Skip to main content

Stack Overflow

2223 CVEs technique

Monthly

CVE-2026-4489 HIGH POC This Week

Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 allows authenticated remote attackers to achieve complete system compromise through the /goform/fast_setting_wifi_set endpoint. Public exploit code is available and actively being weaponized against this unpatched vulnerability. Attackers with network access and valid credentials can execute arbitrary code with full system privileges.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4486 HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 via stack-based buffer overflow in the /goform/formEasySetPassword endpoint allows unauthenticated attackers to achieve full system compromise through a malicious curTime parameter. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with network access can execute arbitrary code with high privileges without user interaction.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-23276 PATCH Monitor

A stack overflow vulnerability exists in the Linux kernel's tunnel transmission functions (iptunnel_xmit and ip6tunnel_xmit) due to missing recursion limits when GRE tap interfaces operate as slaves in bonded devices with broadcast mode enabled. This allows local attackers or legitimate multicast/broadcast traffic to trigger infinite recursion between bond_xmit_broadcast() and tunnel transmission functions, causing kernel stack exhaustion and denial of service. The vulnerability affects multiple Linux kernel versions and has been resolved with the addition of IP_TUNNEL_RECURSION_LIMIT (4) to prevent excessive stack consumption during nested tunnel packet encapsulation.

Linux Denial Of Service Stack Overflow Debian Ubuntu +1
NVD VulDB
EPSS
0.0%
CVE-2026-4444 HIGH PATCH This Week

Stack buffer overflow in Google Chrome's WebRTC implementation prior to version 146.0.7680.153 enables remote attackers to corrupt stack memory and achieve code execution through maliciously crafted HTML pages. The vulnerability affects Chrome, and potentially downstream products including Chromium-based browsers, requiring only user interaction and no authentication. A patch is available across affected platforms including Ubuntu and Debian.

Google Buffer Overflow Stack Overflow Ubuntu Debian +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30872 CRITICAL Act Now

Remote code execution in OpenWrt's mDNS daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to overflow a 46-byte stack buffer by sending malformed IPv6 PTR queries over multicast DNS on UDP port 5353. The vulnerability stems from insufficient validation of domain name length before copying to a fixed-size buffer, enabling arbitrary code execution on affected embedded devices. No patch is currently available.

RCE Buffer Overflow Stack Overflow Openwrt
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30871 CRITICAL PATCH Act Now

Remote code execution in OpenWrt mdns daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to crash the service or execute arbitrary code by sending specially crafted DNS PTR queries to UDP port 5353, exploiting a stack buffer overflow in the parse_question function. The vulnerability occurs when domain names are expanded and copied without bounds checking, with non-printable characters inflating the payload beyond the fixed 256-byte buffer. No patch is currently available for affected embedded device deployments.

Buffer Overflow Stack Overflow Openwrt
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0819 LOW PATCH Monitor

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality.

Buffer Overflow Stack Overflow Wolfssl
NVD GitHub VulDB
CVSS 4.0
2.2
EPSS
0.0%
CVE-2026-32743 MEDIUM This Month

Stack-based buffer overflow in PX4 autopilot versions 1.17.0-rc2 and below allows attackers with MAVLink link access to crash the flight controller by exploiting an unconstrained sscanf operation in the MavlinkLogHandler. An attacker can trigger this by creating deeply nested directories via MAVLink FTP and then requesting the log list, causing the MAVLink task to crash and resulting in loss of telemetry and command capability. This denial of service affects drone and unmanned vehicle systems relying on vulnerable PX4 versions.

Buffer Overflow Denial Of Service Stack Overflow IoT
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31971 HIGH PATCH This Week

HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buffer overflow vulnerability in its CRAM format decoder. The vulnerability exists in the `cram_byte_array_len_decode()` function which fails to validate that unpacked data matches the output buffer size, affecting HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1. An attacker can craft a malicious CRAM file that, when opened by a user, triggers either a heap or stack overflow with attacker-controlled bytes, potentially leading to arbitrary code execution, program crash, or memory corruption.

Buffer Overflow Stack Overflow Heap Overflow Denial Of Service RCE +3
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-31968 HIGH PATCH This Week

HTSlib contains a buffer overflow vulnerability in its CRAM format decoder affecting the VARINT and CONST encoding handlers, where incomplete context validation allows writes of up to eight bytes beyond heap allocation boundaries or into stack-allocated single-byte variables. This vulnerability affects HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1, and impacts any application using the library to process CRAM-formatted bioinformatics data files. An attacker can craft a malicious CRAM file to trigger heap or stack overflow conditions, potentially leading to denial of service, memory corruption, or arbitrary code execution when processed by a vulnerable application.

Buffer Overflow Stack Overflow Heap Overflow Denial Of Service RCE +3
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-22321 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2708 Pn Fl Switch Tsn 2316 Fl Switch 2206c 2fx +68
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22320 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Denial Of Service Stack Overflow Fl Switch 2512 2gc 2sfp Fl Switch 2206 2sfx Pn +69
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22319 MEDIUM PATCH This Month

Denial of service in Stack Overflow and Fl networking devices results from a stack-based buffer overflow in the file installation workflow that can be triggered by high-privileged attackers through oversized POST parameters. An authenticated attacker with elevated privileges can crash the affected service by exploiting this memory corruption vulnerability. No patch is currently available for the impacted products.

