CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

CVE-2026-39853

osslsigncode contains a stack buffer overflow in its signature verification paths (PE, MSI, CAB, script) when verifying PKCS#7 signatures. During digest copy from SpcIndirectDataContent into a fixed-size stack buffer (mdbuf[EVP_MAX_MD_SIZE], 64 bytes), the code does not validate the source length...

CLSA-2026-1775749572 ImageMagick: Fix of 4 CVEs

CVE-2026-25968: stack buffer overflow in MSL image-processing language via WriteMSLImage recursion - CVE-2026-25897: out-of-bounds heap write in SUN decoder on 32-bit systems via integer overflow in pixel buffer allocation - CVE-2025-53014: out-of-bounds read in InterpretImageFilename when...

CLSA-2026-1775748729 ImageMagick: Fix of 4 CVEs

CVE-2026-25968: stack buffer overflow in MSL image-processing language via WriteMSLImage recursion - CVE-2026-25897: out-of-bounds heap write in SUN decoder on 32-bit systems via integer overflow in pixel buffer allocation - CVE-2025-53014: out-of-bounds read in InterpretImageFilename when...

CVE-2026-5830

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available...

CVE-2026-5830 Tenda AC15 SysToolChangePwd websGetVar stack-based overflow

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available...

CVE-2026-5830

CVE-2026-5830 affects Tenda AC15 firmware 15.03.05.18. The vulnerability resides in the function websGetVar of /goform/SysToolChangePwd and results from manipulating the arguments oldPwd/newPwd/cfmPwd, causing a stack-based buffer overflow. The issue can be exploited remotely, and public exploit ...

EUVD-2026-20809

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

wolfSSL（CyaSSL） 安全漏洞

WolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. WolfSSL CyaSSL has security vulnerabilities; these vulnerabilities stem from two potential stack overflow points in the...

PT-2026-31824

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 Description A stack-based buffer overflow exists in the formWrlsafeset function of the /goform/AdvSetWrlsafeset file. Manipulation of the mit ssid argument can trigger this issue. The attack can be initiated remotely...

Tenda F451 安全漏洞

The Tenda F451 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.7 of the Tenda F451 contains a security vulnerability. This vulnerability stems from the operation of the mitssid parameter in the formWrlsafesets function of the/goform/AdvSetWrlsafeset file, which may lead ...

Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability caused by incorrect boundary checking when parsing an incorrectly formatted .par file, which can be exploited by an attacker to execute...

osslsigncode 缓冲区错误漏洞

Osslsigncode is a small tool developed by Michał Trojnara as an individual developer. It implements some of the functions of the Microsoft tool signtool.exe. Versions of Osslsigncode prior to version 2.12 contained a buffer error vulnerability. This vulnerability stemmed from multiple signature...

PT-2026-31830

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

PT-2026-31643

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

Linux Distros Unpatched Vulnerability : CVE-2026-39853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in...

Tenda AC15 安全漏洞

The Tenda AC15 is a wireless router produced by the Chinese company Tenda. Version 15.03.05.18 of the Tenda AC15 contains a security vulnerability. This vulnerability arises from incorrect operations with parameters oldPwd/newPwd/cfmPwd in the function websGetVar within the...

CVE-2026-5815 D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

CVE-2026-5815 D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

CVE-2026-5815

CVE-2026-5815 affects D-Link DIR-645, versions 1.01–1.03. The vulnerability is in the hedwigcgi_main function of /cgi-bin/hedwig.cgi, causing a stack-based buffer overflow. It is exploitable remotely, with a public exploit available. The issue impacts products no longer supported by the maintaine...