253764 matches found
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. id: CVE-2018-10088 info: name: XiongMai uc-httpd 1.0.0 - Buffer Overflow author: 0xAkoko severity: critical description: | Buffer overflow in XiongMai uc-httpd 1.0....
CVE-2026-14355
In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...
CVE-2026-56645
Heap-based buffer overflow in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
EUVD-2026-41646
Heap-based buffer overflow in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-14606
CVE-2026-14606 affects RT-Thread up to version 5.0.2, specifically the CAN_Receive function in SWM341 CAN Handler (SWM341.h in bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport). The issue is a stack-based buffer overflow triggered by manipulating the function, with local access required. The v...
CVE-2026-14612
The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...
PT-2026-55579
Name of the Vulnerable Software and Affected Versions RT-Thread versions prior to 5.0.3 Description A stack-based buffer overflow exists in the recvmsg function within the bsp/loongson/ls1cdev/libraries/ls1c can.h library of the ls1c CAN Handler component. This issue requires local access to be...
CVE-2025-15666
A flaw was found in Assimp, the Open Asset Import Library. A local attacker could exploit a vulnerability where specially crafted model files could cause a heap-based buffer overflow. This issue, occurring in the SceneCombiner::Copy function, could allow an attacker to gain unauthorized access to...
CVE-2026-57277
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57278
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57275
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57274
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57276
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57273
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57278
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57278
GeoWebPlayer (Web Plugin/WS Player) vulnerable to a stack-based buffer overflow in the connectInfo handler, specifically in the ip field (conn_info.ip_or_host) with unbounded JSON input. TALOS confirms multiple CVEs in the same connectInfo codepath, including potential arbitrary code execution in...
EUVD-2026-41240
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57277
CVE-2026-57277 affects GeoWebPlayer (Web Plugin/WS Player) GeoVision GeoWebPlayer Websocket Server connectInfo handler. The vulnerability is a stack-based buffer overflow in the key field (buffer key_blob[17]), caused by copying attacker-controlled JSON fields into fixed-size buffers without prop...
CVE-2026-57277
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
EUVD-2026-41239
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...