Buffer Overflow Stack Overflow Fl Switch 2516 Fl Switch 2207 Fx Sm Fl Switch 2314 2sfp +68
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-22318 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 4.9) that allows a high-privileged attacker. Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2708 Fl Switch 2105 Fl Switch 2216 Pn +68
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-22316 MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2207 Fx Sm Fl Switch 2208 Pn Fl Switch 2206 2fx St +68
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25790 MEDIUM PATCH This Month

Stack-based buffer overflow in Wazuh manager versions 3.9.0 through 4.14.3 allows remote attackers with high privileges to crash the `wazuh-analysisd` service via malformed JSON events, resulting in denial of service. The vulnerability stems from unsafe use of sprintf with floating-point format specifiers in the Security Configuration Assessment decoder, and may potentially enable remote code execution on affected Wazuh installations.

Denial Of Service Stack Overflow Buffer Overflow Wazuh
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-25772 MEDIUM PATCH This Month

Stack-based buffer overflow in Wazuh 4.4.0 through 4.14.2 allows authenticated remote attackers with high privileges to trigger an integer underflow in the database synchronization module, causing denial of service or potential code execution. The vulnerability exists in SQL query construction logic within wdb_delta_event.c where improper size calculations on buffers exceeding 2048 bytes can corrupt the stack. A patch is available in version 4.14.3.

Denial Of Service Buffer Overflow Stack Overflow Wazuh
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-4226 HIGH POC This Week

Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow Bl Wr9000
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4214 HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow D-Link Stack Overflow Dns 320lw Dns 323 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4213 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026.

Stack Overflow Buffer Overflow D-Link Dns 120 Dns 340l +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4212 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow Dns 1550 04 Dns 343 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4211 HIGH POC This Week

Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption.

D-Link Buffer Overflow Stack Overflow Dns 315l Dns 120 +18
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4188 HIGH POC This Week

Remote code execution in D-Link DIR-619L 2.06B01 results from a stack-based buffer overflow in the formSchedule function when the curTime parameter is manipulated via the /goform/formSchedule endpoint. An authenticated remote attacker can exploit this vulnerability to achieve full system compromise, and public exploit code is currently available. This vulnerability affects only end-of-life devices that no longer receive security updates.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-4185 LOW POC PATCH Monitor

Stack-based buffer overflow vulnerability in GPAC's MP4Box component, specifically in the swf_def_bits_jpeg function of src/scene_manager/swf_parse.c, affecting versions up to 2.5-DEV-rev2167. An authenticated attacker can exploit this remotely by manipulating the szName argument to cause a stack overflow, resulting in information disclosure, data modification, or denial of service. A public proof-of-concept exists, and a vendor patch is available; exploitation requires valid credentials (CVSS 6.3 with authenticated access requirement).

Stack Overflow Buffer Overflow Gpac
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-4184 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available on GitHub, making this vulnerability actively exploitable. However, D-Link no longer supports this product, meaning no patch will be released.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4183 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 router firmware version 1.10CNB05, affecting the wireless configuration interface (/goform/form2WlanBasicSetup.cgi). A publicly available proof-of-concept exploit exists, allowing remote attackers without authentication to achieve complete system compromise. The vulnerability affects end-of-life products no longer supported by D-Link, making patches unlikely.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4182 CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow Dir 816
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4181 HIGH POC This Week

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (firmware version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-4172 HIGH POC This Week

Stack-based buffer overflow vulnerability in TRENDnet TEW-632BRP firmware version 1.010B32, specifically in the ping_response.cgi file's HTTP POST request handler. An authenticated attacker with high privileges can exploit this vulnerability remotely to achieve code execution with high impact to confidentiality, integrity, and availability. A public proof-of-concept exploit is available on GitHub, though the vulnerability is not listed in CISA KEV and no EPSS score is provided.

Buffer Overflow Stack Overflow Tew 632brp
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-4167 HIGH POC This Week

Remote code execution via stack-based buffer overflow in Belkin F9K1122 router firmware allows authenticated attackers to achieve complete system compromise through the /goform/formReboot endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The high CVSS score of 8.8 reflects the severity of unauthenticated remote exploitation potential in networked deployments.

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-32708 HIGH This Week

Stack overflow vulnerability in PX4 autopilot drone flight control software (versions prior to 1.17.0-rc2) where the Zenoh uORB subscriber fails to validate incoming payload sizes, allowing remote attackers to crash the Zenoh bridge task. No active exploitation (not in KEV), no known POC, and the local attack vector (CVSS AV:L) limits real-world impact despite the high 7.8 CVSS score.

Buffer Overflow Stack Overflow Px4 Autopilot
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32707 MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain an unbounded memcpy vulnerability in the tattu_can module that allows stack memory corruption when processing specially crafted CAN frames. An attacker with CAN bus injection capability can trigger denial of service or memory corruption in drone systems where tattu_can is enabled, potentially compromising flight safety and system stability.

Buffer Overflow Stack Overflow Px4 Autopilot
NVD GitHub VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-32705 MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain a stack overflow vulnerability in the BST telemetry probe driver that allows a malicious BST device to trigger a buffer overflow by reporting an oversized dev_name_len parameter without bounds checking. An attacker with physical access to inject a malicious BST device can crash the autopilot task or potentially achieve arbitrary code execution, impacting drone flight safety and control systems. No active KEV exploitation data or public POC is currently documented, but the vulnerability is patched in version 1.17.0-rc2.

RCE Stack Overflow Buffer Overflow Px4 Autopilot
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-3081 HIGH PATCH This Week

Stack-based buffer overflow in GStreamer's H.266 codec parser that allows remote code execution when processing malicious video files. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to trigger, such as opening a malicious media file. No active exploitation (not in KEV) or public PoC has been reported, with EPSS data unavailable.

Buffer Overflow RCE Stack Overflow Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-25823 CRITICAL Act Now

Stack overflow in HMS Networks Ewon Flexy/Cosy+ firmware.

RCE Buffer Overflow Denial Of Service Stack Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-32259 MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by stack-based buffer overflow (CVSS 6.7).

Stack Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-27267 HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.4 and 30.1 through a stack-based buffer overflow when processing malicious files. Local exploitation requires user interaction to open a crafted document, executing code with the privileges of the current user. No patch is currently available for affected versions.

Adobe Buffer Overflow Stack Overflow Illustrator
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-30980 MEDIUM This Month

iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by stack-based buffer overflow (CVSS 5.5).

Stack Overflow Buffer Overflow Iccdev
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-30897 MEDIUM This Month

Remote code execution in Fortinet FortiWeb versions 7.0 through 8.0.3 stems from a stack-based buffer overflow that authenticated attackers can exploit by sending crafted HTTP requests, provided they can bypass stack protection and ASLR mechanisms. Successful exploitation allows attackers to execute arbitrary code with the privileges of the vulnerable application. No patch is currently available for this medium-severity vulnerability affecting multiple FortiWeb releases.

Fortinet Buffer Overflow Stack Overflow Fortiweb
NVD VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2026-26738 HIGH This Week

Arbitrary code execution in Uderzo Software SpaceSniffer v.2.0.5.18 results from a buffer overflow vulnerability triggered by processing malicious .sns snapshot files. An attacker with local access can craft a specially formatted file to achieve code execution with high privileges. No patch is currently available for this vulnerability.

Buffer Overflow RCE Stack Overflow Spacesniffer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-25570 HIGH CISA Act Now

Insufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting local attackers to execute arbitrary code or trigger denial of service. The vulnerability affects all versions below the patched release, with no currently available remediation for deployed systems. Attackers with local access can leverage malformed input to corrupt the stack and gain code execution privileges.

Stack Overflow Denial Of Service RCE Buffer Overflow Sicam Siapp Sdk
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-24640 MEDIUM This Month

Arbitrary code execution in Fortinet FortiWeb 7.0.2 through 8.0.2 stems from a stack-based buffer overflow triggered by crafted HTTP requests from authenticated attackers who can bypass stack protection mechanisms. The vulnerability affects multiple FortiWeb versions and requires high privileges and specific conditions to exploit, though no patch is currently available. An authenticated attacker with sufficient privileges could leverage this flaw to execute arbitrary commands on affected systems.

Fortinet Buffer Overflow Stack Overflow Fortiweb
NVD VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-54820 HIGH This Week

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. [CVSS 8.1 HIGH]

Fortinet Buffer Overflow Stack Overflow Fortimanager
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-30929 NuGet HIGH PATCH This Week

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

Buffer Overflow Stack Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-3811 HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated remote attackers to achieve complete system compromise through a malformed page parameter in the /goform/P2pListFilter endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk of code execution and data theft.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-41766 HIGH This Week

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. [CVSS 8.8 HIGH]

Buffer Overflow Stack Overflow Universal Bacnet Router Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3810 HIGH POC This Week

Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated attackers to achieve remote code execution through a malicious page parameter in the /goform/DhcpListClient endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for deployed devices. This affects both the Tenda FH1202 router and Stack Overflow services with high severity impact on confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3809 HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve complete system compromise through manipulation of the page parameter in the /goform/NatStaticSetting function. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires valid credentials but can be exploited over the network with no user interaction.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3808 HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve full system compromise through manipulation of the webSiteId parameter in the /goform/webtypelibrary function. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the potential for complete confidentiality, integrity, and availability impact.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3823 CRITICAL Act Now

Remote code execution in Atop Technologies EHG2408-series industrial Ethernet switches (including the EHG2408 and EHG2408-2SFP firmware) allows unauthenticated attackers to hijack the device's execution flow via a stack-based buffer overflow and run arbitrary code. The flaw was reported through Taiwan's CERT (TWCERT) and carries a CVSS 4.0 base score of 9.3, reflecting fully unauthenticated network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS score is low (0.14%, 34th percentile), suggesting exploitation has not yet been observed at scale.

Buffer Overflow Stack Overflow Atop Ehg2408 2sfp Firmware Atop Ehg2408 Firmware RCE
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-3807 HIGH POC This Week

Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote attackers with low privileges to execute arbitrary code through crafted mit_ssid parameters sent to the AdvSetWrlsafeset function. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it readily exploitable in affected deployments.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3804 HIGH POC This Week

Remote code execution in Tenda i3 1.0.0.6(2204) firmware allows unauthenticated attackers to achieve full system compromise through a stack-based buffer overflow in the WifiMacFilterSet function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring immediate mitigation through network segmentation or device isolation.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3803 HIGH POC This Week

Remote code execution in Tenda i3 firmware versions up to 1.0.0.6(2204) via stack-based buffer overflow in the WiFi MAC filter function allows unauthenticated attackers to achieve full system compromise over the network. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires only low complexity to exploit and affects the confidentiality, integrity, and availability of affected devices.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3802 HIGH POC This Week

Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve code execution by manipulating the cmdinput parameter in the /goform/exeCommand function. Public exploit code exists for this vulnerability and no patch is currently available, placing affected devices at immediate risk.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3801 HIGH POC This Week

Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of ping parameters in the setAutoPing function. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3799 HIGH POC This Week

Stack overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through a malformed funcpara1 parameter in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3630 CRITICAL Act Now

Stack-based buffer overflow in Delta Electronics COMMGR2 communication management software. ICS vulnerability enabling remote code execution on industrial communication gateways.

Industrial Buffer Overflow Stack Overflow Commgr2
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3769 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware 1.0.0.3 allows remote attackers with valid credentials to achieve unauthenticated code execution through a malformed GO parameter in the WrlclientSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations using vulnerable F453 devices should implement network segmentation and access controls to mitigate exploitation risk.

Golang Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3768 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows authenticated remote attackers to achieve complete system compromise through a malformed GO parameter in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face high risk of unauthorized code execution, data theft, and service disruption.

Golang Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3732 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware allows unauthenticated remote attackers to execute arbitrary code through the cmdinput parameter in the /goform/exeCommand function, with public exploit code already available. The vulnerability affects F453 firmware version 1.0.0.3 and has a CVSS score of 8.8, enabling complete compromise of affected devices without requiring user interaction. No patch is currently available.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3729 HIGH POC This Week

Remote code execution in Tenda F453 firmware versions 1.0.0.3 and 3.As via stack-based buffer overflow in the PPTP client configuration endpoint allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3728 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware versions 1.0.0.3/1.1f allows authenticated remote attackers to execute arbitrary code through malformed funcname/funcpara1 parameters in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise potential of affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3727 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated attackers to achieve remote code execution through improper input validation in the QuickIndex handler. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at significant risk of compromise.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3726 HIGH POC This Week

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system compromise through a malicious page parameter in the webExcptypemanFilter function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, making it a significant risk for affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3715 HIGH POC This Week

Remote code execution in Wavlink WL-WN579X3-C firmware through stack-based buffer overflow in the firewall.cgi module allows unauthenticated attackers to achieve complete system compromise via manipulation of the del_flag parameter. Public exploit code exists for this vulnerability, and no patch is currently available despite vendor notification. Affected users should immediately restrict network access to the affected device until a firmware update becomes available.

Buffer Overflow Stack Overflow Wl Wn579x3 C Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3679 HIGH POC This Week

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the QuickIndex function allows unauthenticated attackers to execute arbitrary code by sending crafted requests with oversized PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and affects firmware version 1.0.0.9 and potentially other versions.

Buffer Overflow Stack Overflow F451 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3678 HIGH POC This Week

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the WAN configuration endpoint allows unauthenticated attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. Stack Overflow products are also reported as affected.

Buffer Overflow Stack Overflow Fh451 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3677 HIGH POC This Week

Stack overflow in Tenda FH451 firmware's setcfm function allows authenticated remote attackers to achieve complete system compromise through malicious funcname or funcpara1 parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.0.0.9 and enables remote code execution with high impact to confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Fh451 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-29076 MEDIUM POC PATCH This Month

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server processes by submitting HTTP POST requests with maliciously crafted RFC 5987 filename* parameters that trigger catastrophic backtracking in the regex parser. The vulnerability exploits the recursive stack-based implementation of libstdc++'s regex engine, causing uncontrolled stack growth and stack overflow. Public exploit code exists for this vulnerability.

Stack Overflow Denial Of Service Cpp Httplib Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-3613 HIGH POC This Week

Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to achieve complete system compromise through a malformed ipaddr parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables unauthenticated remote code execution with full read, write, and execution capabilities on affected devices.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-3439 MEDIUM This Month

Authenticated users can trigger a stack-based buffer overflow in SonicOS certificate handling to cause denial of service against Sonicos firewalls. The vulnerability requires administrative privileges to exploit and results in firewall crashes rather than code execution. No patch is currently available.

Buffer Overflow Stack Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-69765 HIGH POC This Week

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. [CVSS 7.5 HIGH]

RCE Stack Overflow Memory Corruption Ax3 Firmware Tenda
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-70252 HIGH POC This Week

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]

Stack Overflow Ac6 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3400 HIGH POC This Week

Remote code execution in Tenda AC15 firmware versions up to 15.13.07.13 via a stack-based buffer overflow in the /goform/TextEditingConversion endpoint allows unauthenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for deployed devices. An attacker can exploit this remotely with minimal complexity by manipulating the wpapsk_crypto2_4g parameter.

Buffer Overflow Stack Overflow Ac15 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-24497 CRITICAL Act Now

Stack-based buffer overflow in ThinkWise by SimTech Systems allows unauthenticated remote code execution via crafted network input.

Buffer Overflow Stack Overflow Thinkwise
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23747 MEDIUM This Month

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes...

Buffer Overflow Stack Overflow Denial Of Service
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-27942 npm HIGH PATCH This Week

Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the preserveOrder option enabled, causing the application to crash. An attacker can trigger this vulnerability remotely by sending specially crafted XML input, resulting in service unavailability for applications using the affected library. A patch is available in version 5.3.8 and later.

Stack Overflow Denial Of Service Fast Xml Parser Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0399 MEDIUM This Month

SonicOS management interface suffers from stack-based buffer overflow flaws in an API endpoint that allow authenticated administrators to trigger denial of service conditions through improper input validation. The vulnerability affects Stack Overflow and Sonicos products but currently lacks an available patch, leaving deployed systems exposed to authenticated attack vectors with no mitigation path.

Buffer Overflow Stack Overflow Sonicos
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-25971 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. # Magick fails to check for circular references between two MSLs, leading to a stack overflow.

Stack Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-25968 NuGet CRITICAL PATCH Act Now

Stack buffer overflow in ImageMagick's MSL (Magick Scripting Language) parser allows remote attackers to corrupt memory and potentially execute arbitrary code by supplying an MSL document with an oversized attribute value processed by msl.c. All ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected, as well as Magick.NET bindings below 14.10.3. No public exploit identified at time of analysis and EPSS is very low (0.06%, 17th percentile), but the CVSS 9.8 reflects the worst-case unauthenticated RCE potential against any service that parses attacker-controlled MSL input.

Buffer Overflow Imagemagick Stack Overflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25967 NuGet HIGH PATCH This Week

Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. No patch is currently available for this HIGH severity issue (CVSS 7.4).

Buffer Overflow Stack Overflow Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-3044 HIGH This Week

Remote code execution in Tenda AC8 firmware versions up to 16.03.34.06 allows authenticated attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP upload handler. Public exploit code exists for this vulnerability, which has no patch available. An attacker with valid credentials can trigger the overflow by manipulating the boundary parameter in multipart upload requests.

Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-61144 HIGH POC PATCH This Week

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. [CVSS 7.3 HIGH]

Stack Overflow Libtiff Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-69700 HIGH POC This Week

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Fh1203 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2962 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2961 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2960 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2959 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2958 HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2929 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 allows authenticated remote attackers to achieve complete system compromise through the /goform/fast_setting_wifi_set endpoint. Public exploit code is available and actively being weaponized against this unpatched vulnerability. Attackers with network access and valid credentials can execute arbitrary code with full system privileges.

Tenda Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in D-Link DIR-513 1.10 via stack-based buffer overflow in the /goform/formEasySetPassword endpoint allows unauthenticated attackers to achieve full system compromise through a malicious curTime parameter. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from the vendor. An attacker with network access can execute arbitrary code with high privileges without user interaction.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0%
PATCH Monitor

A stack overflow vulnerability exists in the Linux kernel's tunnel transmission functions (iptunnel_xmit and ip6tunnel_xmit) due to missing recursion limits when GRE tap interfaces operate as slaves in bonded devices with broadcast mode enabled. This allows local attackers or legitimate multicast/broadcast traffic to trigger infinite recursion between bond_xmit_broadcast() and tunnel transmission functions, causing kernel stack exhaustion and denial of service. The vulnerability affects multiple Linux kernel versions and has been resolved with the addition of IP_TUNNEL_RECURSION_LIMIT (4) to prevent excessive stack consumption during nested tunnel packet encapsulation.

Linux Denial Of Service Stack Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Stack buffer overflow in Google Chrome's WebRTC implementation prior to version 146.0.7680.153 enables remote attackers to corrupt stack memory and achieve code execution through maliciously crafted HTML pages. The vulnerability affects Chrome, and potentially downstream products including Chromium-based browsers, requiring only user interaction and no authentication. A patch is available across affected platforms including Ubuntu and Debian.

Google Buffer Overflow Stack Overflow +5
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in OpenWrt's mDNS daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to overflow a 46-byte stack buffer by sending malformed IPv6 PTR queries over multicast DNS on UDP port 5353. The vulnerability stems from insufficient validation of domain name length before copying to a fixed-size buffer, enabling arbitrary code execution on affected embedded devices. No patch is currently available.

RCE Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in OpenWrt mdns daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to crash the service or execute arbitrary code by sending specially crafted DNS PTR queries to UDP port 5353, exploiting a stack buffer overflow in the parse_question function. The vulnerability occurs when domain names are expanded and copied without bounds checking, with non-printable characters inflating the payload beyond the fixed 256-byte buffer. No patch is currently available for affected embedded device deployments.

Buffer Overflow Stack Overflow Openwrt
NVD GitHub VulDB
EPSS 0% CVSS 2.2
LOW PATCH Monitor

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality.

Buffer Overflow Stack Overflow Wolfssl
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in PX4 autopilot versions 1.17.0-rc2 and below allows attackers with MAVLink link access to crash the flight controller by exploiting an unconstrained sscanf operation in the MavlinkLogHandler. An attacker can trigger this by creating deeply nested directories via MAVLink FTP and then requesting the log list, causing the MAVLink task to crash and resulting in loss of telemetry and command capability. This denial of service affects drone and unmanned vehicle systems relying on vulnerable PX4 versions.

Buffer Overflow Denial Of Service Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buffer overflow vulnerability in its CRAM format decoder. The vulnerability exists in the `cram_byte_array_len_decode()` function which fails to validate that unpacked data matches the output buffer size, affecting HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1. An attacker can craft a malicious CRAM file that, when opened by a user, triggers either a heap or stack overflow with attacker-controlled bytes, potentially leading to arbitrary code execution, program crash, or memory corruption.

Buffer Overflow Stack Overflow Heap Overflow +5
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

HTSlib contains a buffer overflow vulnerability in its CRAM format decoder affecting the VARINT and CONST encoding handlers, where incomplete context validation allows writes of up to eight bytes beyond heap allocation boundaries or into stack-allocated single-byte variables. This vulnerability affects HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1, and impacts any application using the library to process CRAM-formatted bioinformatics data files. An attacker can craft a malicious CRAM file to trigger heap or stack overflow conditions, potentially leading to denial of service, memory corruption, or arbitrary code execution when processed by a vulnerable application.

Buffer Overflow Stack Overflow Heap Overflow +5
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2708 Pn +70
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Denial Of Service Stack Overflow +71
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Denial of service in Stack Overflow and Fl networking devices results from a stack-based buffer overflow in the file installation workflow that can be triggered by high-privileged attackers through oversized POST parameters. An authenticated attacker with elevated privileges can crash the affected service by exploiting this memory corruption vulnerability. No patch is currently available for the impacted products.

Buffer Overflow Stack Overflow Fl Switch 2516 +70
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 4.9) that allows a high-privileged attacker. Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2708 +70
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Buffer Overflow Stack Overflow Fl Switch 2207 Fx Sm +70
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Stack-based buffer overflow in Wazuh manager versions 3.9.0 through 4.14.3 allows remote attackers with high privileges to crash the `wazuh-analysisd` service via malformed JSON events, resulting in denial of service. The vulnerability stems from unsafe use of sprintf with floating-point format specifiers in the Security Configuration Assessment decoder, and may potentially enable remote code execution on affected Wazuh installations.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Stack-based buffer overflow in Wazuh 4.4.0 through 4.14.2 allows authenticated remote attackers with high privileges to trigger an integer underflow in the database synchronization module, causing denial of service or potential code execution. The vulnerability exists in SQL query construction logic within wdb_delta_event.c where improper size calculations on buffers exceeding 2048 bytes can corrupt the stack. A patch is available in version 4.14.3.

