Skip to main content

Stack-based Buffer Overflow

memory HIGH

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold.

How It Works

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold. The stack stores local variables, function parameters, and critical control information including the return address that tells the CPU where to resume execution after a function completes. When an attacker overflows a buffer, they can overwrite adjacent memory, including this return address.

The classic exploitation path involves carefully crafting input to overwrite the return address with a pointer to attacker-controlled code. Historically, attackers would inject shellcode directly into the overflowed buffer, then redirect execution to it. Modern defenses like Data Execution Prevention (DEP/NX) mark the stack as non-executable, forcing attackers to use Return-Oriented Programming (ROP) instead—chaining together existing code snippets ("gadgets") to perform malicious operations without injecting new code.

Address Space Layout Randomization (ASLR) randomizes memory addresses to make exploitation harder, but attackers can defeat it through information disclosure vulnerabilities that leak memory addresses. Stack canaries—random values placed between buffers and control data—can detect overwrites, but may be bypassed through brute-force attacks or by carefully avoiding them in partial overwrites.

Impact

  • Arbitrary code execution at the privilege level of the vulnerable process
  • Complete system compromise if the vulnerable process runs with elevated privileges (root/SYSTEM)
  • Memory corruption leading to crashes and denial of service
  • Bypass of authentication mechanisms by redirecting execution flow around security checks
  • Data theft or modification through code injection that accesses sensitive memory regions

Real-World Examples

The Morris Worm (1988) exploited a stack overflow in the Unix fingerd daemon, becoming one of the first major internet worms. The Code Red worm (2001) leveraged a stack overflow in Microsoft IIS (CVE-2001-0500) to compromise hundreds of thousands of web servers, demonstrating the massive scale of automated exploitation.

More recently, EternalBlue exploited stack corruption in Windows SMB (CVE-2017-0144), enabling the WannaCry and NotPetya ransomware outbreaks that caused billions in damage. The Heartbleed bug (CVE-2014-0160), while technically a heap-based read overflow, demonstrated how buffer handling errors remain prevalent even in security-critical software like OpenSSL.

Mitigation

  • Stack canaries (compile with -fstack-protector-all or equivalent) to detect overwrites before return
  • Address Space Layout Randomization (ASLR) to randomize memory locations
  • DEP/NX bit enforcement to prevent code execution from stack memory
  • Memory-safe string functions (use strncpy, snprintf, strlcpy instead of strcpy, sprintf, gets)
  • Compiler hardening flags (-D_FORTIFY_SOURCE=2, control-flow integrity)
  • Input validation with strict bounds checking on all externally-supplied data
  • Memory-safe languages (Rust, Go) for new development to eliminate the vulnerability class entirely

Recent CVEs (2221)

EPSS 0% CVSS 9.2
CRITICAL POC PATCH Act Now

Remote code execution in Poly Voice products on Linux is possible through a stack-based buffer overflow reachable when administrators enable Interactive Connectivity Establishment (ICE). Unauthenticated network attackers can trigger the flaw without user interaction, and no public exploit has been identified at time of analysis. HP rates the issue at CVSS 4.0 9.2 (Critical), driven by network reachability and full confidentiality, integrity, and availability impact.

Buffer Overflow RCE Stack Overflow
NVD
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link DI-8400 routers through firmware 16.07.26A1 allows authenticated remote attackers to corrupt memory by manipulating the 'str' parameter in /dbsrv.asp, potentially achieving code execution on the device. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges per the CVSS 4.0 vector. The original researcher advisory notes contradictory parameter names, introducing some uncertainty about the exact trigger field.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers to corrupt memory in the embedded HTTP daemon by supplying a crafted Time argument to the set_local_time_0 function in /bin/httpd. Publicly available exploit code exists, and the CVSS 4.0 base score of 7.4 reflects high impact to confidentiality, integrity, and availability with low-privilege network access. No CISA KEV listing or EPSS score is provided, so widespread opportunistic exploitation is not confirmed at this time.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote authenticated attackers to corrupt memory in the embedded HTTP daemon by supplying an oversized wifiMacFilterSet.macList.mac parameter to the cgiWifiMacFilterSet handler in /bin/httpd. Publicly available exploit code exists, raising the practical risk of device compromise, denial of service, or potential code execution on affected access points, though no CISA KEV listing or active exploitation has been confirmed.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows authenticated remote attackers to corrupt memory in the embedded HTTP daemon via the 'sec' parameter of the cgiSysTimeInfoSet handler. Publicly available exploit code exists for this issue, raising the practical risk for exposed management interfaces despite no public exploit identified at time of analysis in the CISA KEV catalog.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers with low privileges to corrupt memory via the staMac parameter processed by the cgistaKickOff function in /bin/httpd. Publicly available exploit code exists (hosted at cdn2.v50to.cc), elevating practical risk despite no current CISA KEV listing. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact achievable over the network against this enterprise wireless access point.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
EPSS 0% CVSS 8.9
HIGH POC This Week

Stack-based buffer overflow in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote attackers to corrupt memory via the KeyStr argument processed by the setWiFiBasicConfig function in wireless.so, reachable through the Web Management Interface. Publicly available exploit code exists, and the CVSS 4.0 vector indicates network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability. No CISA KEV listing has been published, so exploitation is not confirmed in the wild despite the public PoC.

Buffer Overflow Stack Overflow N300Rh
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router allows remote attackers with low privileges to corrupt memory via the enrollee parameter in the formWlanSetup handler at /goform/formWlanSetup. Publicly available exploit code exists, and the vendor has explicitly declined to patch because the device reached end-of-life in 2009. No CISA KEV listing is present, but the combination of public PoC, network-reachable attack surface, and permanent unpatched status makes any internet-exposed unit a standing risk.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows remote authenticated attackers to corrupt memory via a crafted submit-url argument to the formSysCmd handler at /goform/formSysCmd. Publicly available exploit code exists per VulDB submission and a GitHub PoC, while the device has been end-of-life since 2009 and the vendor has explicitly stated they will not issue a fix. No CISA KEV listing or EPSS score was provided, but the combination of public PoC and abandoned product status makes any exposed device a concrete target.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax BR-6478AC 1.23 wireless router enables authenticated remote attackers to corrupt memory by sending a crafted pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists (published via VulDB and a Notion writeup), elevating this from a theoretical issue to a practical threat, though no CISA KEV listing or active exploitation has been confirmed. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device itself, with exploitation requiring only low-level authentication.

Buffer Overflow Stack Overflow Br 6478Ac
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the webpage parameter in the formSetPassword handler at /goform/formSetPassword, with publicly available exploit code increasing risk. The vendor has formally declined to patch this end-of-life device (EOL since 2009), making any deployment permanently vulnerable. CVSS 4.0 rates this 7.4 (High) with proven exploit maturity, though no CISA KEV listing exists at this time.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the status_statistic parameter in the /goform/formResetStatistic endpoint, potentially leading to code execution or device compromise. Publicly available exploit code exists on GitHub, and the vendor has confirmed the product is end-of-life (EOL since 2009) and will not be patched. No CISA KEV listing or EPSS data is provided in the input, so widespread exploitation status is unconfirmed.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory via the start_wizard parameter in the /goform/formSetEnableWizard endpoint. Publicly available exploit code exists, and the vendor has confirmed they will not issue a fix because the device has been end-of-life since 2009. EPSS data was not provided, and the CVE is not listed in CISA KEV, but the combination of trivial exploitability and no forthcoming patch makes this a permanent risk for any still-deployed units.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the current_page parameter handled by the formSysLog function at /goform/formSysLog, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix because the product has been end-of-life since 2009. Affected deployments are unsupported legacy hardware with no remediation path other than replacement.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP 3.10B20 wireless router's web interface allows authenticated remote attackers to corrupt memory by sending a crafted server_name parameter to the formPortFw handler at /goform/formPortFw, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly refused to issue a fix because the product has been end-of-life since 2009.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt memory in the ripd daemon via the rip_zebra_read_ipv4 function in the Zserv Handler component. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - so no vendor patch will be released. CVSS 4.0 score of 7.4 reflects network attack vector with low complexity but requires low-privilege access (PR:L) per the vector.

Buffer Overflow Stack Overflow Tomato
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the formSetDomainFilter handler at /goform/formSetDomainFilter by manipulating the blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list parameters. Publicly available exploit code exists, and the vendor has stated the device has been end-of-life since 2009 and will not receive a fix, leaving any internet-exposed unit permanently vulnerable. No CISA KEV listing or EPSS data was provided, but the combination of public PoC and abandoned hardware materially elevates real-world risk.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 routers allows authenticated remote attackers to corrupt memory and likely execute arbitrary code by sending a crafted protocol_name argument to the formSetProtocolFilter handler at /goform/formSetProtocolFilter. Publicly available exploit code exists on GitHub, and the vendor has confirmed the device has been end-of-life since 2009 and will not receive a fix, leaving deployed units permanently vulnerable.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows remote authenticated attackers to corrupt memory and likely execute arbitrary code by sending crafted keyword_list or keyword parameters to the /goform/formSetUrlFilter endpoint. Publicly available exploit code exists on GitHub, and the vendor has explicitly refused to issue a fix because the device has been end-of-life since 2009. No CISA KEV listing at this time, but the combination of public PoC, network reachability, and unpatched status makes any internet-exposed device a standing target.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows remote authenticated attackers to corrupt memory by manipulating the firewall_name parameter sent to /goform/formSetFirewallRule, potentially leading to arbitrary code execution on the device. Publicly available exploit code exists for this issue, and because the product has been end-of-life since 2009 the vendor has explicitly refused to release a fix, leaving any still-deployed devices permanently vulnerable.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the filter_name parameter of the formSetMACFilter handler at /goform/formSetMACFilter, potentially leading to arbitrary code execution or device compromise. Publicly available exploit code exists (published via GitHub), and the vendor has explicitly stated they will not patch because the device reached end-of-life in 2009. Despite a CVSS 4.0 score of 7.4, no CISA KEV listing or EPSS data is provided in the source intelligence.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows authenticated remote attackers to corrupt memory via the peerPin parameter handled by the formWPS function in /goform/formWPS, potentially leading to arbitrary code execution or device crash. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix as the device has been end-of-life since 2009. No CISA KEV listing or EPSS score is provided, but the combination of public POC and unpatchable status materially elevates real-world risk for any device still deployed.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP router firmware 3.10B20 allows authenticated remote attackers to corrupt memory by sending crafted ip, mask, or gateway parameters to the formSetRoute handler at /goform/formSetRoute, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), and because the product has been end-of-life since 2009 the vendor has explicitly declined to issue a fix. No active exploitation has been confirmed via CISA KEV at time of analysis.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 1.0
LOW PATCH Monitor

Stack and heap buffer overruns in OpenSC's pkcs15-init tooling corrupt memory when processing a maliciously crafted PKCS#15 profile configuration file. Affected versions prior to 0.27.0 contain no length validation in the do_key_value() function before a memcpy into the fixed-size keybuf buffer, allowing overflow when a key value entry begins with '=' and exceeds sizeof(keybuf) bytes. Exploitation is severely constrained by a CVSS 4.0 score of 1.0 - physical access, high attack complexity, and user interaction are all required - and no public exploit or CISA KEV listing exists at time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
EPSS 0% CVSS 1.0
LOW PATCH Monitor

Stack buffer overflow in OpenSC's PIV card handler allows a physically present attacker to corrupt memory by presenting a crafted PIV smart card or USB device that returns a URL field exceeding 118 bytes in the Key History Object ASN.1 response, triggering the overflow in `piv_process_history()` within `src/libopensc/card-piv.c`. All OpenSC versions prior to 0.27.0-rc1 are affected; the vulnerability is confirmed by the vendor fix in commit 3f24f0b and PR #3558. With a CVSS 4.0 score of 1.0 (AV:P/AC:H/UI:P), exploitation is severely constrained by mandatory physical access and high attack complexity, with no CISA KEV listing and no public exploit identified at time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH Act Now

Stack-based buffer overflow in the XCharge C6 charging controller's signal-processing logic enables an attacker with physical access to the charging interface to corrupt memory by sending oversized message fields, potentially gaining code execution with elevated privileges. Reported through CISA's ICS-CERT under advisory ICSA-26-148-08, the flaw carries a CVSS 4.0 score of 8.6 driven by high impact to confidentiality, integrity, and availability of both the vulnerable component and adjacent subsystems. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Stack Overflow C6
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service via stack buffer overflow in CryptX (Perl cryptography module) versions before 0.088_001 affects four AEAD decryption helpers that copy attacker-controlled authentication tags into a fixed 144-byte stack buffer without bounds checking. Remote attackers can crash any Perl application that passes untrusted tags to gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, or eax_decrypt_verify, resulting in process termination. No public exploit identified at time of analysis, and EPSS scoring (0.04%, 13th percentile) reflects low expected exploitation activity despite the network attack vector.

Buffer Overflow Stack Overflow Cryptx +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in WOSDefaultHttpModule.dll, which fails to bounds-check overly long URL paths beginning with /woshome. Because the flaw is reachable over the network with no authentication and no user interaction (CVSS 9.8), an attacker who can reach the Triofox web service can corrupt the stack and potentially execute arbitrary code in the context of the web module. No public exploit has been identified at the time of analysis, and the issue was reported by Tenable (TRA-2026-45).

Stack Overflow Buffer Overflow Triofox
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in the WOSDeviceDropFolder.dll component, which mishandles overly long URL paths that begin with /resources. The CVSS 9.8 vector indicates an unauthenticated, network-reachable flaw requiring no user interaction, meaning any attacker who can reach the Triofox web service can corrupt the stack and potentially execute arbitrary code. The issue was reported by Tenable (TRA-2026-45); no public exploit identified at time of analysis and no EPSS score was provided in the source data.

Stack Overflow Buffer Overflow Triofox
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1) arises from a stack-based buffer overflow in the asperahttpd component. An authenticated user with network access can corrupt memory in this HTTP handling component to run code in the context of the service, fully compromising confidentiality, integrity, and availability (CVSS 8.8). No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; EPSS data was not provided.

RCE Stack Overflow IBM +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in Tasmota firmware version 15.3.0.3 and earlier allows remote unauthenticated attackers to trigger a stack-based buffer overflow in the fetch_jpg() function of the xdrv_10_scripter.ino scripting driver. The flaw is exposed over the network with low complexity and no privileges required (CVSS 7.3 AV:N/AC:L/PR:N/UI:N), and a public proof-of-concept repository has been registered, though no public exploit code was identified in the references at time of analysis. EPSS probability is very low (0.05%, 15th percentile) and the issue is not listed in CISA KEV.

Buffer Overflow RCE Stack Overflow
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Arbitrary code execution in GDAL 3.1.0 through 3.13.0 is reachable through the netCDF driver, where scanForGeometryContainers (frmts/netcdf/netcdfsg.cpp) copies a CF-convention geometry attribute into a fixed-size stack buffer without checking its length. Any service or workflow that feeds attacker-supplied NetCDF files to GDAL can be coerced into overflowing the stack and running attacker code in the process context. No public exploit is identified at time of analysis and EPSS is just 0.01% (3rd percentile), yet the issue carries a CVSS of 7.4 because the outcome is full remote code execution on the host.

RCE Stack Overflow Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low-privilege credentials to corrupt memory via a crafted submit-url parameter sent to the formSDHCP handler at /goform/formSDHCP. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), but EPSS is only 0.04% and the vendor has not responded to coordinated disclosure, leaving the device unpatched.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated attackers to corrupt memory by submitting an oversized 'submit-url' argument to the formStats handler at /goform/formStats. Publicly available exploit code exists (VulDB-published PoC on GitHub), though EPSS estimates exploitation probability at only 0.04%. The vendor was notified but has not responded, leaving deployed devices without an official fix.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 Wi-Fi range extender allows remote attackers with low privileges to corrupt memory via the submit-url parameter handled by the formrefresh function at /goform/formrefresh. Publicly available exploit code exists per VulDB, though EPSS scoring (0.04%) suggests limited mass exploitation activity, and the vendor has not responded to the disclosure, leaving devices without an official fix.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows authenticated remote attackers to corrupt memory via the submit-url parameter of the formLogout handler at /goform/formLogout. Publicly available exploit code exists per VulDB disclosure, and the vendor failed to respond to coordinated disclosure, leaving the device unpatched. EPSS probability is currently very low (0.04%, 13th percentile), but the device class - consumer SOHO networking gear - is a recurring target for botnet recruitment.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender allows remote authenticated attackers to corrupt memory by submitting an oversized submit-url parameter to the formLicence handler at /goform/formLicence. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, leaving deployed devices without a fix. EPSS exploitation probability remains low (0.04%, 13th percentile) despite the public POC, indicating limited but credible risk for exposed devices.

Buffer Overflow Stack Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender enables remote low-privileged attackers to compromise the device by supplying an oversized submit-url argument to the /goform/formWpsProxyEnable web management endpoint. Exploitation achieves full confidentiality, integrity, and availability impact on the device per CVSS VC:H/VI:H/VA:H, and a public proof-of-concept is available on GitHub. No vendor patch exists - Edimax did not respond to coordinated disclosure - though EPSS remains low at 0.04% (13th percentile) and the vulnerability is not listed in CISA KEV, suggesting limited observed exploitation despite the available POC.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn Wi-Fi range extender (firmware 1.31) allows remote authenticated attackers to corrupt memory by sending an oversized submit-url parameter to the formRadius handler at /goform/formRadius. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure attempts, leaving the device without a confirmed fix. EPSS probability is currently low (0.04%), but the combination of a public PoC, total technical impact, and unpatched status warrants urgent attention for any deployed units.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 range extenders allows authenticated remote attackers to corrupt memory by sending a crafted submit-url parameter to the formAccept handler at /goform/formAccept. Publicly available exploit code exists (VulDB-disclosed, with a PoC published on GitHub), but EPSS rates real-world exploitation probability at only 0.04% (13th percentile) and the vendor has not responded to disclosure, leaving the device permanently exposed.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privileges to corrupt memory by sending crafted max_Conn or timeOut parameters to /goform/formConnectionSetting. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving deployed devices unpatched. EPSS probability is low (0.04%), but the combination of public POC, network reachability, and full CIA impact warrants prompt action on exposed devices.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the opttype parameter in the fromPptpUserAdd function at /goform/PptpUserAdd, enabling potential arbitrary code execution with total impact on confidentiality, integrity, and availability. Publicly available exploit code exists (VulDB-referenced PoC on GitHub), though EPSS rates exploitation probability low at 0.05% and the issue is not on CISA KEV.

Tenda Stack Overflow Buffer Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'dips' parameter to the formGstDhcpSetSer handler at /goform/GstDhcpSetSer. Publicly available exploit code exists (published via VulDB/GitHub), though EPSS rates real-world exploitation probability very low at 0.05%, and the issue is not listed in CISA KEV.

Tenda Stack Overflow Buffer Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'delno' parameter to the /goform/WrlExtraSet endpoint handled by the formWrlExtraSet function. Publicly available exploit code exists, though EPSS predicts only a 0.05% exploitation probability (14th percentile), and SSVC classifies the technical impact as total despite the attack not being automatable.

Tenda Stack Overflow Buffer Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the delno parameter of the /goform/PPTPUserSetting endpoint handled by fromPPTPUserSetting. Publicly available exploit code exists per VulDB disclosure, though EPSS rates the exploitation probability at only 0.05% (14th percentile) and no public exploit identified at time of analysis appears in CISA KEV. Successful exploitation can compromise confidentiality, integrity, and availability of the device.

Tenda Stack Overflow Buffer Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Edimax EW-7438RPn 1.31 wireless range extenders allows remote authenticated attackers to corrupt memory by manipulating the selSSID or submit-url parameters in the formWlSiteSurvey handler (/goform/formWlSiteSurvey) of the embedded web server. Publicly available exploit code exists and the vendor did not respond to disclosure attempts, leaving the device without a confirmed patch. EPSS rates exploitation probability low at 0.04%, but the combination of public PoC and unresponsive vendor makes exposed devices a concrete risk.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 wireless range extender allows remote attackers with low privileges to corrupt memory and likely achieve code execution by manipulating multiple parameters (Anntena, Mcs, regDomain, nic0Addr/nic1Addr/wlanAddr/wanAddr, wlanSSID, wlanChan, initgain, txcck, txofdm, submit-url) sent to the formHwSet handler at /goform/formHwSet. Publicly available exploit code exists on GitHub, but EPSS rates real-world exploitation probability at only 0.04% (13th percentile) and the issue is not in CISA KEV. The vendor was contacted by the researcher but never responded, leaving the device unpatched.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax EW-7438RPn 1.31 range extender's formWlanMP handler (/goform/formWlanMP) allows remote authenticated attackers to corrupt memory and potentially achieve arbitrary code execution on the device. Publicly available exploit code exists, but EPSS remains low at 0.04% and there is no CISA KEV listing, indicating no confirmed widespread active exploitation. The vendor was contacted but did not respond, leaving the issue unpatched.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code by sending malicious input to the /goform/mp endpoint in the web server component. Public exploit code exists on GitHub, though the vulnerability is not listed in CISA KEV. The vendor failed to respond to responsible disclosure attempts, leaving devices unpatched.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 allows authenticated remote attackers to crash or execute code on the device by sending malicious input to the WPS configuration interface. The vulnerability occurs when processing the pinCode or wlan-url parameters in /goform/formWpsStart, with publicly available exploit code on GitHub demonstrating the attack.

Stack Overflow Buffer Overflow Ew 7438Rpn
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Local privilege escalation in FreeBSD's libcasper(3) library affects FreeBSD 14.3, 14.4, and 15.0 releases prior to specified patch levels, where a missing FD_SETSIZE bounds check enables stack corruption when a low-privileged attacker forces a setuid-root application to allocate file descriptors above 1024. Successful exploitation yields root-equivalent privileges on the local host. No public exploit identified at time of analysis and EPSS scores exploitation probability at just 0.02%, but the issue is confirmed by a FreeBSD security advisory (SA-26:22.libcasper).

Stack Overflow Buffer Overflow Freebsd
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system.

Stack Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Stack buffer overflow in Netatalk's desktop.c affects all versions from 1.3 through 4.2.2, allowing a network-reachable low-privilege authenticated attacker to crash the AFP service or potentially execute arbitrary code on the server. The vulnerability is rooted in improper bounds checking within AFP desktop database handling code and carries a CVSS score of 6.0 (Medium) with high availability impact as the most reliably achievable outcome. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the required high attack complexity materially limits real-world exploitation risk.

Stack Overflow Buffer Overflow Suse
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Stack-based buffer overflow in Netatalk versions 2.0.4 through 4.4.2 allows authenticated remote attackers to corrupt memory via UCS-2 type confusion in the convert_charset() function, leading to high-impact compromise of confidentiality, integrity, and availability. The flaw affects Netatalk, the open-source AppleTalk/AFP file server commonly used to share files with macOS clients, and is fixed in version 4.4.3. No public exploit identified at time of analysis, though the high CVSS of 8.8 and low attack complexity warrant prompt patching.

Stack Overflow Buffer Overflow Suse
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Stack-based buffer overflow in libsolv's Debian metadata parser allows remote, unauthenticated attackers to cause a denial of service by serving maliciously crafted Debian repository metadata containing SHA384 or SHA512 checksum tags. The root cause, confirmed by the GitHub PR #616 diff, is a statically allocated 65-byte stack buffer in `ext/repo_deb.c` sized only for SHA256 digests, which is overflowed by the larger SHA384 (96 hex chars) and SHA512 (128 hex chars) values. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; an upstream fix is available as an open pull request.

Debian Denial Of Service Stack Overflow +7
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100

Buffer Overflow RCE Stack Overflow
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Stack-based buffer overflow in lwIP through 2.2.1 enables remote unauthenticated attackers to corrupt stack memory in the SNMPv3 USM handler by sending a crafted msgAuthenticationParameters field to snmp_parse_inbound_frame in src/apps/snmp/snmp_msg.c. The flaw stems from a commented-out length assertion that allowed user-controlled TLV value lengths to exceed SNMP_V3_MAX_AUTH_PARAM_LENGTH during decoding. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation against a library widely embedded in IoT and embedded TCP/IP stacks.

Stack Overflow Buffer Overflow Lwip
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Stack-based buffer overflow in Investintech SlimPDFReader ≤2.0.13 enables remote code execution when victims open malicious PDF files. The vulnerability exists in the sub_3B4610 function of SlimPDFReader.exe and requires no authentication but depends on user interaction (opening crafted PDF). Public exploit code is available via Fraunhofer SIT, significantly lowering attacker barrier. The vendor has discontinued the product with no remediation planned, leaving users with no official patch and requiring migration to alternative PDF readers.

Buffer Overflow Stack Overflow Slimpdfreader
NVD VulDB
EPSS 0% CVSS 2.8
LOW Monitor

Stack overflow in Huawei HarmonyOS media platform allows local authenticated users to cause denial of service through a crafted media file that triggers stack memory exhaustion. The vulnerability requires user interaction and authenticated access (CVSS PR:L), limiting its real-world severity despite affecting availability. No public exploit code or active exploitation has been identified at the time of analysis.

Stack Overflow Buffer Overflow
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Stack buffer overflow in PostgreSQL's refint module allows low-privileged database users to execute arbitrary code as the database operating system user across all supported versions before 14.23, 15.18, 16.14, 17.10, and 18.4. The vulnerability enables two distinct attack paths: direct stack overflow leading to OS-level code execution, and SQL injection when applications expose user-controlled columns configured as refint cascade primary keys. With CVSS 8.8 (AV:N/AC:L/PR:L) and network-based exploitation requiring only low-privilege database credentials, this represents a critical privilege escalation risk for PostgreSQL deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Stack Overflow SQLi Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service attacks against striso-control-firmware commit 54c9722 via buffer overflow in AuxJack function allow unauthenticated network attackers to crash the device. Despite the high CVSS 7.5 severity, impact is limited to availability (no code execution, data theft, or privilege escalation), and the vulnerability affects an unversioned development commit of specialized musical instrument firmware with a narrow user base. No public exploit code or active exploitation indicators identified at time of analysis.

Stack Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service attack against striso-control-firmware commit 54c9722 allows network attackers to crash the device through a buffer overflow in the ThreadReadButtons function, resulting in complete service unavailability. CVSS 7.5 High severity with network attack vector requiring no authentication or user interaction. EPSS and KEV data not available; no public exploit code identified at time of analysis, though technical details disclosed in GitHub issue #5 could facilitate development.

Stack Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial-of-service in F5 BIG-IP allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM) by sending specially crafted UDP requests to virtual servers with classification profiles enabled. The vulnerability affects BIG-IP, BIG-IP Next CNF, and BIG-IP Next for Kubernetes platforms. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE. Vendor-released patch available per F5 advisory K000158038.

Stack Overflow Buffer Overflow Big Ip +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Privilege escalation in F5 BIG-IP allows authenticated administrators to cross security boundaries and achieve elevated system access through a stack buffer overflow. The vulnerability affects all BIG-IP versions and requires high-privilege administrative credentials and direct network access to exploit. No public exploit code or active exploitation has been identified at time of analysis, but a vendor patch is available.

Stack Overflow Buffer Overflow Big Ip
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Remote code execution in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud allows unauthenticated network attackers to execute arbitrary code via stack-based buffer overflow when pop3wallpasswd runs with grdnwww user privileges. Canon Marketing Japan has released patches for both on-premises (versions 1.4.00-2.4.26 affected) and SaaS deployments (pre-April 30, 2026 maintenance). CVSS 9.3 indicates critical severity with network vector and no authentication required, though EPSS score of 0.14% (33rd percentile) suggests limited real-world exploitation probability at time of analysis. SSVC assessment marks this as automatable with total technical impact but no confirmed exploitation.

Stack Overflow RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack whose size is derived from an attacker-controlled HTTP header field (Content-Type: multipart/form-data; boundary=...) without enforcing any length limit. Sending a boundary string longer than ~8000 characters overflows the 8192-byte task stack of the loopTask, causing a crash and potential remote code execution. This vulnerability is fixed in 3.3.8.

Stack Overflow RCE Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Stack Overflow RCE Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.

RCE Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Exploit Unlikely Act Now

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

Stack Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Stack-based buffer overflow in Siemens Solid Edge SE2026 allows arbitrary code execution when users open malicious PAR files. Attackers must deliver a weaponized PAR file and convince the user to open it, after which code executes with user's privileges. All versions prior to V226.0 Update 5 are vulnerable. No active exploitation confirmed (not in CISA KEV), but the attack relies on user interaction with a common CAD file format, making social engineering feasible in engineering/manufacturing environments.

Stack Overflow Buffer Overflow Solid Edge Se2026
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in macOS allows remote unauthenticated attackers to cause system crashes and denial of service without user interaction. Affects macOS Sequoia versions prior to 15.7.7 and macOS Tahoe versions prior to 26.5. Apple has released patches addressing the vulnerability through improved bounds checking. Despite network-based attack vector and low complexity (CVSS 7.5), EPSS score of 0.05% (15th percentile) indicates minimal observed exploitation activity, and CISA SSVC framework confirms no active exploitation detected. Automatable attack path suggests potential for scanning-based campaigns if exploited.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Buffer overflow in Apple operating systems allows local unauthenticated users to cause unexpected system termination or read kernel memory without requiring user interaction. The vulnerability affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions, with exploitation limited to local access. Vendor-released patches are available for all affected platforms, and EPSS scoring of 0.03% indicates exploitation remains unlikely despite the local attack vector.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in Apple's image processing framework across iOS, iPadOS, macOS, tvOS, and watchOS allows remote attackers to cause denial of service through process memory corruption. Despite the CVSS 7.5 (High) rating and network attack vector, the vulnerability is rated low priority with only 2% EPSS exploitation probability (5th percentile), indicating minimal real-world threat activity. Apple has released patches in version 26.5 across all affected platforms. No active exploitation or public proof-of-concept has been identified at time of analysis.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in Apple operating systems allows remote attackers to trigger application denial of service without authentication. Affects iOS/iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS across multiple versions. Vendor-released patches available for all affected platforms. No public exploit identified at time of analysis, with EPSS score of 0.12% (30th percentile) indicating low probability of widespread exploitation attempts. CVSS 7.5 reflects network-accessible unauthenticated attack causing high availability impact but limited to app termination rather than system-wide denial of service.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Stack buffer overflow in ImageMagick display tool prior to versions 7.1.2-21 and 6.9.13-46 allows local attackers to cause denial of service by crafting a malicious MIFF file that triggers memory corruption when a user opens the file and invokes the Load/Update menu via right-click interaction. CVSS score of 5.5 reflects local attack vector and requirement for user interaction, with impact limited to availability (denial of service) rather than code execution.

Stack Overflow Buffer Overflow Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Stack-based buffer overflow in Squirrel up to version 3.2 within the validate_format function of sqstdlib/sqstdstring.cpp allows local authenticated attackers to corrupt stack memory, potentially achieving code execution or denial of service. Public exploit code is available, and the vulnerability has been reported to the project with no vendor response documented at time of analysis.

Stack Overflow Buffer Overflow Squirrel
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in ipTIME A8004T router firmware 14.18.2 enables authenticated remote attackers to achieve complete system compromise via malformed WiFi configuration requests. The vulnerability exists in the formWifiBasicSet function's handling of the security_5g parameter. Public exploit code (GitHub POC) increases exploitation risk, though EPSS data and active exploitation status are not available. Vendor (EFM Networks) has not responded to disclosure or released a patch.

Stack Overflow Buffer Overflow Iptime A8004T
NVD VulDB GitHub
Prev Page 3 of 25 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
2221

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy