CVE-2026-12806

A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to initiate the attack...

CVE-2026-12806

CVE-2026-12806 affects Edimax BR-6478AC V2 firmware 1.23. The vulnerable element is the POST handler function formWlSiteSurvey, specifically the argument selSSID in /goform/formWlSiteSurvey, whose manipulation can cause a buffer overflow. The issue enables remote exploitation with network access;...

EUVD-2026-38192

A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to initiate the attack...

EUVD-2026-38191

A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-12805

The vulnerability CVE-2026-12805 affects OFFIS DCMTK up to 3.7.0, specifically the XMLNode::parseFile function in ofstd/libsrc/ofxml.cc. A heap-based buffer overflow can be triggered remotely via manipulation. An exploit has been published and may be used. The patch is tracked by commit 1d4b3815c...

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

CVE-2026-56408

libexpat before 2.8.2 has an integer overflow in copyString...

CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...

CVE-2026-56404

libexpat before 2.8.2 has an integer overflow in addBinding...

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

EUVD-2026-38188

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

CVE-2026-56411

CVE-2026-56411 affects libexpat’s xmlwf binary, with an integer overflow in endDoctypeDecl triggered by NOTATION declarations prior to version 2.8.2. The CVSS metrics indicate a Local attack vector, high confidentiality and integrity impact, and low availability impact, with no user interaction r...

CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...