Denial Of Service Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack Overflow's infrastructure contains a stack-based buffer overflow in a virtual configuration function that can be exploited remotely by authenticated attackers to achieve complete system compromise. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. An attacker with valid credentials can manipulate input to the vulnerable endpoint and execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow Bl Wr9000
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link NAS devices (DNS-120, DNR-202L, DNS-315L, DNS-320 series, DNS-326, DNS-1100-4, and others) through the UPnP_AV_Server_Path_Setting function in /cgi-bin/app_mgr.cgi allows authenticated remote attackers to achieve complete system compromise with high integrity, confidentiality, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available.

Buffer Overflow D-Link Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS storage appliances (DNS-120, DNS-340L, DNS-1200-05 and others) through the /cgi-bin/gui_mgr.cgi endpoint allows remote authenticated attackers to achieve code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected firmware versions are dated up to February 5, 2026.

Stack Overflow Buffer Overflow D-Link +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS NAS devices (DNS-120 through DNS-1550-04) allows authenticated attackers to achieve remote code execution via the Downloads_Schedule_Info function in /cgi-bin/download_mgr.cgi. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.

D-Link Buffer Overflow Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DNS and DNR network storage devices allows authenticated remote attackers to execute arbitrary code by manipulating the f_idx parameter in the local_backup_mgr.cgi endpoint. Public exploit code exists for this vulnerability, which affects multiple device models up to firmware version 20260205 with no patch currently available. An attacker with valid credentials can trigger memory corruption to achieve complete system compromise including code execution, data theft, and service disruption.

D-Link Buffer Overflow Stack Overflow +20
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in D-Link DIR-619L 2.06B01 results from a stack-based buffer overflow in the formSchedule function when the curTime parameter is manipulated via the /goform/formSchedule endpoint. An authenticated remote attacker can exploit this vulnerability to achieve full system compromise, and public exploit code is currently available. This vulnerability affects only end-of-life devices that no longer receive security updates.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Stack-based buffer overflow vulnerability in GPAC's MP4Box component, specifically in the swf_def_bits_jpeg function of src/scene_manager/swf_parse.c, affecting versions up to 2.5-DEV-rev2167. An authenticated attacker can exploit this remotely by manipulating the szName argument to cause a stack overflow, resulting in information disclosure, data modification, or denial of service. A public proof-of-concept exists, and a vendor patch is available; exploitation requires valid credentials (CVSS 6.3 with authenticated access requirement).

Stack Overflow Buffer Overflow Gpac
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available on GitHub, making this vulnerability actively exploitable. However, D-Link no longer supports this product, meaning no patch will be released.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in D-Link DIR-816 router firmware version 1.10CNB05, affecting the wireless configuration interface (/goform/form2WlanBasicSetup.cgi). A publicly available proof-of-concept exploit exists, allowing remote attackers without authentication to achieve complete system compromise. The vulnerability affects end-of-life products no longer supported by D-Link, making patches unlikely.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (version 1.10CNB05) that allows remote attackers to achieve full system compromise without authentication. A public proof-of-concept exploit is available on GitHub, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 8.9
HIGH POC This Week

Critical stack-based buffer overflow vulnerability in the D-Link DIR-816 router (firmware version 1.10CNB05) that allows remote attackers to execute arbitrary code without authentication. A public proof-of-concept exploit is available, and the vulnerability affects end-of-life products no longer supported by D-Link, making this a high-risk issue for organizations still using these devices.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow vulnerability in TRENDnet TEW-632BRP firmware version 1.010B32, specifically in the ping_response.cgi file's HTTP POST request handler. An authenticated attacker with high privileges can exploit this vulnerability remotely to achieve code execution with high impact to confidentiality, integrity, and availability. A public proof-of-concept exploit is available on GitHub, though the vulnerability is not listed in CISA KEV and no EPSS score is provided.

Buffer Overflow Stack Overflow Tew 632brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution via stack-based buffer overflow in Belkin F9K1122 router firmware allows authenticated attackers to achieve complete system compromise through the /goform/formReboot endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The high CVSS score of 8.8 reflects the severity of unauthenticated remote exploitation potential in networked deployments.

Buffer Overflow Stack Overflow F9k1122
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Stack overflow vulnerability in PX4 autopilot drone flight control software (versions prior to 1.17.0-rc2) where the Zenoh uORB subscriber fails to validate incoming payload sizes, allowing remote attackers to crash the Zenoh bridge task. No active exploitation (not in KEV), no known POC, and the local attack vector (CVSS AV:L) limits real-world impact despite the high 7.8 CVSS score.

Buffer Overflow Stack Overflow Px4 Autopilot
NVD GitHub VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain an unbounded memcpy vulnerability in the tattu_can module that allows stack memory corruption when processing specially crafted CAN frames. An attacker with CAN bus injection capability can trigger denial of service or memory corruption in drone systems where tattu_can is enabled, potentially compromising flight safety and system stability.

Buffer Overflow Stack Overflow Px4 Autopilot
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain a stack overflow vulnerability in the BST telemetry probe driver that allows a malicious BST device to trigger a buffer overflow by reporting an oversized dev_name_len parameter without bounds checking. An attacker with physical access to inject a malicious BST device can crash the autopilot task or potentially achieve arbitrary code execution, impacting drone flight safety and control systems. No active KEV exploitation data or public POC is currently documented, but the vulnerability is patched in version 1.17.0-rc2.

RCE Stack Overflow Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in GStreamer's H.266 codec parser that allows remote code execution when processing malicious video files. The vulnerability affects all versions of GStreamer (CPE shows wildcard versioning) and requires user interaction to trigger, such as opening a malicious media file. No active exploitation (not in KEV) or public PoC has been reported, with EPSS data unavailable.

Buffer Overflow RCE Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack overflow in HMS Networks Ewon Flexy/Cosy+ firmware.

RCE Buffer Overflow Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by stack-based buffer overflow (CVSS 6.7).

Stack Overflow Buffer Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Illustrator 29.8.4 and 30.1 through a stack-based buffer overflow when processing malicious files. Local exploitation requires user interaction to open a crafted document, executing code with the privileges of the current user. No patch is currently available for affected versions.

Adobe Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by stack-based buffer overflow (CVSS 5.5).

Stack Overflow Buffer Overflow Iccdev
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Remote code execution in Fortinet FortiWeb versions 7.0 through 8.0.3 stems from a stack-based buffer overflow that authenticated attackers can exploit by sending crafted HTTP requests, provided they can bypass stack protection and ASLR mechanisms. Successful exploitation allows attackers to execute arbitrary code with the privileges of the vulnerable application. No patch is currently available for this medium-severity vulnerability affecting multiple FortiWeb releases.

Fortinet Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Uderzo Software SpaceSniffer v.2.0.5.18 results from a buffer overflow vulnerability triggered by processing malicious .sns snapshot files. An attacker with local access can craft a specially formatted file to achieve code execution with high privileges. No patch is currently available for this vulnerability.

Buffer Overflow RCE Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH Act Now

Insufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting local attackers to execute arbitrary code or trigger denial of service. The vulnerability affects all versions below the patched release, with no currently available remediation for deployed systems. Attackers with local access can leverage malformed input to corrupt the stack and gain code execution privileges.

Stack Overflow Denial Of Service RCE +2
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Arbitrary code execution in Fortinet FortiWeb 7.0.2 through 8.0.2 stems from a stack-based buffer overflow triggered by crafted HTTP requests from authenticated attackers who can bypass stack protection mechanisms. The vulnerability affects multiple FortiWeb versions and requires high privileges and specific conditions to exploit, though no patch is currently available. An authenticated attacker with sufficient privileges could leverage this flaw to execute arbitrary commands on affected systems.

Fortinet Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. [CVSS 8.1 HIGH]

Fortinet Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

Buffer Overflow Stack Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated remote attackers to achieve complete system compromise through a malformed page parameter in the /goform/P2pListFilter endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk of code execution and data theft.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise. [CVSS 8.8 HIGH]

Buffer Overflow Stack Overflow Universal Bacnet Router Firmware
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows authenticated attackers to achieve remote code execution through a malicious page parameter in the /goform/DhcpListClient endpoint. Public exploit code is available and the vulnerability remains unpatched, creating significant risk for deployed devices. This affects both the Tenda FH1202 router and Stack Overflow services with high severity impact on confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve complete system compromise through manipulation of the page parameter in the /goform/NatStaticSetting function. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires valid credentials but can be exploited over the network with no user interaction.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve full system compromise through manipulation of the webSiteId parameter in the /goform/webtypelibrary function. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the potential for complete confidentiality, integrity, and availability impact.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in Atop Technologies EHG2408-series industrial Ethernet switches (including the EHG2408 and EHG2408-2SFP firmware) allows unauthenticated attackers to hijack the device's execution flow via a stack-based buffer overflow and run arbitrary code. The flaw was reported through Taiwan's CERT (TWCERT) and carries a CVSS 4.0 base score of 9.3, reflecting fully unauthenticated network exploitation with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS score is low (0.14%, 34th percentile), suggesting exploitation has not yet been observed at scale.

Buffer Overflow Stack Overflow Atop Ehg2408 2sfp Firmware +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote attackers with low privileges to execute arbitrary code through crafted mit_ssid parameters sent to the AdvSetWrlsafeset function. Public exploit code exists for this vulnerability and no patch is currently available. The attack requires network access but no user interaction, making it readily exploitable in affected deployments.

Buffer Overflow Stack Overflow Fh1202 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda i3 1.0.0.6(2204) firmware allows unauthenticated attackers to achieve full system compromise through a stack-based buffer overflow in the WifiMacFilterSet function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring immediate mitigation through network segmentation or device isolation.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda i3 firmware versions up to 1.0.0.6(2204) via stack-based buffer overflow in the WiFi MAC filter function allows unauthenticated attackers to achieve full system compromise over the network. Public exploit code exists for this vulnerability and no patch is currently available. The flaw requires only low complexity to exploit and affects the confidentiality, integrity, and availability of affected devices.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve code execution by manipulating the cmdinput parameter in the /goform/exeCommand function. Public exploit code exists for this vulnerability and no patch is currently available, placing affected devices at immediate risk.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of ping parameters in the setAutoPing function. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through a malformed funcpara1 parameter in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Buffer Overflow Stack Overflow I3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in Delta Electronics COMMGR2 communication management software. ICS vulnerability enabling remote code execution on industrial communication gateways.

Industrial Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware 1.0.0.3 allows remote attackers with valid credentials to achieve unauthenticated code execution through a malformed GO parameter in the WrlclientSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations using vulnerable F453 devices should implement network segmentation and access controls to mitigate exploitation risk.

Golang Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows authenticated remote attackers to achieve complete system compromise through a malformed GO parameter in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face high risk of unauthorized code execution, data theft, and service disruption.

Golang Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware allows unauthenticated remote attackers to execute arbitrary code through the cmdinput parameter in the /goform/exeCommand function, with public exploit code already available. The vulnerability affects F453 firmware version 1.0.0.3 and has a CVSS score of 8.8, enabling complete compromise of affected devices without requiring user interaction. No patch is currently available.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda F453 firmware versions 1.0.0.3 and 3.As via stack-based buffer overflow in the PPTP client configuration endpoint allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 firmware versions 1.0.0.3/1.1f allows authenticated remote attackers to execute arbitrary code through malformed funcname/funcpara1 parameters in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise potential of affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated attackers to achieve remote code execution through improper input validation in the QuickIndex handler. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at significant risk of compromise.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system compromise through a malicious page parameter in the webExcptypemanFilter function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, making it a significant risk for affected devices.

Buffer Overflow Stack Overflow F453 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Wavlink WL-WN579X3-C firmware through stack-based buffer overflow in the firewall.cgi module allows unauthenticated attackers to achieve complete system compromise via manipulation of the del_flag parameter. Public exploit code exists for this vulnerability, and no patch is currently available despite vendor notification. Affected users should immediately restrict network access to the affected device until a firmware update becomes available.

Buffer Overflow Stack Overflow Wl Wn579x3 C Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the QuickIndex function allows unauthenticated attackers to execute arbitrary code by sending crafted requests with oversized PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and affects firmware version 1.0.0.9 and potentially other versions.

Buffer Overflow Stack Overflow F451 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the WAN configuration endpoint allows unauthenticated attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available. Stack Overflow products are also reported as affected.

Buffer Overflow Stack Overflow Fh451 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow in Tenda FH451 firmware's setcfm function allows authenticated remote attackers to achieve complete system compromise through malicious funcname or funcpara1 parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 1.0.0.9 and enables remote code execution with high impact to confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Fh451 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server processes by submitting HTTP POST requests with maliciously crafted RFC 5987 filename* parameters that trigger catastrophic backtracking in the regex parser. The vulnerability exploits the recursive stack-based implementation of libstdc++'s regex engine, causing uncontrolled stack growth and stack overflow. Public exploit code exists for this vulnerability.

Stack Overflow Denial Of Service Cpp Httplib +2
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

Stack-based buffer overflow in Wavlink WL-NU516U1 firmware's login.cgi allows remote attackers with high privileges to achieve complete system compromise through a malformed ipaddr parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables unauthenticated remote code execution with full read, write, and execution capabilities on affected devices.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Authenticated users can trigger a stack-based buffer overflow in SonicOS certificate handling to cause denial of service against Sonicos firewalls. The vulnerability requires administrative privileges to exploit and results in firewall crashes rather than code execution. No patch is currently available.

Buffer Overflow Stack Overflow Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. [CVSS 7.5 HIGH]

RCE Stack Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]

Stack Overflow Ac6 Firmware Tenda
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Tenda AC15 firmware versions up to 15.13.07.13 via a stack-based buffer overflow in the /goform/TextEditingConversion endpoint allows unauthenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for deployed devices. An attacker can exploit this remotely with minimal complexity by manipulating the wpapsk_crypto2_4g parameter.

Buffer Overflow Stack Overflow Ac15 Firmware
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in ThinkWise by SimTech Systems allows unauthenticated remote code execution via crafted network input.

Buffer Overflow Stack Overflow Thinkwise
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes...

Buffer Overflow Stack Overflow Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the preserveOrder option enabled, causing the application to crash. An attacker can trigger this vulnerability remotely by sending specially crafted XML input, resulting in service unavailability for applications using the affected library. A patch is available in version 5.3.8 and later.

Stack Overflow Denial Of Service Fast Xml Parser +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

SonicOS management interface suffers from stack-based buffer overflow flaws in an API endpoint that allow authenticated administrators to trigger denial of service conditions through improper input validation. The vulnerability affects Stack Overflow and Sonicos products but currently lacks an available patch, leaving deployed systems exposed to authenticated attack vectors with no mitigation path.

Buffer Overflow Stack Overflow Sonicos
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. # Magick fails to check for circular references between two MSLs, leading to a stack overflow.

Stack Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Stack buffer overflow in ImageMagick's MSL (Magick Scripting Language) parser allows remote attackers to corrupt memory and potentially execute arbitrary code by supplying an MSL document with an oversized attribute value processed by msl.c. All ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected, as well as Magick.NET bindings below 14.10.3. No public exploit identified at time of analysis and EPSS is very low (0.06%, 17th percentile), but the CVSS 9.8 reflects the worst-case unauthenticated RCE potential against any service that parses attacker-controlled MSL input.

Buffer Overflow Imagemagick Stack Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. No patch is currently available for this HIGH severity issue (CVSS 7.4).

Buffer Overflow Stack Overflow Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Tenda AC8 firmware versions up to 16.03.34.06 allows authenticated attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP upload handler. Public exploit code exists for this vulnerability, which has no patch available. An attacker with valid credentials can trigger the overflow by manipulating the boundary parameter in multipart upload requests.

Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. [CVSS 7.3 HIGH]

Stack Overflow Libtiff Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Fh1203 Firmware +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 1.01.07 firmware's scheduled reboot configuration endpoint allows authenticated remote attackers to achieve full system compromise through the submit-url parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires valid credentials but has a high attack surface due to network accessibility and the severity of potential impacts including code execution and data exfiltration.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware through a stack buffer overflow in the VPN configuration endpoint allows authenticated attackers to execute arbitrary code by manipulating the submit-url parameter. The vulnerability affects firmware version 1.01.07 and public exploit code exists, though no patch is currently available.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the /boafrm/formDhcpv6s function. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) allows authenticated attackers to achieve remote code execution via a malicious URL parameter in the /boafrm/formNewSchedule function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction, posing a significant risk to affected devices.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in D-Link DWR-M960 firmware 1.01.07 via stack-based buffer overflow in the /boafrm/formWsc endpoint allows authenticated attackers to achieve full system compromise through manipulation of the save_apply parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
Prev Page 6 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy