CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/06 8:21 p.m.•5 views

CVE-2026-34461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.8CVSS6.5AI score0.00172EPSS

RedhatCVE•added 2026/05/06 8:21 p.m.•7 views

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.8CVSS6.2AI score0.00174EPSS

Vulnrichment•added 2026/05/06 3:46 p.m.•8 views

CVE-2026-41286 Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant B

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service...

Cvelist•added 2026/05/06 3:46 p.m.•32 views

CVE-2026-41286 Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant B

7.1CVSS0.00213EPSS

EUVD•added 2026/05/06 3:32 p.m.•5 views

EUVD-2026-27828

NVD•added 2026/05/06 3:16 p.m.•9 views

Exploits0References2

CVE-2026-41287

7.1CVSS0.00213EPSS

OSV•added 2026/05/06 2:45 p.m.•5 views

BIT-JAVA-MIN-2025-6021 Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

7.5CVSS7.1AI score0.01067EPSS

Exploits1References29

Vulnrichment•added 2026/05/06 1:40 p.m.•5 views

CVE-2026-41287 Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant A

CVE•added 2026/05/06 1:40 p.m.•11 views

CVE-2026-41287

CVE-2026-41287 is a stack-based buffer overflow in the WatchGuard Agent Discovery Service on Windows that allows an unauthenticated, adjacent attacker to crash the agent service, producing a Denial of Service. Documented impact is high (CVSS 4.0 base score 7.1) with availability as the primary co...

Exploits0References1Affected Software1

IBM Security Bulletins•added 2026/05/06 3:55 a.m.•7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under...

8.2CVSS6.8AI score0.00612EPSS

Exploits1Affected Software1

SUSE CVE•added 2026/05/06 1:41 a.m.•7 views

SUSE CVE-2026-43020

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

5.5CVSS5.9AI score0.00129EPSS

Exploits0References7

SUSE CVE•added 2026/05/06 1:40 a.m.•6 views

SUSE CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

7.5CVSS6.4AI score0.0018EPSS

Exploits0References3

Positive Technologies•added 2026/05/06 12:0 a.m.•6 views

PT-2026-41980

Name of the Vulnerable Software and Affected Versions Kanidm versions prior to 1.9.3 Description An unauthenticated GET request to any /scim/v1/... endpoint using a ?filter= query string containing several thousand nested parentheses approximately 4–12 KB can cause a stack overflow. This occurs...

8.7CVSS5.6AI score0.00317EPSS

Exploits0References4

Positive Technologies•added 2026/05/06 12:0 a.m.•13 views

PT-2026-38312

Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...

7.5CVSS5.9AI score0.00358EPSS

Exploits0References8

Positive Technologies•added 2026/05/06 12:0 a.m.•7 views

PT-2026-37845

7.5CVSS7.1AI score0.01067EPSS

Exploits1References29

OSV•added 2026/05/05 10:27 p.m.•5 views

CLSA-2026-1778020045 binutils: Fix of CVE-2021-3826

CVE-2021-3826: fix heap/stack buffer overflow in dlanglname libiberty d-demangle.c via missing length check in dlangsymbolbackref...

6.5CVSS6AI score0.0105EPSS

RedhatCVE•added 2026/05/05 8:21 p.m.•4 views

CVE-2026-41927

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...

8.3CVSS6.6AI score0.00396EPSS

NVD•added 2026/05/05 8:16 p.m.•2 views

CVE-2026-34464

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMEDPIPEOPENREQ into a fixed WCHAR pipename160 stack buffer using wcscat without verifying null termination. The handler only...

8.8CVSS0.00174EPSS

NVD•added 2026/05/05 8:16 p.m.•4 views

CVE-2026-34461

7.8CVSS0.00172EPSS