Skip to main content

Stack Overflow

2220 CVEs technique

Monthly

CVE-2026-12222 HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows authenticated adjacent-network attackers to corrupt memory via the BlueToothTest handler exposed by the Web FastCGI service. Supplying crafted btMac, pin, or reserved parameters to /api/inner/bttest triggers the overflow inside mod_webd.BlueToothTest, with publicly available exploit code exists demonstrating an off-by-one write. The flaw is reachable from the LAN rather than the public internet, but the vendor has not responded to disclosure and no patched firmware has been published.

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2026-12221 HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows adjacent-network attackers with low privileges to corrupt memory via crafted uid or start_offset parameters sent to the /api/upgrade/upgrade firmware chunk upload endpoint. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving deployed devices without an official patch. CVSS 4.0 rates this 8.6 (High) with proof-of-concept maturity (E:P).

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2026-12220 HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows adjacent-network attackers with low-privilege credentials to corrupt memory via the uid parameter of the /api/upgrade/accupgradebychunk firmware chunk upload endpoint. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, raising the practical risk despite the adjacent-only attack vector. No public exploit identified as actively exploited in the wild (not on CISA KEV).

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2026-12218 HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.87.50.1) allows adjacent-network attackers with low-privileged access to corrupt memory via the port argument processed by the StartReportInformation function in the /api/inner/beforewifitest endpoint of the Web FastCGI Service. Publicly available exploit code exists, and the vendor was notified without response, leaving deployed devices unmitigated. No public exploit identified as active in-the-wild campaigns, but exploitation is feasible given the released PoC.

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2026-12200 MEDIUM POC This Month

Stack-based buffer overflow in Ritlabs TinyWeb Server 1.94 and earlier on Win32 allows remote unauthenticated attackers to crash the server or potentially execute arbitrary code by sending a specially crafted HTTP Authorization header, triggering a memory corruption condition in the libeay32.dll component's Header Handler. A public proof-of-concept exploit has been disclosed at nathan2.com/posts/tinyweb/, and the vendor has not responded to responsible disclosure notifications, leaving all known versions unpatched. No active exploitation has been confirmed in CISA KEV, though the combination of a public POC, network-reachable attack surface, and no patch represents a meaningful risk for any deployment of this software.

Stack Overflow Buffer Overflow Tinyweb Server
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-55660 MEDIUM This Month

Stack-based buffer overflow in GPAC's MP4Box tool crashes the process when parsing a crafted MP4 file containing a malformed non-self-delimited Opus packet. The function gf_opus_read_length() in media_tools/av_parsers.c performs a 2-byte out-of-bounds write into a stack-allocated pckh structure at offset 568, confirmed by AddressSanitizer at line 11140. No active exploitation is confirmed in CISA KEV, but a public proof-of-concept MP4 file is available from the reporter, and the CVSS vector (PR:N, UI:R) indicates any user or automated pipeline invoking MP4Box on untrusted Opus-bearing MP4 files is at risk of a process crash.

Denial Of Service Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-7019 MEDIUM PATCH This Month

Stack overflow in Gen Digital's shared antivirus scanning engine crashes the AV process when it parses a malformed Office Open XML (OOXML) file, causing a Denial-of-Service condition. The flaw affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux - all products that consume the same Gen Digital VPS (virus definition) update stream. No active exploitation or public exploit code has been identified at time of analysis; the impact is limited to availability (AV process crash) with no confidentiality or integrity consequences.

Microsoft Stack Overflow Buffer Overflow Apple Avast Antivirus +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-49759 HIGH PATCH This Week

Denial of service in Erlang/OTP erts (inet_drv SCTP handler) lets unauthenticated remote attackers crash the BEAM VM by sending a single crafted SCTP ERROR chunk to a listening SCTP port. The flaw is a stack-based buffer overflow (CWE-121) in sctp_parse_error_chunk, with the publicly disclosed advisory from the Erlang Ecosystem Foundation (EEF) and an upstream commit confirming the fix; no public exploit identified at time of analysis, and the overflow only permits writing 16-bit values interleaved with a fixed tag, limiting impact to DoS plus minor memory disclosure.

Denial Of Service Buffer Overflow Stack Overflow Otp
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-49760 MEDIUM PATCH This Month

Stack-based buffer overflow in Erlang OTP's erl_interface C library (`ei_s_print_term`) crashes processes when decoding Erlang terms containing very large integers, causing Denial of Service. Affected OTP releases span from 17.0 through unfixed branches of 27.x, 28.x, and 29.x, making this a wide-ranging availability risk for C-language nodes that interface with the Erlang runtime. Because overflow bytes are constrained exclusively to ASCII hex digits (0-9, A-F), arbitrary code execution is not feasible - confirmed impact is process crash only. No public exploit has been identified and this CVE is not listed in the CISA KEV catalog.

Denial Of Service Buffer Overflow Stack Overflow Otp Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-26241 MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP File Station 5 enables remote unauthenticated attackers to corrupt memory or destabilize processes through a network-accessible attack path requiring only passive user interaction. Affected versions are all releases prior to 5.5.6.5243; QNAP's own security team (security@qnapsecurity.com.tw) discovered and disclosed the issue via advisory QSA-26-27. No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the unauthenticated network attack vector lowers the bar for opportunistic targeting of QNAP NAS deployments.

Stack Overflow Buffer Overflow File Station
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-26240 MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP File Station 5 allows unauthenticated remote attackers to corrupt process memory or crash the file management service when a victim user passively interacts with a crafted input. Affected versions are all File Station 5 releases prior to 5.5.6.5243, running on QNAP NAS devices accessible over the network. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog; QNAP has confirmed and released a fix in version 5.5.6.5243 via advisory QSA-26-32.

Stack Overflow Buffer Overflow File Station
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-26239 HIGH PATCH This Week

Stack-based buffer overflow in QNAP File Station 5 versions 5.5.0 through 5.5.6.5208 allows authenticated remote attackers to corrupt memory and crash processes on affected NAS deployments. CVSS 4.0 score of 8.7 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Stack Overflow Buffer Overflow File Station 5
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-44634 HIGH This Week

Stack-based buffer overflows in SimpleBLE prior to version 0.14.0 allow remote attackers within Bluetooth range to crash applications by transmitting crafted BLE advertisements containing oversized manufacturer-specific data or service data, requiring no pairing or connection. A separate local overflow exists in the dongl backend's Protocol::simpleble_write function via caller-controlled input. No public exploit identified at time of analysis, but the patch diff and acknowledgement to researcher Mr-IoT confirm three tracked issues (EVE-2026-001/002/003).

Stack Overflow Buffer Overflow Simpleble
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-47959 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs via a stack-based buffer overflow triggered when a victim opens a malicious PDF. Successful exploitation runs attacker code in the context of the current user, making this a viable initial-access vector through phishing or drive-by document delivery. No public exploit identified at time of analysis, but the bug class (CWE-121) and Acrobat's broad install base historically attract weaponization quickly after disclosure.

Adobe Stack Overflow Buffer Overflow RCE Acrobat Reader
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34708 HIGH This Week

Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. The flaw is locally exploitable via file-format parsing and requires user interaction, with no public exploit identified at time of analysis. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability but constrained reachability through the document-open vector.

Stack Overflow Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34695 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document, triggering a stack-based buffer overflow (CWE-121) that runs attacker code in the context of the current user. Adobe issued advisory APSB26-58 for this issue; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Stack Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34697 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a victim opens a malicious document file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. The issue was reported by Adobe and addressed in security bulletin APSB26-58.

Stack Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34702 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a user opens a malicious document. Successful exploitation runs attacker-controlled code in the context of the current user, but requires social engineering since the attack vector is local and user interaction is mandatory. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Stack Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45648 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Active Directory Domain Services allows an authenticated network attacker to trigger a stack-based buffer overflow (CWE-121) and execute arbitrary code on the targeted domain controller. With CVSS 8.8 (AV:N/AC:L/PR:L/UI:N) and high impact across confidentiality, integrity, and availability, successful exploitation could enable full domain compromise. There is no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-45463 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office is possible via a heap-based buffer overflow that an unauthorized attacker can trigger without user interaction, yielding full confidentiality, integrity, and availability impact on the host. The flaw is rated 8.4 (CVSS:3.1) and was disclosed by Microsoft's Security Response Center, but no public exploit has been identified at the time of analysis. Despite the CWE-121 tagging as a stack overflow, the description and CWE-122 class indicate the corruption occurs on the heap, so defenders should treat this as a memory-corruption RCE-class issue requiring prompt patching.

Microsoft Stack Overflow Buffer Overflow 365 Apps 365 Copilot +5
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-44815 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in the Windows DHCP Client is possible when a stack-based buffer overflow (CWE-121) is triggered by a crafted DHCP server response, allowing an unauthorized network attacker to run arbitrary code with no user interaction. The flaw carries a CVSS 9.8 critical rating reflecting network reachability, low complexity, and full impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Because the DHCP client runs early in the network stack on virtually every Windows host, successful exploitation grants attacker-controlled code execution in a highly privileged context.

Microsoft Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0413 MEDIUM PATCH This Month

Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.

Netgear Stack Overflow Buffer Overflow Rbe37X Rbe77X +12
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-11793 MEDIUM This Month

Stack buffer overflow in 389 Directory Server's pw.c checkPrefix() function allows a network-accessible Directory Manager to crash the LDAP server by storing a crafted credential with an oversized algorithm ID. The vulnerable code copies attacker-controlled input into a fixed 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. FORTIFY_SOURCE compiler hardening constrains impact to denial of service - preventing arbitrary code execution - but service disruption against a critical authentication infrastructure component remains operationally significant. No public exploit identified at time of analysis.

Denial Of Service Stack Overflow Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 +6
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-62858 MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP QTS and QuTS hero NAS operating systems enables an authenticated administrator to corrupt stack memory or crash processes via a network-accessible attack path. Affected versions span QTS 5.2.x and multiple QuTS hero release trains (h5.2.x, h5.3.x, h6.0.x), with vendor-released patches dated February-May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory high-privilege prerequisite substantially limits realistic attack surface.

Stack Overflow Qnap Buffer Overflow Qts Quts Hero
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-27671 CRITICAL NEWS Act Now

Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV.

SAP Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36821 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, though a research write-up referencing the vulnerable function exists in a public GitHub repository. The combination of network-reachable attack surface, no authentication requirement, and low complexity makes opportunistic abuse against exposed admin interfaces realistic.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36820 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. No public exploit identified at time of analysis, though a research repository documenting the flaw is referenced. The CVSS 7.5 (High) score reflects pure availability impact with no confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36822 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request containing an oversized macAddr parameter to the formDelStaState handler. The flaw is a stack-based buffer overflow with high availability impact and no confidentiality/integrity loss per CVSS, and no public exploit identified at time of analysis beyond a research repository on GitHub.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36823 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. No public exploit identified at time of analysis, though a researcher-published proof-of-concept repository on GitHub documents the issue. EPSS and KEV data are not provided, but the network-reachable, no-auth, no-interaction CVSS vector makes this a credible risk for any exposed management interface.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36784 HIGH This Week

Denial of service in the Tenda O3 Wireless Router (firmware v1.0.0.5(4180)) allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the ip parameter of the fromNetToolGet function. Publicly available exploit code exists in a GitHub research repository, though EPSS rates exploitation probability at only 0.02% and the issue is not on CISA KEV. Impact is limited to availability (the CVSS A:H, C:N, I:N profile), making this primarily a device-crash bug rather than a code-execution vector based on the reported analysis.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36793 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack-based buffer overflows in the formwrlSSIDset handler. The flaw is reachable without authentication or user interaction (CVSS 7.5, AV:N/AC:L/PR:N), but EPSS is only 0.01% and no public exploit identified at time of analysis suggests low near-term mass-exploitation likelihood despite the trivial attack surface.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52292 HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted MP4 file that triggers a stack buffer overflow in the filein_process function. The flaw resides in in_file.c and impacts availability only, with no confirmed code-execution path; no public exploit identified at time of analysis, though POC details may surface via the linked infosec.exchange post.

Denial Of Service Stack Overflow Buffer Overflow N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36806 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.01% (2nd percentile), suggesting low near-term mass-exploitation likelihood despite the network-reachable attack surface. The flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36791 HIGH This Week

Denial of service in Tenda O3v3 firmware v1.0.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formSetCfm handler. No public exploit identified at time of analysis, and EPSS is very low (0.01%), but the network-reachable, no-authentication attack surface on a CPE/router device makes this relevant for exposed deployments.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36792 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing a malicious wl_radio parameter to the formWifiRadioSet function. EPSS scoring (0.01%, 2nd percentile) indicates very low real-world exploitation probability, and no public exploit identified at time of analysis beyond a research repository referencing the vulnerable function.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36813 HIGH This Week

Denial of service in Tenda W15E router firmware version 15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, and EPSS scoring of 0.01% indicates very low predicted exploitation probability, though a research repository hosting analysis artifacts exists on GitHub.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36805 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers stack-based buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. CVSS 7.5 reflects the network-reachable, no-privilege availability impact, while EPSS sits at 0.01% (2nd percentile) and no public exploit identified at time of analysis indicates limited near-term opportunistic exploitation despite the easy attack profile.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36779 HIGH This Week

Denial of service in Tenda O3 Wireless Router firmware v1.0.0.5(4180) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack buffer overflows in the fromVirtualSer function. Five distinct overflow sinks (puVar2, puVar1, __s2, __s1_00, puVar3) are reachable via the same handler. No public exploit identified at time of analysis, and EPSS rates exploitation likelihood at 0.01%, but a research repository with vulnerability artifacts is referenced.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36794 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows unauthenticated remote attackers to crash the device by sending crafted HTTP requests with oversized username or password parameters that overflow stack buffers in the R7WebsSecurityHandler function. The flaw affects the router's web management interface and carries a CVSS 7.5 (availability-only impact); no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36772 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device by supplying an oversized wl_radio parameter to the formwrlSSIDget function. Impact is limited strictly to Denial of Service (availability loss); no confidentiality or integrity impact is possible per CVSS vector analysis. No public exploit identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02% (5th percentile), placing this firmly in the lower-priority tier despite the High availability impact rating.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36819 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects easy network-based exploitation with high availability impact but no confidentiality or integrity loss, and no public exploit identified at time of analysis beyond a research repository reference.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36798 MEDIUM This Month

Multiple stack-based buffer overflows in Tenda G0 router firmware v15.11.0.5 allow network-adjacent or remote attackers to crash the device by sending crafted HTTP requests to the `formSetDebugCfgr` debug configuration endpoint, with three independent overflow vectors (`enable`, `level`, `module` parameters) each capable of triggering a denial-of-service condition. The official CVSS vector includes UI:R, suggesting a possible CSRF-style delivery mechanism requiring an authenticated administrator to be tricked into issuing the malicious request, which meaningfully constrains exploitation compared to a purely unauthenticated remote attack. No public exploit confirmed in CISA KEV; an associated GitHub repository referenced in the CVE may contain proof-of-concept material, though EPSS remains extremely low at 0.01% (2nd percentile).

Tenda Stack Overflow Buffer Overflow Denial Of Service N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36770 HIGH This Week

Remote denial of service in Tenda US_W3V1.0BR router firmware v1.0.0.3 allows unauthenticated network attackers to crash the device by sending a crafted value in the 'Go' parameter to the ask_to_reboot function, triggering a stack-based buffer overflow. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36783 HIGH This Week

Denial-of-service via stack buffer overflow affects the Tenda O3 wireless router firmware v1.0.0.5(4180), where the fromNetToolGet handler fails to bound-check the domain parameter supplied in HTTP requests. Remote attackers can crash the router's web management service by sending a crafted request, disrupting network connectivity for downstream clients. SSVC flags the issue as proof-of-concept with automatable exploitation and partial technical impact, though EPSS remains low at 0.01% and no in-the-wild exploitation has been confirmed.

Tenda Denial Of Service Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36771 HIGH This Week

Denial-of-service in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) allows remote unauthenticated attackers to crash the device by sending crafted input to the wl_radio parameter of the formwrlSSIDset function, triggering a stack-based buffer overflow. Publicly available exploit research exists in a GitHub repository, but no public exploit identified for weaponized use at time of analysis and the issue is not listed in CISA KEV. The CVSS 7.5 score reflects high availability impact without confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36778 MEDIUM This Month

Stack-based buffer overflow in Tenda O3 Wireless Router firmware v1.0.0.5(4180) enables authenticated remote attackers to crash the device by submitting an oversized username value to the R7WebsSecurityHandler HTTP handler. The CVSS vector (PR:H) confirms that exploitation requires high-privilege authentication, constraining the attack surface to compromised admin credentials or insider threat scenarios. No public exploit identified at time of analysis and EPSS sits at the 2nd percentile (0.01%), reflecting low observed exploitation interest.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-36773 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) allows adjacent-network unauthenticated attackers to crash the device via a crafted Go parameter submitted to the ask_to_reboot function, resulting in a complete Denial of Service condition. The vulnerability carries a CVSS 6.5 score with High availability impact but no confidentiality or integrity loss, and the attack vector is constrained to adjacent network access. No public exploit confirmation or CISA KEV listing is present, and EPSS at 0.02% (5th percentile) indicates low observed exploitation probability at time of analysis.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36777 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device via the formSetCfm HTTP endpoint. The vulnerability resides in the param_1 parameter of the formSetCfm function, where insufficient input validation allows a crafted HTTP request to overflow a stack buffer, resulting in a Denial of Service. A public GitHub repository linked in the references (xhh0124/SemVulLLM) appears to document or demonstrate the issue; no public exploit identified at time of analysis beyond that reference, and the EPSS score of 0.01% (2nd percentile) reflects very low exploitation probability.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9669 HIGH PATCH This Week

Stack-based buffer overflow in CPython's bz2.BZ2Decompressor allows remote attackers to crash Python applications by sending crafted bzip2 data when the application reuses the decompressor object after catching a prior OSError. The flaw stems from libbz2's internal state being left inconsistent after a decompression error, and reuse causes out-of-bounds writes to a stack buffer. No public exploit identified at time of analysis and the issue is not in CISA KEV; the practical impact is denial of service against Python services that process untrusted bzip2 streams.

Stack Overflow Buffer Overflow Cpython
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-11557 HIGH POC This Week

Stack-based buffer overflow in the Tenda F451 router (firmware 1.0.0.7 and 1.0.0.9) Web Management Interface allows remote authenticated attackers to corrupt memory by sending a crafted 'page' argument to the fromNatlimit handler at /goform/Natlimit. Publicly available exploit code exists, raising practical risk for exposed or LAN-reachable devices, though no public exploit identified as actively used in CISA KEV at time of analysis.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-11553 HIGH POC This Week

Stack-based buffer overflow in Tenda HG7, HG9, and HG10 XPON ONT routers (firmware 300001138_en_xpon) allows authenticated remote attackers to corrupt memory via the encodename parameter of the formPPPEdit handler at /boaform/formPPPEdit. Publicly available exploit code exists (hosted on GitHub by researcher xiezhihua-1127), elevating practical risk despite no confirmed active exploitation in CISA KEV. Successful exploitation yields high impact to confidentiality, integrity, and availability on the affected device.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-11528 HIGH POC This Week

Stack-based buffer overflow in the Tenda AC18 router (firmware 15.03.05.05) Web Management Interface allows remote attackers with low privileges to corrupt memory by manipulating the callback argument sent to /goform/getRebootStatus. The flaw, handled by the sub_45304 function, has publicly available exploit code and enables high impact to confidentiality, integrity, and availability of the device. No public exploit identified as actively exploited in CISA KEV, but POC publication raises the risk of opportunistic attacks against exposed management interfaces.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-11524 HIGH POC This Week

Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corrupt memory via the wifiFilterListRemark parameter of the /goform/modifyWifiFilterRules endpoint in the Web Management Interface. Publicly available exploit code exists per VulDB disclosure, raising the practical risk for exposed management interfaces, though no public exploit identified at time of analysis confirms active in-the-wild exploitation. CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low privileges required.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-11523 HIGH POC This Week

Stack-based buffer overflow in Tenda W20E firmware 15.11.0.6 allows authenticated remote attackers to corrupt memory via the gotoUrl parameter handled by the formPortalAuth function in /goform/PortalAuth of the Web Management Interface. Publicly available exploit code exists, raising the likelihood of opportunistic targeting of internet-exposed router management interfaces, though no public exploit identified as actively exploited per CISA KEV at time of analysis.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-11522 HIGH POC This Week

Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corrupt memory via the portMirrorMirroredPorts parameter handled by formSetPortMirror in /goform/setPortMirror. Publicly available exploit code exists, raising the practical risk for exposed management interfaces, though no CISA KEV listing or EPSS data is provided to confirm widespread exploitation. The flaw enables high impact on confidentiality, integrity, and availability of the device per the CVSS 4.0 vector.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-11504 HIGH POC This Week

Stack-based buffer overflow in Tenda CX12L 16.03.53.12 routers allows remote attackers with low privileges to corrupt memory via the setSchedWifi function in /goform/openSchedWifi by manipulating the schedStartTime or schedEndTime parameters. Publicly available exploit code exists per VulDB, raising the practical risk despite the vulnerability not yet being listed in CISA KEV. The flaw impacts the Wi-Fi Schedule Configuration Endpoint and can lead to high confidentiality, integrity, and availability impact on the device.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-11503 HIGH POC This Week

Stack-based buffer overflow in the Tenda CX12L router (firmware 16.03.53.12) allows authenticated remote attackers to corrupt memory via the ssid parameter of the /goform/fast_setting_wifi_set endpoint, handled by the form_fast_setting_wifi_set function. Publicly available exploit code exists per VulDB disclosure, raising the likelihood of opportunistic exploitation against exposed management interfaces. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact bounded by a low-privilege requirement.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-11499 CRITICAL Act Now

Stack-based buffer overflow in Tenda HG7HG9 and HG10 routers (firmware 300001138_en_xpon) allows remote attackers to corrupt memory via the blkDomain parameter in the formDOMAINBLK handler at /boaform/formDOMAINBLK. The CVSS 4.0 score of 9.3 reflects network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability, and a public proof-of-concept repository has been published on GitHub by researcher ssaaaa1234, though no public exploit has been confirmed as active exploitation.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-11498 HIGH This Week

Stack-based buffer overflow in Tenda HG7, HG9, and HG10 ONT/router devices (firmware 300001138_en_xpon) allows authenticated remote attackers to corrupt memory by manipulating the funckey_transfer parameter sent to the /boaform/voip_other_set endpoint handled by the asp_voip_OtherSet function. Publicly available exploit code exists via a dedicated GitHub proof-of-concept repository, and the flaw scores CVSS 4.0 8.7 with full confidentiality, integrity, and availability impact. No public exploit identified in CISA KEV at time of analysis, but exposure of the Web Management Interface to untrusted networks materially raises real-world risk.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-36789 HIGH This Week

Denial of service in Tenda AC1206 routers (firmware v15.03.06.23) is triggered by stack-based buffer overflows in the fromGstDhcpSetSer function reachable through the username and password parameters of a crafted HTTP request. Remote attackers with network reach to the device's web management interface can crash the service without authentication, and no public exploit identified at time of analysis although proof-of-concept research material is hosted on GitHub.

Denial Of Service Tenda Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36786 HIGH This Week

Denial of service in Tenda FH451 router firmware V1.0.0.9 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the list1 parameter of the fromDhcpListClient function. Publicly available exploit code exists in a GitHub research repository, though the vulnerability is not listed in CISA KEV and no EPSS score has been published at time of analysis. Impact is limited to availability - no confidentiality or integrity loss is indicated.

Denial Of Service Tenda Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-11413 HIGH POC This Week

Stack-based buffer overflow in JingDong JD Cloud Box AX6600 firmware 4.5.3.r4546 allows authenticated remote attackers to corrupt memory via the set_macfilter function in /sbin/jdcweb_rpc, potentially achieving arbitrary code execution on the router. Publicly available exploit code exists (archive hosted on cdn2.v50to.cc), increasing the likelihood of opportunistic abuse against exposed devices. The vendor did not respond to coordinated disclosure, so no fix is currently confirmed.

Stack Overflow Buffer Overflow Jd Cloud Box Ax6600
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-6240 MEDIUM PATCH This Month

Stack-based buffer overflow in TP-Link Tapo C520WS v2 allows an authenticated attacker with adjacent network access to crash the device's ONVIF service by submitting a crafted DeleteUsers request containing an excessive number of user identifiers, causing a denial-of-service condition that disrupts camera management and monitoring functionality. The CVSS:4.0 vector (VC:N/VI:N/VA:H) confirms impact is strictly limited to availability - no confidentiality or integrity compromise is achievable. No public exploit identified at time of analysis and no active exploitation has been confirmed.

Stack Overflow Buffer Overflow Tapo C520Ws V2
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-6239 MEDIUM PATCH This Month

Stack-based buffer overflow in the ONVIF CreateUsers service of the TP-Link Tapo C520WS v2 IP camera allows an authenticated, adjacent-network attacker to crash the ONVIF management process by sending a crafted request with an excessive number of XML user nodes. Exploitation results in a denial-of-service condition that disrupts ONVIF-based device configuration and management until the service recovers or the device is rebooted. No public exploit code or CISA KEV listing has been identified at time of analysis; the vendor (TP-Link) has released a firmware patch.

Stack Overflow Buffer Overflow Tapo C520Ws V2
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-50258 HIGH This Week

Local privilege escalation in X.Org X server and Xwayland stems from an incomplete fix for CVE-2025-26597, where CheckKeyTypes() fails to clamp non-canonical key types to XkbMaxShiftLevel, enabling stack-based buffer overflows. Authenticated local users on Red Hat Enterprise Linux 6 through 10 can crash the display server or, when X runs as root, escalate to root privileges. No public exploit identified at time of analysis, though the upstream commit reveals the vulnerable code path and the prior CVE-2025-26597 has known exploitation history.

Canonical Stack Overflow Buffer Overflow Privilege Escalation Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-50259 HIGH This Week

Stack-based buffer overflow in X.Org X server and Xwayland's _XkbSetMapChecks() function allows local authenticated attackers to crash the server or potentially escalate privileges to root when the X server runs with elevated privileges. The flaw resides in CheckKeyTypes() writing to a fixed mapWidths[256] stack buffer at a client-controlled offset, affecting Red Hat Enterprise Linux versions 6 through 10. No public exploit identified at time of analysis, but an upstream fix has been merged into the xserver repository.

Stack Overflow Buffer Overflow Privilege Escalation Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-50256 HIGH This Week

Local privilege escalation in the X.Org X server and Xwayland stems from a stack-based buffer overflow during font alias resolution, where a 256-byte server-side stack buffer is overrun by libXfont2 alias target names of up to 1023 bytes. An authenticated local attacker who can influence font alias files can crash the server or, when the X server runs as root, escalate to root privileges. No public exploit is identified at time of analysis and CVSS is 7.8 (Local/Low complexity/Low privileges).

Stack Overflow Buffer Overflow Privilege Escalation Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-36785 HIGH This Week

Denial of service in Tenda FH451 V1.0.0.9 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the page parameter handler of the fromDhcpListClient function. EPSS exploitation probability is very low (0.01%, 3rd percentile) and no public exploit identified at time of analysis, though proof-of-concept artifacts appear to be hosted in a public GitHub research repository. The flaw is not listed in CISA KEV.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-11024 HIGH PATCH This Week

Stack-based buffer overflow in the Skia graphics library shipped with Google Chrome versions prior to 149.0.7827.53 lets a remote attacker corrupt the renderer process stack by serving a crafted HTML page, with potential for arbitrary code execution within the sandbox. The flaw carries a CVSS 3.1 base score of 8.8 (network vector, user interaction required) and no public exploit identified at time of analysis, while a very low EPSS score of 0.03% (10th percentile) suggests no current mass-exploitation pressure despite the high impact rating.

Google Stack Overflow Buffer Overflow Chrome Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10898 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to potentially break out of the sandbox via a stack buffer overflow in the GPU component triggered by a crafted HTML page. Chromium rates this as Critical severity, and while no public exploit has been identified at time of analysis, the vendor has released a patched stable channel build addressing the issue.

Google Stack Overflow Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-47318 MEDIUM This Month

Stack-based buffer overflow in Samsung Open Source rlottie's FreeType-derived cubic Bezier rasterizer allows a local attacker, via a crafted Lottie animation file, to crash the embedding application or potentially corrupt stack memory. The vulnerable code in `gray_render_cubic` (`src/vector/freetype/v_ft_raster.cpp`) subdivides Bezier curves onto a fixed-size `bez_stack` (capacity 32×3+1 vectors) without a depth guard, so a pathologically complex curve exhausts the buffer. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Stack Overflow Samsung Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-35085 HIGH This Week

Privilege escalation to root in MBS Single-A, Double-A, Single-X, and Double-X industrial gateway product lines allows authenticated remote attackers to corrupt stack memory in the gdv-serverconfig service and seize full system control. The flaw, reported by CERT@VDE and tracked as CVE-2026-35085 with a CVSS 4.0 score of 8.7 (High), affects multiple fieldbus variants (Profibus, Profinet, KNX, LON, DALI, M-Bus, CAN, X-Link). No public exploit identified at time of analysis, and EPSS data was not supplied for this advisory.

Buffer Overflow Stack Overflow Single A Double A Profibus Double A X Link +15
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35084 HIGH This Week

Privilege escalation to root via stack buffer overflow in dali-devconfig affects MBS gateway products including Single-A, Single-X, and the Double-A/Double-X family (Profibus, X-Link, CAN, DALI, KNX, LON, M-Bus, Profinet). A remote attacker holding low-level user credentials can exploit the flaw to gain full system access, with CVSS 4.0 scoring it 8.7 (High). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Stack Overflow Single A Double A Profibus Double A X Link +15
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35083 HIGH This Week

Privilege escalation to root in MBS industrial protocol gateways (Single-A, Double-A, Single-X, Double-X product lines covering Profibus, Profinet, KNX, DALI, LON, M-Bus, CAN, and X-Link variants) is achievable by an authenticated remote user via a stack buffer overflow. The CVSS 4.0 base score of 8.7 reflects network-reachable exploitation with low complexity and only user-level privileges required, leading to full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, and the issue was coordinated through CERT@VDE (advisory VDE-2026-039), indicating responsible disclosure rather than in-the-wild abuse.

Buffer Overflow Stack Overflow Single A Double A Profibus Double A X Link +15
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-50031 HIGH PATCH This Week

Denial of service in FreeIPMI versions before 1.16.18 allows remote attackers to crash the ipmi-oem client by sending malformed IPMI response messages that trigger stack-based buffer overflows in the 'dell get-active-directory-config' and 'fujitsu get-sel-entry-long-text' subcommands. The flaw is client-side: a victim must invoke the affected subcommand against an attacker-controlled or compromised IPMI endpoint. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Dell Stack Overflow Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-49943 MEDIUM This Month

Stack-based buffer overflow in CZ.NIC BIRD Internet Routing Daemon through 2.19.0 allows an established BGP peer to crash the daemon by sending a crafted AS_PATH exceeding 2048 expanded ASNs when RFC 8654 Extended Messages are enabled and an AS path mask filter is active. The as_path_match() function in nest/a-path.c uses a fixed 2049-entry stack array while parse_path() expands AS_PATH segments without enforcing a corresponding capacity limit, causing a write beyond the stack buffer boundary and a daemon crash. No public exploit identified at time of analysis; notably, the vendor has explicitly declined to prioritize a fix, instead citing operator best-practice filtering as the expected mitigation.

Buffer Overflow Stack Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-1871 HIGH PATCH This Week

Denial of service in TP-Link Tapo C200 v5 IP cameras allows adjacent network attackers to crash the RTSP service and force a device reboot by sending a crafted Authorization header in an RTSP authentication request. The flaw is a stack-based buffer overflow (CWE-121) in the RTSP authentication handler; no public exploit identified at time of analysis, but vendor-acknowledged and patched firmware is available from TP-Link.

Buffer Overflow TP-Link Denial Of Service Stack Overflow
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-35717 MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 network camera firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root by sending a crafted POST request to the export_language.cgi administrative endpoint. The CGI handler passes an attacker-controlled Content-Length HTTP header value directly to fread() with no bounds validation, overflowing a 0x60-byte stack buffer and overwriting the saved link register; the binary's lack of stack canaries eliminates the primary runtime defense against this class of attack. A researcher-published proof-of-concept exists on GitHub, though EPSS stands at 0.05% (17th percentile) and the vulnerability is not currently listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation at time of analysis.

Buffer Overflow RCE Stack Overflow Fd8136 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-30649 HIGH This Week

Remote code execution in VIVOTEK FD8136 network camera (firmware VVTK-0300a) is possible via a stack-based buffer overflow in the set_getparam.cgi component, reachable over the network without authentication. CVSS 7.3 reflects partial CIA impact, but the presence of public vulnerability-research artifacts on GitHub indicates publicly available exploit code exists, while EPSS remains low at 0.05% (17th percentile) and the issue is not currently listed in CISA KEV.

Buffer Overflow RCE Stack Overflow N A
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-35716 MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 firmware FD8136-VVTK-0300a grants authenticated remote attackers root-level code execution by supplying an oversized POST parameter to any of three symlinked CGI admin endpoints. The vulnerable `motion_privacy.cgi` binary copies the `n1` parameter into a fixed 164-byte (0xa4) stack buffer with no bounds check and no stack canary protection, overwriting the saved link register and diverting execution to attacker-controlled code. A public proof-of-concept is available on GitHub; no active exploitation has been confirmed in CISA KEV at time of analysis.

Buffer Overflow RCE Stack Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-24085 HIGH This Week

Local privilege escalation in Qualcomm Snapdragon platforms stems from a stack-based memory corruption triggered while processing display command line information with an uninitialized variable. With CVSS 7.2 and a physical attack vector requiring high privileges, the flaw allows a privileged local attacker to corrupt memory and impact confidentiality, integrity, and availability across a changed security scope. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Stack Overflow Snapdragon
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-59613 MEDIUM This Month

Stack-based buffer overflow in Qualcomm Snapdragon corrupts memory during a data copy operation when the output buffer is sized smaller than the input buffer, enabling a high-privileged local attacker to achieve full compromise of confidentiality, integrity, and availability on affected devices. Rooted in CWE-121, this vulnerability can allow control-flow hijacking via stack memory overwrite on Snapdragon-based platforms. No public exploit identified at time of analysis and no CISA KEV listing, but the high-impact triad (C:H/I:H/A:H) warrants prompt patching in environments where privileged access is shared or contested.

Buffer Overflow Stack Overflow Snapdragon
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-59612 MEDIUM This Month

Stack-based buffer overflow in Qualcomm Snapdragon Windows drivers allows a locally authenticated high-privilege attacker to cause memory corruption by sending a malformed trusted application request. The vulnerability affects Snapdragon-based systems running Windows drivers and can result in complete compromise of confidentiality, integrity, and availability. No public exploit code exists and no active exploitation has been confirmed at time of analysis.

Microsoft Buffer Overflow Stack Overflow
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-10293 HIGH POC This Week

Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware up to 2.5.3-170306) allows authenticated remote attackers to corrupt memory via the Profile parameter in the /goform/formFireWall endpoint, where unsafe strcpy usage processes the input. Publicly available exploit code exists, increasing the realistic risk of attempted compromise against exposed management interfaces. No CISA KEV listing has been published, so exploitation is not yet confirmed active in the wild.

Buffer Overflow Stack Overflow Hiper 1200Gw
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2018-25427 CRITICAL POC Act Now

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow RCE Buffer Overflow Arm Whois
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-10292 HIGH POC This Week

Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware versions up to 2.5.3-170306) allows remote authenticated attackers to corrupt memory via the strcpy function in the /goform/formTaskEdit endpoint. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges. No KEV listing or EPSS data is provided in the input, so widespread automated exploitation has not been confirmed.

Buffer Overflow Stack Overflow Hiper 1200Gw
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-43623 HIGH POC Monitor

Stack-based buffer overflow in microtar through 0.1.0 allows remote attackers to corrupt stack memory and potentially achieve code execution when an application using the library parses a malicious TAR archive. The flaw in raw_to_header() uses strcpy() on non-null-terminated 100-byte ustar fields, enabling writes of up to 355 bytes into a 100-byte buffer. Publicly available exploit code exists and the issue was reported by VulnCheck, raising the practical risk despite no current CISA KEV listing.

Buffer Overflow Stack Overflow Microtar
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-43958 HIGH PATCH This Week

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to crash the daemon or potentially execute arbitrary code by sending an oversized CREATE request. The flaw is tracked under CWE-121 with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L), reported by Red Hat against RHEL 6 through 10, and there is no public exploit identified at time of analysis.

Buffer Overflow RCE Denial Of Service Stack Overflow Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-10270 HIGH POC This Week

Stack-based buffer overflow in D-Link DI-7001 MINI routers (firmware up to 19.09.19A1) allows authenticated remote attackers to corrupt memory via the Time parameter passed to the sprintf function in /httpd_debug.asp. Publicly available exploit code exists on GitHub, and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low privilege requirement and no user interaction. The vulnerability targets an embedded networking appliance commonly deployed at SMB and branch-office perimeters, increasing exposure risk where the management interface is reachable.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-0826 CRITICAL POC PATCH Act Now

Remote code execution in Poly Voice products on Linux is possible through a stack-based buffer overflow reachable when administrators enable Interactive Connectivity Establishment (ICE). Unauthenticated network attackers can trigger the flaw without user interaction, and no public exploit has been identified at time of analysis. HP rates the issue at CVSS 4.0 9.2 (Critical), driven by network reachability and full confidentiality, integrity, and availability impact.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
9.2
EPSS
0.2%
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows authenticated adjacent-network attackers to corrupt memory via the BlueToothTest handler exposed by the Web FastCGI service. Supplying crafted btMac, pin, or reserved parameters to /api/inner/bttest triggers the overflow inside mod_webd.BlueToothTest, with publicly available exploit code exists demonstrating an off-by-one write. The flaw is reachable from the LAN rather than the public internet, but the vendor has not responded to disclosure and no patched firmware has been published.

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows adjacent-network attackers with low privileges to corrupt memory via crafted uid or start_offset parameters sent to the /api/upgrade/upgrade firmware chunk upload endpoint. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving deployed devices without an official patch. CVSS 4.0 rates this 8.6 (High) with proof-of-concept maturity (E:P).

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows adjacent-network attackers with low-privilege credentials to corrupt memory via the uid parameter of the /api/upgrade/accupgradebychunk firmware chunk upload endpoint. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, raising the practical risk despite the adjacent-only attack vector. No public exploit identified as actively exploited in the wild (not on CISA KEV).

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.87.50.1) allows adjacent-network attackers with low-privileged access to corrupt memory via the port argument processed by the StartReportInformation function in the /api/inner/beforewifitest endpoint of the Web FastCGI Service. Publicly available exploit code exists, and the vendor was notified without response, leaving deployed devices unmitigated. No public exploit identified as active in-the-wild campaigns, but exploitation is feasible given the released PoC.

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Stack-based buffer overflow in Ritlabs TinyWeb Server 1.94 and earlier on Win32 allows remote unauthenticated attackers to crash the server or potentially execute arbitrary code by sending a specially crafted HTTP Authorization header, triggering a memory corruption condition in the libeay32.dll component's Header Handler. A public proof-of-concept exploit has been disclosed at nathan2.com/posts/tinyweb/, and the vendor has not responded to responsible disclosure notifications, leaving all known versions unpatched. No active exploitation has been confirmed in CISA KEV, though the combination of a public POC, network-reachable attack surface, and no patch represents a meaningful risk for any deployment of this software.

Stack Overflow Buffer Overflow Tinyweb Server
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Stack-based buffer overflow in GPAC's MP4Box tool crashes the process when parsing a crafted MP4 file containing a malformed non-self-delimited Opus packet. The function gf_opus_read_length() in media_tools/av_parsers.c performs a 2-byte out-of-bounds write into a stack-allocated pckh structure at offset 568, confirmed by AddressSanitizer at line 11140. No active exploitation is confirmed in CISA KEV, but a public proof-of-concept MP4 file is available from the reporter, and the CVSS vector (PR:N, UI:R) indicates any user or automated pipeline invoking MP4Box on untrusted Opus-bearing MP4 files is at risk of a process crash.

Denial Of Service Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Stack overflow in Gen Digital's shared antivirus scanning engine crashes the AV process when it parses a malformed Office Open XML (OOXML) file, causing a Denial-of-Service condition. The flaw affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux - all products that consume the same Gen Digital VPS (virus definition) update stream. No active exploitation or public exploit code has been identified at time of analysis; the impact is limited to availability (AV process crash) with no confidentiality or integrity consequences.

Microsoft Stack Overflow Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service in Erlang/OTP erts (inet_drv SCTP handler) lets unauthenticated remote attackers crash the BEAM VM by sending a single crafted SCTP ERROR chunk to a listening SCTP port. The flaw is a stack-based buffer overflow (CWE-121) in sctp_parse_error_chunk, with the publicly disclosed advisory from the Erlang Ecosystem Foundation (EEF) and an upstream commit confirming the fix; no public exploit identified at time of analysis, and the overflow only permits writing 16-bit values interleaved with a fixed tag, limiting impact to DoS plus minor memory disclosure.

Denial Of Service Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Stack-based buffer overflow in Erlang OTP's erl_interface C library (`ei_s_print_term`) crashes processes when decoding Erlang terms containing very large integers, causing Denial of Service. Affected OTP releases span from 17.0 through unfixed branches of 27.x, 28.x, and 29.x, making this a wide-ranging availability risk for C-language nodes that interface with the Erlang runtime. Because overflow bytes are constrained exclusively to ASCII hex digits (0-9, A-F), arbitrary code execution is not feasible - confirmed impact is process crash only. No public exploit has been identified and this CVE is not listed in the CISA KEV catalog.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP File Station 5 enables remote unauthenticated attackers to corrupt memory or destabilize processes through a network-accessible attack path requiring only passive user interaction. Affected versions are all releases prior to 5.5.6.5243; QNAP's own security team (security@qnapsecurity.com.tw) discovered and disclosed the issue via advisory QSA-26-27. No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the unauthenticated network attack vector lowers the bar for opportunistic targeting of QNAP NAS deployments.

Stack Overflow Buffer Overflow File Station
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP File Station 5 allows unauthenticated remote attackers to corrupt process memory or crash the file management service when a victim user passively interacts with a crafted input. Affected versions are all File Station 5 releases prior to 5.5.6.5243, running on QNAP NAS devices accessible over the network. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog; QNAP has confirmed and released a fix in version 5.5.6.5243 via advisory QSA-26-32.

Stack Overflow Buffer Overflow File Station
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Stack-based buffer overflow in QNAP File Station 5 versions 5.5.0 through 5.5.6.5208 allows authenticated remote attackers to corrupt memory and crash processes on affected NAS deployments. CVSS 4.0 score of 8.7 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Stack Overflow Buffer Overflow File Station 5
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflows in SimpleBLE prior to version 0.14.0 allow remote attackers within Bluetooth range to crash applications by transmitting crafted BLE advertisements containing oversized manufacturer-specific data or service data, requiring no pairing or connection. A separate local overflow exists in the dongl backend's Protocol::simpleble_write function via caller-controlled input. No public exploit identified at time of analysis, but the patch diff and acknowledgement to researcher Mr-IoT confirm three tracked issues (EVE-2026-001/002/003).

Stack Overflow Buffer Overflow Simpleble
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs via a stack-based buffer overflow triggered when a victim opens a malicious PDF. Successful exploitation runs attacker code in the context of the current user, making this a viable initial-access vector through phishing or drive-by document delivery. No public exploit identified at time of analysis, but the bug class (CWE-121) and Acrobat's broad install base historically attract weaponization quickly after disclosure.

Adobe Stack Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. The flaw is locally exploitable via file-format parsing and requires user interaction, with no public exploit identified at time of analysis. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability but constrained reachability through the document-open vector.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document, triggering a stack-based buffer overflow (CWE-121) that runs attacker code in the context of the current user. Adobe issued advisory APSB26-58 for this issue; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a victim opens a malicious document file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. The issue was reported by Adobe and addressed in security bulletin APSB26-58.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a user opens a malicious document. Successful exploitation runs attacker-controlled code in the context of the current user, but requires social engineering since the attack vector is local and user interaction is mandatory. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services allows an authenticated network attacker to trigger a stack-based buffer overflow (CWE-121) and execute arbitrary code on the targeted domain controller. With CVSS 8.8 (AV:N/AC:L/PR:L/UI:N) and high impact across confidentiality, integrity, and availability, successful exploitation could enable full domain compromise. There is no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible via a heap-based buffer overflow that an unauthorized attacker can trigger without user interaction, yielding full confidentiality, integrity, and availability impact on the host. The flaw is rated 8.4 (CVSS:3.1) and was disclosed by Microsoft's Security Response Center, but no public exploit has been identified at the time of analysis. Despite the CWE-121 tagging as a stack overflow, the description and CWE-122 class indicate the corruption occurs on the heap, so defenders should treat this as a memory-corruption RCE-class issue requiring prompt patching.

Microsoft Stack Overflow Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Windows DHCP Client is possible when a stack-based buffer overflow (CWE-121) is triggered by a crafted DHCP server response, allowing an unauthorized network attacker to run arbitrary code with no user interaction. The flaw carries a CVSS 9.8 critical rating reflecting network reachability, low complexity, and full impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Because the DHCP client runs early in the network stack on virtually every Windows host, successful exploitation grants attacker-controlled code execution in a highly privileged context.

Microsoft Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.

Netgear Stack Overflow Buffer Overflow +14
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Stack buffer overflow in 389 Directory Server's pw.c checkPrefix() function allows a network-accessible Directory Manager to crash the LDAP server by storing a crafted credential with an oversized algorithm ID. The vulnerable code copies attacker-controlled input into a fixed 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. FORTIFY_SOURCE compiler hardening constrains impact to denial of service - preventing arbitrary code execution - but service disruption against a critical authentication infrastructure component remains operationally significant. No public exploit identified at time of analysis.

Denial Of Service Stack Overflow Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP QTS and QuTS hero NAS operating systems enables an authenticated administrator to corrupt stack memory or crash processes via a network-accessible attack path. Affected versions span QTS 5.2.x and multiple QuTS hero release trains (h5.2.x, h5.3.x, h6.0.x), with vendor-released patches dated February-May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory high-privilege prerequisite substantially limits realistic attack surface.

Stack Overflow Qnap Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated remote memory corruption in the SAP Kernel of SAP NetWeaver Application Server ABAP and ABAP Platform allows attackers to compromise confidentiality, integrity, and availability by sending crafted RFC requests that trigger logical errors in memory management. The CVSS 9.8 score reflects network-reachable, no-privileges, no-interaction exploitation against a foundational SAP component, though no public exploit identified at time of analysis and exploitation status beyond the vendor disclosure is not confirmed in CISA KEV.

SAP Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, though a research write-up referencing the vulnerable function exists in a public GitHub repository. The combination of network-reachable attack surface, no authentication requirement, and low complexity makes opportunistic abuse against exposed admin interfaces realistic.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. No public exploit identified at time of analysis, though a research repository documenting the flaw is referenced. The CVSS 7.5 (High) score reflects pure availability impact with no confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request containing an oversized macAddr parameter to the formDelStaState handler. The flaw is a stack-based buffer overflow with high availability impact and no confidentiality/integrity loss per CVSS, and no public exploit identified at time of analysis beyond a research repository on GitHub.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. No public exploit identified at time of analysis, though a researcher-published proof-of-concept repository on GitHub documents the issue. EPSS and KEV data are not provided, but the network-reachable, no-auth, no-interaction CVSS vector makes this a credible risk for any exposed management interface.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the Tenda O3 Wireless Router (firmware v1.0.0.5(4180)) allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the ip parameter of the fromNetToolGet function. Publicly available exploit code exists in a GitHub research repository, though EPSS rates exploitation probability at only 0.02% and the issue is not on CISA KEV. Impact is limited to availability (the CVSS A:H, C:N, I:N profile), making this primarily a device-crash bug rather than a code-execution vector based on the reported analysis.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack-based buffer overflows in the formwrlSSIDset handler. The flaw is reachable without authentication or user interaction (CVSS 7.5, AV:N/AC:L/PR:N), but EPSS is only 0.01% and no public exploit identified at time of analysis suggests low near-term mass-exploitation likelihood despite the trivial attack surface.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted MP4 file that triggers a stack buffer overflow in the filein_process function. The flaw resides in in_file.c and impacts availability only, with no confirmed code-execution path; no public exploit identified at time of analysis, though POC details may surface via the linked infosec.exchange post.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.01% (2nd percentile), suggesting low near-term mass-exploitation likelihood despite the network-reachable attack surface. The flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda O3v3 firmware v1.0.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formSetCfm handler. No public exploit identified at time of analysis, and EPSS is very low (0.01%), but the network-reachable, no-authentication attack surface on a CPE/router device makes this relevant for exposed deployments.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing a malicious wl_radio parameter to the formWifiRadioSet function. EPSS scoring (0.01%, 2nd percentile) indicates very low real-world exploitation probability, and no public exploit identified at time of analysis beyond a research repository referencing the vulnerable function.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware version 15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, and EPSS scoring of 0.01% indicates very low predicted exploitation probability, though a research repository hosting analysis artifacts exists on GitHub.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers stack-based buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. CVSS 7.5 reflects the network-reachable, no-privilege availability impact, while EPSS sits at 0.01% (2nd percentile) and no public exploit identified at time of analysis indicates limited near-term opportunistic exploitation despite the easy attack profile.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda O3 Wireless Router firmware v1.0.0.5(4180) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack buffer overflows in the fromVirtualSer function. Five distinct overflow sinks (puVar2, puVar1, __s2, __s1_00, puVar3) are reachable via the same handler. No public exploit identified at time of analysis, and EPSS rates exploitation likelihood at 0.01%, but a research repository with vulnerability artifacts is referenced.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows unauthenticated remote attackers to crash the device by sending crafted HTTP requests with oversized username or password parameters that overflow stack buffers in the R7WebsSecurityHandler function. The flaw affects the router's web management interface and carries a CVSS 7.5 (availability-only impact); no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device by supplying an oversized wl_radio parameter to the formwrlSSIDget function. Impact is limited strictly to Denial of Service (availability loss); no confidentiality or integrity impact is possible per CVSS vector analysis. No public exploit identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02% (5th percentile), placing this firmly in the lower-priority tier despite the High availability impact rating.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects easy network-based exploitation with high availability impact but no confidentiality or integrity loss, and no public exploit identified at time of analysis beyond a research repository reference.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple stack-based buffer overflows in Tenda G0 router firmware v15.11.0.5 allow network-adjacent or remote attackers to crash the device by sending crafted HTTP requests to the `formSetDebugCfgr` debug configuration endpoint, with three independent overflow vectors (`enable`, `level`, `module` parameters) each capable of triggering a denial-of-service condition. The official CVSS vector includes UI:R, suggesting a possible CSRF-style delivery mechanism requiring an authenticated administrator to be tricked into issuing the malicious request, which meaningfully constrains exploitation compared to a purely unauthenticated remote attack. No public exploit confirmed in CISA KEV; an associated GitHub repository referenced in the CVE may contain proof-of-concept material, though EPSS remains extremely low at 0.01% (2nd percentile).

Tenda Stack Overflow Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Tenda US_W3V1.0BR router firmware v1.0.0.3 allows unauthenticated network attackers to crash the device by sending a crafted value in the 'Go' parameter to the ask_to_reboot function, triggering a stack-based buffer overflow. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service via stack buffer overflow affects the Tenda O3 wireless router firmware v1.0.0.5(4180), where the fromNetToolGet handler fails to bound-check the domain parameter supplied in HTTP requests. Remote attackers can crash the router's web management service by sending a crafted request, disrupting network connectivity for downstream clients. SSVC flags the issue as proof-of-concept with automatable exploitation and partial technical impact, though EPSS remains low at 0.01% and no in-the-wild exploitation has been confirmed.

Tenda Denial Of Service Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) allows remote unauthenticated attackers to crash the device by sending crafted input to the wl_radio parameter of the formwrlSSIDset function, triggering a stack-based buffer overflow. Publicly available exploit research exists in a GitHub repository, but no public exploit identified for weaponized use at time of analysis and the issue is not listed in CISA KEV. The CVSS 7.5 score reflects high availability impact without confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Stack-based buffer overflow in Tenda O3 Wireless Router firmware v1.0.0.5(4180) enables authenticated remote attackers to crash the device by submitting an oversized username value to the R7WebsSecurityHandler HTTP handler. The CVSS vector (PR:H) confirms that exploitation requires high-privilege authentication, constraining the attack surface to compromised admin credentials or insider threat scenarios. No public exploit identified at time of analysis and EPSS sits at the 2nd percentile (0.01%), reflecting low observed exploitation interest.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) allows adjacent-network unauthenticated attackers to crash the device via a crafted Go parameter submitted to the ask_to_reboot function, resulting in a complete Denial of Service condition. The vulnerability carries a CVSS 6.5 score with High availability impact but no confidentiality or integrity loss, and the attack vector is constrained to adjacent network access. No public exploit confirmation or CISA KEV listing is present, and EPSS at 0.02% (5th percentile) indicates low observed exploitation probability at time of analysis.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device via the formSetCfm HTTP endpoint. The vulnerability resides in the param_1 parameter of the formSetCfm function, where insufficient input validation allows a crafted HTTP request to overflow a stack buffer, resulting in a Denial of Service. A public GitHub repository linked in the references (xhh0124/SemVulLLM) appears to document or demonstrate the issue; no public exploit identified at time of analysis beyond that reference, and the EPSS score of 0.01% (2nd percentile) reflects very low exploitation probability.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Stack-based buffer overflow in CPython's bz2.BZ2Decompressor allows remote attackers to crash Python applications by sending crafted bzip2 data when the application reuses the decompressor object after catching a prior OSError. The flaw stems from libbz2's internal state being left inconsistent after a decompression error, and reuse causes out-of-bounds writes to a stack buffer. No public exploit identified at time of analysis and the issue is not in CISA KEV; the practical impact is denial of service against Python services that process untrusted bzip2 streams.

Stack Overflow Buffer Overflow Cpython
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda F451 router (firmware 1.0.0.7 and 1.0.0.9) Web Management Interface allows remote authenticated attackers to corrupt memory by sending a crafted 'page' argument to the fromNatlimit handler at /goform/Natlimit. Publicly available exploit code exists, raising practical risk for exposed or LAN-reachable devices, though no public exploit identified as actively used in CISA KEV at time of analysis.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda HG7, HG9, and HG10 XPON ONT routers (firmware 300001138_en_xpon) allows authenticated remote attackers to corrupt memory via the encodename parameter of the formPPPEdit handler at /boaform/formPPPEdit. Publicly available exploit code exists (hosted on GitHub by researcher xiezhihua-1127), elevating practical risk despite no confirmed active exploitation in CISA KEV. Successful exploitation yields high impact to confidentiality, integrity, and availability on the affected device.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda AC18 router (firmware 15.03.05.05) Web Management Interface allows remote attackers with low privileges to corrupt memory by manipulating the callback argument sent to /goform/getRebootStatus. The flaw, handled by the sub_45304 function, has publicly available exploit code and enables high impact to confidentiality, integrity, and availability of the device. No public exploit identified as actively exploited in CISA KEV, but POC publication raises the risk of opportunistic attacks against exposed management interfaces.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corrupt memory via the wifiFilterListRemark parameter of the /goform/modifyWifiFilterRules endpoint in the Web Management Interface. Publicly available exploit code exists per VulDB disclosure, raising the practical risk for exposed management interfaces, though no public exploit identified at time of analysis confirms active in-the-wild exploitation. CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low privileges required.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W20E firmware 15.11.0.6 allows authenticated remote attackers to corrupt memory via the gotoUrl parameter handled by the formPortalAuth function in /goform/PortalAuth of the Web Management Interface. Publicly available exploit code exists, raising the likelihood of opportunistic targeting of internet-exposed router management interfaces, though no public exploit identified as actively exploited per CISA KEV at time of analysis.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corrupt memory via the portMirrorMirroredPorts parameter handled by formSetPortMirror in /goform/setPortMirror. Publicly available exploit code exists, raising the practical risk for exposed management interfaces, though no CISA KEV listing or EPSS data is provided to confirm widespread exploitation. The flaw enables high impact on confidentiality, integrity, and availability of the device per the CVSS 4.0 vector.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda CX12L 16.03.53.12 routers allows remote attackers with low privileges to corrupt memory via the setSchedWifi function in /goform/openSchedWifi by manipulating the schedStartTime or schedEndTime parameters. Publicly available exploit code exists per VulDB, raising the practical risk despite the vulnerability not yet being listed in CISA KEV. The flaw impacts the Wi-Fi Schedule Configuration Endpoint and can lead to high confidentiality, integrity, and availability impact on the device.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda CX12L router (firmware 16.03.53.12) allows authenticated remote attackers to corrupt memory via the ssid parameter of the /goform/fast_setting_wifi_set endpoint, handled by the form_fast_setting_wifi_set function. Publicly available exploit code exists per VulDB disclosure, raising the likelihood of opportunistic exploitation against exposed management interfaces. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact bounded by a low-privilege requirement.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Stack-based buffer overflow in Tenda HG7HG9 and HG10 routers (firmware 300001138_en_xpon) allows remote attackers to corrupt memory via the blkDomain parameter in the formDOMAINBLK handler at /boaform/formDOMAINBLK. The CVSS 4.0 score of 9.3 reflects network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability, and a public proof-of-concept repository has been published on GitHub by researcher ssaaaa1234, though no public exploit has been confirmed as active exploitation.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflow in Tenda HG7, HG9, and HG10 ONT/router devices (firmware 300001138_en_xpon) allows authenticated remote attackers to corrupt memory by manipulating the funckey_transfer parameter sent to the /boaform/voip_other_set endpoint handled by the asp_voip_OtherSet function. Publicly available exploit code exists via a dedicated GitHub proof-of-concept repository, and the flaw scores CVSS 4.0 8.7 with full confidentiality, integrity, and availability impact. No public exploit identified in CISA KEV at time of analysis, but exposure of the Web Management Interface to untrusted networks materially raises real-world risk.

Tenda Stack Overflow Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda AC1206 routers (firmware v15.03.06.23) is triggered by stack-based buffer overflows in the fromGstDhcpSetSer function reachable through the username and password parameters of a crafted HTTP request. Remote attackers with network reach to the device's web management interface can crash the service without authentication, and no public exploit identified at time of analysis although proof-of-concept research material is hosted on GitHub.

Denial Of Service Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Denial of service in Tenda FH451 router firmware V1.0.0.9 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the list1 parameter of the fromDhcpListClient function. Publicly available exploit code exists in a GitHub research repository, though the vulnerability is not listed in CISA KEV and no EPSS score has been published at time of analysis. Impact is limited to availability - no confidentiality or integrity loss is indicated.

Denial Of Service Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in JingDong JD Cloud Box AX6600 firmware 4.5.3.r4546 allows authenticated remote attackers to corrupt memory via the set_macfilter function in /sbin/jdcweb_rpc, potentially achieving arbitrary code execution on the router. Publicly available exploit code exists (archive hosted on cdn2.v50to.cc), increasing the likelihood of opportunistic abuse against exposed devices. The vendor did not respond to coordinated disclosure, so no fix is currently confirmed.

Stack Overflow Buffer Overflow Jd Cloud Box Ax6600
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Stack-based buffer overflow in TP-Link Tapo C520WS v2 allows an authenticated attacker with adjacent network access to crash the device's ONVIF service by submitting a crafted DeleteUsers request containing an excessive number of user identifiers, causing a denial-of-service condition that disrupts camera management and monitoring functionality. The CVSS:4.0 vector (VC:N/VI:N/VA:H) confirms impact is strictly limited to availability - no confidentiality or integrity compromise is achievable. No public exploit identified at time of analysis and no active exploitation has been confirmed.

Stack Overflow Buffer Overflow Tapo C520Ws V2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Stack-based buffer overflow in the ONVIF CreateUsers service of the TP-Link Tapo C520WS v2 IP camera allows an authenticated, adjacent-network attacker to crash the ONVIF management process by sending a crafted request with an excessive number of XML user nodes. Exploitation results in a denial-of-service condition that disrupts ONVIF-based device configuration and management until the service recovers or the device is rebooted. No public exploit code or CISA KEV listing has been identified at time of analysis; the vendor (TP-Link) has released a firmware patch.

Stack Overflow Buffer Overflow Tapo C520Ws V2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in X.Org X server and Xwayland stems from an incomplete fix for CVE-2025-26597, where CheckKeyTypes() fails to clamp non-canonical key types to XkbMaxShiftLevel, enabling stack-based buffer overflows. Authenticated local users on Red Hat Enterprise Linux 6 through 10 can crash the display server or, when X runs as root, escalate to root privileges. No public exploit identified at time of analysis, though the upstream commit reveals the vulnerable code path and the prior CVE-2025-26597 has known exploitation history.

Canonical Stack Overflow Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Stack-based buffer overflow in X.Org X server and Xwayland's _XkbSetMapChecks() function allows local authenticated attackers to crash the server or potentially escalate privileges to root when the X server runs with elevated privileges. The flaw resides in CheckKeyTypes() writing to a fixed mapWidths[256] stack buffer at a client-controlled offset, affecting Red Hat Enterprise Linux versions 6 through 10. No public exploit identified at time of analysis, but an upstream fix has been merged into the xserver repository.

Stack Overflow Buffer Overflow Privilege Escalation +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in the X.Org X server and Xwayland stems from a stack-based buffer overflow during font alias resolution, where a 256-byte server-side stack buffer is overrun by libXfont2 alias target names of up to 1023 bytes. An authenticated local attacker who can influence font alias files can crash the server or, when the X server runs as root, escalate to root privileges. No public exploit is identified at time of analysis and CVSS is 7.8 (Local/Low complexity/Low privileges).

Stack Overflow Buffer Overflow Privilege Escalation +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda FH451 V1.0.0.9 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the page parameter handler of the fromDhcpListClient function. EPSS exploitation probability is very low (0.01%, 3rd percentile) and no public exploit identified at time of analysis, though proof-of-concept artifacts appear to be hosted in a public GitHub research repository. The flaw is not listed in CISA KEV.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Stack-based buffer overflow in the Skia graphics library shipped with Google Chrome versions prior to 149.0.7827.53 lets a remote attacker corrupt the renderer process stack by serving a crafted HTML page, with potential for arbitrary code execution within the sandbox. The flaw carries a CVSS 3.1 base score of 8.8 (network vector, user interaction required) and no public exploit identified at time of analysis, while a very low EPSS score of 0.03% (10th percentile) suggests no current mass-exploitation pressure despite the high impact rating.

Google Stack Overflow Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to potentially break out of the sandbox via a stack buffer overflow in the GPU component triggered by a crafted HTML page. Chromium rates this as Critical severity, and while no public exploit has been identified at time of analysis, the vendor has released a patched stable channel build addressing the issue.

Google Stack Overflow Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Stack-based buffer overflow in Samsung Open Source rlottie's FreeType-derived cubic Bezier rasterizer allows a local attacker, via a crafted Lottie animation file, to crash the embedding application or potentially corrupt stack memory. The vulnerable code in `gray_render_cubic` (`src/vector/freetype/v_ft_raster.cpp`) subdivides Bezier curves onto a fixed-size `bez_stack` (capacity 32×3+1 vectors) without a depth guard, so a pathologically complex curve exhausts the buffer. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Stack Overflow Samsung Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Privilege escalation to root in MBS Single-A, Double-A, Single-X, and Double-X industrial gateway product lines allows authenticated remote attackers to corrupt stack memory in the gdv-serverconfig service and seize full system control. The flaw, reported by CERT@VDE and tracked as CVE-2026-35085 with a CVSS 4.0 score of 8.7 (High), affects multiple fieldbus variants (Profibus, Profinet, KNX, LON, DALI, M-Bus, CAN, X-Link). No public exploit identified at time of analysis, and EPSS data was not supplied for this advisory.

Buffer Overflow Stack Overflow Single A +17
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Privilege escalation to root via stack buffer overflow in dali-devconfig affects MBS gateway products including Single-A, Single-X, and the Double-A/Double-X family (Profibus, X-Link, CAN, DALI, KNX, LON, M-Bus, Profinet). A remote attacker holding low-level user credentials can exploit the flaw to gain full system access, with CVSS 4.0 scoring it 8.7 (High). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Stack Overflow Single A +17
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Privilege escalation to root in MBS industrial protocol gateways (Single-A, Double-A, Single-X, Double-X product lines covering Profibus, Profinet, KNX, DALI, LON, M-Bus, CAN, and X-Link variants) is achievable by an authenticated remote user via a stack buffer overflow. The CVSS 4.0 base score of 8.7 reflects network-reachable exploitation with low complexity and only user-level privileges required, leading to full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis, and the issue was coordinated through CERT@VDE (advisory VDE-2026-039), indicating responsible disclosure rather than in-the-wild abuse.

Buffer Overflow Stack Overflow Single A +17
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in FreeIPMI versions before 1.16.18 allows remote attackers to crash the ipmi-oem client by sending malformed IPMI response messages that trigger stack-based buffer overflows in the 'dell get-active-directory-config' and 'fujitsu get-sel-entry-long-text' subcommands. The flaw is client-side: a victim must invoke the affected subcommand against an attacker-controlled or compromised IPMI endpoint. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Dell Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Stack-based buffer overflow in CZ.NIC BIRD Internet Routing Daemon through 2.19.0 allows an established BGP peer to crash the daemon by sending a crafted AS_PATH exceeding 2048 expanded ASNs when RFC 8654 Extended Messages are enabled and an AS path mask filter is active. The as_path_match() function in nest/a-path.c uses a fixed 2049-entry stack array while parse_path() expands AS_PATH segments without enforcing a corresponding capacity limit, causing a write beyond the stack buffer boundary and a daemon crash. No public exploit identified at time of analysis; notably, the vendor has explicitly declined to prioritize a fix, instead citing operator best-practice filtering as the expected mitigation.

Buffer Overflow Stack Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in TP-Link Tapo C200 v5 IP cameras allows adjacent network attackers to crash the RTSP service and force a device reboot by sending a crafted Authorization header in an RTSP authentication request. The flaw is a stack-based buffer overflow (CWE-121) in the RTSP authentication handler; no public exploit identified at time of analysis, but vendor-acknowledged and patched firmware is available from TP-Link.

Buffer Overflow TP-Link Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 network camera firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root by sending a crafted POST request to the export_language.cgi administrative endpoint. The CGI handler passes an attacker-controlled Content-Length HTTP header value directly to fread() with no bounds validation, overflowing a 0x60-byte stack buffer and overwriting the saved link register; the binary's lack of stack canaries eliminates the primary runtime defense against this class of attack. A researcher-published proof-of-concept exists on GitHub, though EPSS stands at 0.05% (17th percentile) and the vulnerability is not currently listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation at time of analysis.

Buffer Overflow RCE Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in VIVOTEK FD8136 network camera (firmware VVTK-0300a) is possible via a stack-based buffer overflow in the set_getparam.cgi component, reachable over the network without authentication. CVSS 7.3 reflects partial CIA impact, but the presence of public vulnerability-research artifacts on GitHub indicates publicly available exploit code exists, while EPSS remains low at 0.05% (17th percentile) and the issue is not currently listed in CISA KEV.

Buffer Overflow RCE Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 firmware FD8136-VVTK-0300a grants authenticated remote attackers root-level code execution by supplying an oversized POST parameter to any of three symlinked CGI admin endpoints. The vulnerable `motion_privacy.cgi` binary copies the `n1` parameter into a fixed 164-byte (0xa4) stack buffer with no bounds check and no stack canary protection, overwriting the saved link register and diverting execution to attacker-controlled code. A public proof-of-concept is available on GitHub; no active exploitation has been confirmed in CISA KEV at time of analysis.

Buffer Overflow RCE Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Local privilege escalation in Qualcomm Snapdragon platforms stems from a stack-based memory corruption triggered while processing display command line information with an uninitialized variable. With CVSS 7.2 and a physical attack vector requiring high privileges, the flaw allows a privileged local attacker to corrupt memory and impact confidentiality, integrity, and availability across a changed security scope. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Stack Overflow Snapdragon
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Stack-based buffer overflow in Qualcomm Snapdragon corrupts memory during a data copy operation when the output buffer is sized smaller than the input buffer, enabling a high-privileged local attacker to achieve full compromise of confidentiality, integrity, and availability on affected devices. Rooted in CWE-121, this vulnerability can allow control-flow hijacking via stack memory overwrite on Snapdragon-based platforms. No public exploit identified at time of analysis and no CISA KEV listing, but the high-impact triad (C:H/I:H/A:H) warrants prompt patching in environments where privileged access is shared or contested.

Buffer Overflow Stack Overflow Snapdragon
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Stack-based buffer overflow in Qualcomm Snapdragon Windows drivers allows a locally authenticated high-privilege attacker to cause memory corruption by sending a malformed trusted application request. The vulnerability affects Snapdragon-based systems running Windows drivers and can result in complete compromise of confidentiality, integrity, and availability. No public exploit code exists and no active exploitation has been confirmed at time of analysis.

Microsoft Buffer Overflow Stack Overflow
NVD
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware up to 2.5.3-170306) allows authenticated remote attackers to corrupt memory via the Profile parameter in the /goform/formFireWall endpoint, where unsafe strcpy usage processes the input. Publicly available exploit code exists, increasing the realistic risk of attempted compromise against exposed management interfaces. No CISA KEV listing has been published, so exploitation is not yet confirmed active in the wild.

Buffer Overflow Stack Overflow Hiper 1200Gw
NVD VulDB GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow RCE Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware versions up to 2.5.3-170306) allows remote authenticated attackers to corrupt memory via the strcpy function in the /goform/formTaskEdit endpoint. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges. No KEV listing or EPSS data is provided in the input, so widespread automated exploitation has not been confirmed.

Buffer Overflow Stack Overflow Hiper 1200Gw
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH POC Monitor

Stack-based buffer overflow in microtar through 0.1.0 allows remote attackers to corrupt stack memory and potentially achieve code execution when an application using the library parses a malicious TAR archive. The flaw in raw_to_header() uses strcpy() on non-null-terminated 100-byte ustar fields, enabling writes of up to 355 bytes into a 100-byte buffer. Publicly available exploit code exists and the issue was reported by VulnCheck, raising the practical risk despite no current CISA KEV listing.

Buffer Overflow Stack Overflow Microtar
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to crash the daemon or potentially execute arbitrary code by sending an oversized CREATE request. The flaw is tracked under CWE-121 with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L), reported by Red Hat against RHEL 6 through 10, and there is no public exploit identified at time of analysis.

Buffer Overflow RCE Denial Of Service +6
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link DI-7001 MINI routers (firmware up to 19.09.19A1) allows authenticated remote attackers to corrupt memory via the Time parameter passed to the sprintf function in /httpd_debug.asp. Publicly available exploit code exists on GitHub, and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low privilege requirement and no user interaction. The vulnerability targets an embedded networking appliance commonly deployed at SMB and branch-office perimeters, increasing exposure risk where the management interface is reachable.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 9.2
CRITICAL POC PATCH Act Now

Remote code execution in Poly Voice products on Linux is possible through a stack-based buffer overflow reachable when administrators enable Interactive Connectivity Establishment (ICE). Unauthenticated network attackers can trigger the flaw without user interaction, and no public exploit has been identified at time of analysis. HP rates the issue at CVSS 4.0 9.2 (Critical), driven by network reachability and full confidentiality, integrity, and availability impact.

Buffer Overflow RCE Stack Overflow
NVD
Prev Page 2 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy