complete system compromise through manipulation of the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries a high severity rating with CVSS score of 8.8 due to potential for remote code execution with minimal attack complexity.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2853 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve full system compromise through manipulation of the submit-url parameter in the System Log Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger this flaw to execute arbitrary code with complete control over confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26967 MEDIUM PATCH This Month

PJSIP versions 2.16 and below contain a heap buffer overflow in the H.264 video unpacketizer that fails to properly validate NAL unit size fields in malformed SRTP packets, allowing remote attackers to trigger memory corruption on systems receiving H.264 video streams. The vulnerability has a CVSS score of 5.3 and enables information disclosure through heap memory access. A patch is available for affected deployments.

Github Buffer Overflow Heap Overflow Pjsip Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2738 Monitor

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet

Buffer Overflow Denial Of Service
NVD
EPSS
0.0%
CVE-2026-26200 HIGH POC PATCH This Week

Heap buffer overflow in HDF5 versions prior to 1.14.4-2 allows attackers to trigger denial-of-service or potentially achieve code execution by crafting malicious h5 files. The vulnerability affects any system parsing untrusted HDF5 data files and has public exploit code available. A patch is not yet available, leaving affected deployments at risk.

RCE Buffer Overflow Heap Overflow Hdf5
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-69674 MEDIUM This Month

Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of the mesh_node_config and domiainblk_config modules [CVSS 6.4 MEDIUM]

Buffer Overflow
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2705 PyPI LOW POC PATCH GHSA Monitor

Out-of-bounds memory reads in Open Babel's MOL2 file handler (via OBAtom::SetFormalCharge function) allow remote attackers to trigger denial of service through malicious molecule files. Public exploit code is available for this vulnerability, which remains unpatched as of the advisory date. Versions up to 3.1.1 are affected.

Buffer Overflow Open Babel Babel
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2704 PyPI LOW POC PATCH GHSA Monitor

Out-of-bounds read in Open Babel's CIF file handler (versions up to 3.1.1) allows remote denial of service when processing malicious files. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can trigger a crash by sending specially crafted input to the affected transform3d function without requiring authentication or user interaction beyond opening a file.

Buffer Overflow Open Babel Babel
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2650 HIGH PATCH This Week

Google Chrome versions before 145.0.7632.109 contain a heap buffer overflow in the Media component that can be triggered by a remote attacker through a specially crafted HTML page, potentially leading to heap corruption and arbitrary code execution. The vulnerability requires user interaction to exploit and affects all Chrome users who encounter a malicious webpage. No patch is currently available for this high-severity issue.

Google Buffer Overflow Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2648 HIGH PATCH This Week

Google Chrome's PDFium library contains a heap buffer overflow vulnerability that enables remote attackers to execute arbitrary code or corrupt memory by opening specially crafted PDF files, affecting all users without requiring authentication or special user interaction. The vulnerability impacts Chrome versions prior to 145.0.7632.109 with a high CVSS score of 8.8, though no patch is currently available. An attacker can exploit this to achieve complete compromise of the affected system including confidentiality, integrity, and availability of data.

Buffer Overflow Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2019-25365 CRITICAL POC Act Now

Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.

Windows RCE Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25364 CRITICAL POC Act Now

Buffer overflow in MailCarrier 2.51 POP3 server via USER command allows remote attackers to execute arbitrary code. Network-exploitable without authentication. PoC available.

Buffer Overflow Mailcarrier
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2019-25363 HIGH POC This Week

Wmv To Avi Mpeg Dvd Wmv Convertor versions up to 4.6.1217 is affected by stack-based buffer overflow (CVSS 7.5).

Buffer Overflow Denial Of Service Wmv To Avi Mpeg Dvd Wmv Convertor
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2019-25362 CRITICAL POC Act Now

Buffer overflow in WMV to AVI MPEG DVD Convertor 4.6.1217 allows code execution via crafted media files. PoC available.

DNS Buffer Overflow Stack Overflow Wmv To Avi Mpeg Dvd Wmv Convertor
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2019-25361 CRITICAL POC Act Now

Buffer overflow in Ayukov NFTP client 1.71 in SYST command handling allows remote FTP servers to execute arbitrary code on connecting clients. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape via Telemetry component in Firefox external software before 148. CVSS 10.0 — fourth sandbox escape in this release, through the telemetry subsystem.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Firefox Audio/Video component before 148. Overflow in media processing leads to incorrect memory allocations.

Integer Overflow Mozilla Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Boundary error in Firefox Web Audio component before 148. Crafted audio processing triggers memory corruption.

Buffer Overflow Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Undefined behavior in Firefox DOM Core & HTML component before 148. Can lead to memory corruption and potential code execution.

Buffer Overflow Mozilla Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Firefox JavaScript Standard Library before 148 leads to memory corruption through crafted JavaScript operations.

Integer Overflow Mozilla Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

OpenEXR versions 3.3.0-3.3.6 and 3.4.0-3.4.4 are vulnerable to a heap buffer overflow in file parsing due to improper integer handling when processing malformed EXR files, allowing attackers to trigger a denial of service through memory-mapped streams. Public exploit code exists for this vulnerability. Patched versions 3.3.7 and 3.4.5 are available.

Buffer Overflow Openexr Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. The pcd coder lacks proper boundary checking when processing Huffman-coded data. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read.

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Buffer Overflow Denial Of Service Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to a heap buffer overflow in the YUV image decoder that allows remote attackers to trigger a denial of service condition by processing specially crafted YUV 4:2:2 images. The vulnerability stems from an off-by-one write error in the pixel processing loop that exceeds allocated buffer boundaries. No patch is currently available for affected installations.

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Stack buffer overflow in ImageMagick's MSL (Magick Scripting Language) parser allows remote attackers to corrupt memory and potentially execute arbitrary code by supplying an MSL document with an oversized attribute value processed by msl.c. All ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected, as well as Magick.NET bindings below 14.10.3. No public exploit identified at time of analysis and EPSS is very low (0.06%, 17th percentile), but the CVSS 9.8 reflects the worst-case unauthenticated RCE potential against any service that parses attacker-controlled MSL input.

Buffer Overflow Imagemagick Stack Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. No patch is currently available for this HIGH severity issue (CVSS 7.4).

Buffer Overflow Stack Overflow Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick's UIL and XPM image encoders fail to validate pixel index values before using them as array subscripts, allowing an attacker to craft malicious images that trigger out-of-bounds reads in HDRI builds. Exploitation can result in information disclosure or denial of service through process crashes. Versions prior to 7.1.2-15 and 6.9.13-40 are affected, and no patch is currently available.

Buffer Overflow Denial Of Service Information Disclosure +3
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplying specially crafted images with large dimensions, potentially crashing the application or corrupting heap memory. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and requires no user interaction or authentication to exploit. Organizations using vulnerable versions should upgrade immediately, as no workaround is available.

Imagemagick Buffer Overflow Heap Overflow
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Heap buffer over-read in ImageMagick and Magick.Net raw image format handlers allows local attackers to read sensitive data from heap memory when processing specially crafted images with mismatched extraction and size parameters. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, potentially exposing confidential information through out-of-bounds memory access. A patch is available for affected users.

Buffer Overflow Imagemagick Magick.Net +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Tenda AC8 firmware versions up to 16.03.34.06 allows authenticated attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP upload handler. Public exploit code exists for this vulnerability, which has no patch available. An attacker with valid credentials can trigger the overflow by manipulating the boundary parameter in multipart upload requests.

Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Amf
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. [CVSS 7.5 HIGH]

Buffer Overflow Heap Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in Valkey clusterbus port processing allows network-adjacent attackers to crash affected systems by sending specially crafted packets that bypass buffer validation checks. This vulnerability affects Valkey versions prior to 9.0.2, 8.1.6, 8.0.7, and 7.2.12, impacting any deployment exposing the clusterbus port to untrusted networks. Patches are available and administrators should restrict clusterbus access with network ACLs as an immediate mitigation.

Valkey Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). [CVSS 6.2 MEDIUM]

Buffer Overflow Libde265
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated attackers to achieve full system compromise through a buffer overflow in the P2P limit configuration function. The vulnerability exists due to unsafe use of strcpy() in the /goform/formP2PLimitConfig endpoint and is exploitable over the network with public exploit code currently available. No patch has been released, making this a critical risk for deployed devices.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated remote attackers to achieve code execution by supplying an oversized GroupName parameter to the /goform/formPolicyRouteConf endpoint. Public exploit code exists for this vulnerability and no patch is currently available.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. [CVSS 7.2 HIGH]

RCE Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Fh1203 Firmware +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 allows authenticated remote attackers to execute arbitrary code by exploiting a buffer overflow in the /goform/formTaskEdit_ap endpoint. An attacker can trigger the vulnerability by crafting a malicious txtMin2 parameter that overflows the strcpy function, and public exploit code exists for this flaw. No patch is currently available for affected devices.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-1711 allows remote attackers with high privileges to execute arbitrary code through the passwd1 parameter in the /goform/setSysAdm function. Public exploit code exists for this vulnerability and no patch is currently available. An authenticated attacker can leverage this flaw to achieve complete system compromise with high impact on confidentiality, integrity, and availability.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds write in the URL handler of Zaher1307's tiny_web_server allows remote attackers to achieve code execution, information disclosure, or denial of service without authentication. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. Users of tiny_web_server should implement network segmentation or disable this service until a fix becomes available.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overflow a buffer via the remark parameter in the /goform/ConfigExceptMSN endpoint. Public exploit code is available and no patch has been released, creating immediate risk for exposed devices.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Stack buffer overflow in Tenda A18 15.13.07.13 firmware allows authenticated remote attackers to execute arbitrary code through malformed boundary parameters in the /cgi-bin/UploadCfg HTTP endpoint. The vulnerability affects the webCgiGetUploadFile function within the Httpd service and has public exploit code available. Affected users should apply patches when available, as the vulnerability requires valid credentials but no user interaction.

Buffer Overflow Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) WLAN encryption configuration endpoint allows authenticated remote attackers to execute arbitrary code with high integrity and confidentiality impact. The vulnerability exists in the submit-url parameter handling within the /boafrm/formWlEncrypt component and has public exploit code available. No patch is currently available for this vulnerability.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve code execution by manipulating the submit-url parameter in the Operation Mode Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this flaw to fully compromise affected devices.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the LTE Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this flaw to achieve complete system compromise including confidentiality, integrity, and availability breaches.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 1.1
LOW POC PATCH Monitor

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. [CVSS 2.5 LOW]

Buffer Overflow Libvips
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Buffer overflow in Tenda FH451 firmware versions up to 1.0.0.9 allows authenticated remote attackers to achieve code execution through crafted requests to the /goform/GstDhcpSetSer endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all affected devices at risk.

Buffer Overflow Fh451 Firmware
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda HG9 firmware's pingAddr parameter allows unauthenticated remote attackers to achieve code execution through the /boaform/formPing6 endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries high severity with complete compromise potential across confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in the Diagnostic Ping Endpoint of Tenda HG9 firmware allows unauthenticated remote attackers to achieve code execution by supplying a malicious pingAddr parameter. The vulnerability exists in the /boaform/formPing component and is exploitable over the network with low complexity. Public exploit code exists and no patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda HG9 firmware's loopback detection endpoint allows remote attackers with valid credentials to achieve complete system compromise through manipulation of the Ethtype parameter. Public exploit code exists for this vulnerability, creating immediate risk in deployed environments. No patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda HG9 firmware via stack buffer overflow in the GPON configuration endpoint allows authenticated attackers to achieve full system compromise through manipulation of LOID parameters. Public exploit code exists for this vulnerability, increasing the risk of active exploitation in deployed devices. No patch is currently available, making network segmentation and access controls critical for mitigation.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda HG9 firmware via stack buffer overflow in the Samba configuration endpoint allows authenticated attackers to achieve complete system compromise through manipulation of the sambaCap parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack buffer overflow in Tenda HG9 firmware's wireless configuration endpoint allows authenticated remote attackers to achieve arbitrary code execution through a malicious SSID parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability affects the /boaform/formWlanSetup component and currently has no available patch.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G firmware's /goform/ConfigExceptAli endpoint via unsafe string handling. Public exploit code is available for this vulnerability, increasing exploitation risk for unpatched devices. The flaw requires only network access and affects firmware version 1.7.7-171114 with no patch currently available.

Buffer Overflow 810g Firmware
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was detected in CCExtractor versions up to 0.96.5. is affected by buffer overflow (CVSS 3.3).

Buffer Overflow Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack Overflow and Tenda A21 1.0.0.0 are vulnerable to remote code execution through a stack-based buffer overflow in the device name configuration function, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve complete compromise of affected systems. No patch is currently available.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware allows remote authenticated attackers to achieve complete system compromise through crafted input to the IPv6 setup function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution through a malformed submit-url parameter in the WAN interface configuration handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this to gain complete system compromise.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the submit-url parameter in the /boafrm/formIpQoS function. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for affected deployments.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the /boafrm/formDosCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires low complexity with no user interaction, affecting device confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through stack-based buffer overflow in the Advanced Firewall Configuration endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the /boafrm/formFirewallAdv component where improper input validation on the submit-url parameter enables stack overflow attacks. Public exploit code is available and no patch has been released.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Stack-based buffer overflow in Tenda A18 firmware versions up to 15.13.07.13 allows remote attackers with low privileges to achieve code execution through the wpapsk_crypto5g parameter in the /goform/WifiExtraSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the combination of remote exploitability and complete system compromise potential.

Buffer Overflow Stack Overflow A18 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Stack overflow in Tenda A18 firmware version 15.13.07.13 allows remote attackers with low privileges to achieve complete system compromise through a malformed deviceList parameter in the /goform/setBlackRule endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for affected devices.

Buffer Overflow Stack Overflow A18 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda A21 1.0.0.0 firmware via stack-based buffer overflow in the WiFi settings endpoint allows authenticated attackers to execute arbitrary code with full system privileges. The vulnerability exists in the fast_setting_wifi_set function where unsanitized SSID parameter input can overflow the stack, and public exploit code is currently available. No patch has been released for this high-severity vulnerability affecting both the A21 firmware and Stack Overflow products.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda A21 firmware allows remote attackers with valid credentials to achieve complete system compromise through malicious input to the schedStartTime/schedEndTime parameters in the openSchedWifi function. Public exploit code exists for this vulnerability, and no patch is currently available. This affects confidentiality, integrity, and availability with high severity (CVSS 8.8).

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda A21 1.0.0.0 MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through malicious devName/mac parameters. Public exploit code exists for this vulnerability, which remains unpatched. The flaw affects the set_device_name function in the /goform/setBlackRule endpoint with high exploitability due to network accessibility and low attack complexity.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function accessible via the /goform/SetIpMacBind endpoint, allowing unauthenticated remote attackers to execute arbitrary code with high integrity and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

DNS Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda A21 firmware through a stack buffer overflow in the QoS bandwidth configuration endpoint allows unauthenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function when processing unsanitized input, enabling network-based attacks from authenticated users or potentially lower-privileged roles.

Buffer Overflow Stack Overflow A21 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. [CVSS 3.3 LOW]

Buffer Overflow Janet
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

The SAIL image library contains a heap buffer overflow in its XWD file parser that fails to validate the bytes_per_line value read from untrusted files, allowing attackers to trigger out-of-bounds memory writes during image processing. Public exploit code exists for this vulnerability affecting all versions of SAIL. No patch is currently available, leaving users of this cross-platform image loading library exposed to potential code execution or denial of service attacks.

Buffer Overflow Heap Overflow Sail
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

GIMP is vulnerable to out-of-bounds memory write during XWD file parsing due to insufficient input validation, enabling arbitrary code execution when a user opens a malicious image file. This high-severity vulnerability (CVSS 7.8) affects local attackers who can craft specially crafted XWD files to corrupt memory and execute code with the privileges of the GIMP process. No patch is currently available.

RCE Gimp Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Remote code execution in GIMP through heap buffer overflow during ICNS file parsing allows attackers to execute arbitrary code when a user opens a malicious image file. The vulnerability stems from insufficient validation of user-supplied data lengths before copying to heap memory, requiring only user interaction to trigger. A patch is available for affected installations.

RCE Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Out-of-bounds write in GIMP 3.0.6's XWD (X Window Dump) image file parser allows remote attackers to execute arbitrary code in the context of the user running GIMP, provided the victim is lured into opening a malicious XWD file or visiting a page that delivers one. The CVSS 3.1 vector (AV:L/UI:R) shows this is not a remote-network attack but a user-interaction-driven file-parsing flaw, scored 7.3 (High). There is no public exploit identified at time of analysis, and EPSS is very low (0.08%, 23rd percentile), consistent with an attack that depends on social engineering rather than mass automation.

RCE Gimp Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Remote code execution in Sante DICOM Viewer Pro via buffer overflow when parsing malicious DCM files allows attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient validation of user-supplied data length before copying to a buffer, requiring user interaction such as opening a malicious file or visiting a compromised page. No patch is currently available for this high-severity flaw.

RCE Buffer Overflow Dicom Viewer Pro
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. [CVSS 7.8 HIGH]

Buffer Overflow Stack Overflow Deviceviewer
NVD Exploit-DB
EPSS 0% CVSS 6.7
MEDIUM POC This Month

SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. [CVSS 7.5 HIGH]

Denial Of Service Spotauditor Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. [CVSS 3.3 LOW]

Buffer Overflow Wren
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in GIMP 3.2.0-rc1 lets attackers run arbitrary code by tricking a user into opening a malicious ICO image file or visiting a page that delivers one. The flaw is a heap-based buffer overflow in the ICO file parser caused by missing length validation before a copy operation, and it executes code in the context of the GIMP process. No public exploit has been identified at time of analysis, and EPSS estimates exploitation probability at just 0.06% (19th percentile), consistent with a user-interaction-gated client-side bug rather than mass-exploited infrastructure.

RCE Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve complete system compromise through the Port Forwarding Configuration endpoint. The vulnerability exists in the submit-url parameter processing and has public exploit code available. Affected devices are remotely exploitable by authenticated users with no user interaction required.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware 1.01.07 Filter Configuration endpoint allows authenticated remote attackers to achieve full system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but executes with no user interaction needed.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware's DDNS settings handler allows authenticated remote attackers to achieve complete system compromise through a malicious submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.01.07 and can be exploited without user interaction.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 NTP configuration endpoint allows remote authenticated attackers to achieve complete system compromise through manipulation of the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries a high severity rating with CVSS score of 8.8 due to potential for remote code execution with minimal attack complexity.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve full system compromise through manipulation of the submit-url parameter in the System Log Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger this flaw to execute arbitrary code with complete control over confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

PJSIP versions 2.16 and below contain a heap buffer overflow in the H.264 video unpacketizer that fails to properly validate NAL unit size fields in malformed SRTP packets, allowing remote attackers to trigger memory corruption on systems receiving H.264 video streams. The vulnerability has a CVSS score of 5.3 and enables information disclosure through heap memory access. A patch is available for affected deployments.

Github Buffer Overflow Heap Overflow +2
NVD GitHub
EPSS 0%
Monitor

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet

Buffer Overflow Denial Of Service
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Heap buffer overflow in HDF5 versions prior to 1.14.4-2 allows attackers to trigger denial-of-service or potentially achieve code execution by crafting malicious h5 files. The vulnerability affects any system parsing untrusted HDF5 data files and has public exploit code available. A patch is not yet available, leaving affected deployments at risk.

RCE Buffer Overflow Heap Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of the mesh_node_config and domiainblk_config modules [CVSS 6.4 MEDIUM]

Buffer Overflow
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Out-of-bounds memory reads in Open Babel's MOL2 file handler (via OBAtom::SetFormalCharge function) allow remote attackers to trigger denial of service through malicious molecule files. Public exploit code is available for this vulnerability, which remains unpatched as of the advisory date. Versions up to 3.1.1 are affected.

Buffer Overflow Open Babel Babel
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Out-of-bounds read in Open Babel's CIF file handler (versions up to 3.1.1) allows remote denial of service when processing malicious files. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can trigger a crash by sending specially crafted input to the affected transform3d function without requiring authentication or user interaction beyond opening a file.

Buffer Overflow Open Babel Babel
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Google Chrome versions before 145.0.7632.109 contain a heap buffer overflow in the Media component that can be triggered by a remote attacker through a specially crafted HTML page, potentially leading to heap corruption and arbitrary code execution. The vulnerability requires user interaction to exploit and affects all Chrome users who encounter a malicious webpage. No patch is currently available for this high-severity issue.

Google Buffer Overflow Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Google Chrome's PDFium library contains a heap buffer overflow vulnerability that enables remote attackers to execute arbitrary code or corrupt memory by opening specially crafted PDF files, affecting all users without requiring authentication or special user interaction. The vulnerability impacts Chrome versions prior to 145.0.7632.109 with a high CVSS score of 8.8, though no patch is currently available. An attacker can exploit this to achieve complete compromise of the affected system including confidentiality, integrity, and availability of data.

Buffer Overflow Chrome Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in ChaosPro 2.0 fractal generator via configuration file path handling allows code execution through crafted configuration files. PoC available.

Windows RCE Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in MailCarrier 2.51 POP3 server via USER command allows remote attackers to execute arbitrary code. Network-exploitable without authentication. PoC available.

Buffer Overflow Mailcarrier
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

Wmv To Avi Mpeg Dvd Wmv Convertor versions up to 4.6.1217 is affected by stack-based buffer overflow (CVSS 7.5).

Buffer Overflow Denial Of Service Wmv To Avi Mpeg Dvd Wmv Convertor
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in WMV to AVI MPEG DVD Convertor 4.6.1217 allows code execution via crafted media files. PoC available.

DNS Buffer Overflow Stack Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in Ayukov NFTP client 1.71 in SYST command handling allows remote FTP servers to execute arbitrary code on connecting clients. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
Prev Page 41 of 402 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy