476 matches found
CVE-2026-42369
GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...
GeoVision GV-VMS 缓冲区错误漏洞
GeoVision GV-VMS is a video management system software developed by GeoVision Corporation in China. The GeoVision GV-VMS V20 20.0.2 version contains a buffer error vulnerability. This vulnerability arises from the unbounded copying of base64-encoded strings in the WebCam Server function, leading ...
CVE-2025-60887
An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...
Defending Buffer Overflows in WebAssembly: A Transpiler Approach
WebAssembly is quickly becoming a popular compilation target for a variety of code. However, vulnerabilities in the source languages translate to vulnerabilities in the WebAssembly binaries. This work proposes a methodology and a WebAssembly transpiler to prevent buffer overflows in the unmanaged...
CVE-2019-25485
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...
CVE-2019-25485 R 3.4.4 Windows x64 Buffer Overflow SEH DEP ASLR Bypass
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...
CVE-2026-30897
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...
CVE-2026-22778
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM's multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the...
CVE-2020-37043
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling...
CVE-2026-23569
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used ...
PT-2026-5483
Name of the Vulnerable Software and Affected Versions 10-Strike Bandwidth Monitor version 3.9 Description The software contains a buffer overflow issue that allows attackers to bypass SafeSEH, ASLR, and DEP protections. Exploitation occurs through crafted input sent to the application’s...
CVE-2026-23569
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used ...
CVE-2025-41728
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003650)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003650 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003323)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003323 advisory. The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier fo...
📄 Android 7 / 8 / 8.1 Pointer Disclosure
A flaw in Android's Binder IPC allowed applications to craft Parcels where binder-object metadata overlapped with string data. When unmarshalling, the kernel inserted genuine kernel pointers into attacker-controlled buffers. These could then be echoed back through services like clipboard, resulti...
Mozilla Thunderbird < 52.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-09 advisory. - Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreigh...
Mozilla Firefox < 51.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-01 advisory. - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired...