CVE-2026-7834 EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function getcsrfwhites of the file /cgi/advanced/miscmain.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and...

CVE-2026-7834

The CVE-2026-7834 entry concerns EFM ipTIME NAS1dual 1.5.24. The vulnerability is in the function get_csrf_whites of /cgi/advanced/misc_main.cgi, where input manipulation causes a stack-based overflow. This can be triggered remotely, and a publicly disclosed exploit exists. The vendor has been co...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

CVE-2026-7372

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Stack-overflow via...

CVE-2026-42370

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2026-42369

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...

EUVD-2026-27163

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

DEBIAN-CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

CVE-2026-44028

CVE-2026-44028 affects Nix and Lix: unbounded recursion in the NAR (Nix Archive) parser can cause a stack-to-heap overflow when parsing on a coroutine stack. The stack lacks a guard page, enabling a stack overflow to overwrite heap memory and potentially execute arbitrary code as the Nix daemon (...

CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

PT-2026-37227

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID SBIE INI RUN SBIE CTRL message is processed before standard sandbox and impersonation checks. For callers not...

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the RunSbieCtrl processor of the SbieIniServer module, which could lead...

Nix和lix 安全漏洞

Lix is a package manager developed by Lix OpenSource. Nix is also a package manager developed by Nix OpenSource. Versions of Nix prior to 2.34.7 and Lix prior to 2.95.2 contained security vulnerabilities. These vulnerabilities stemmed from unbounded recursion in the NAR parser, which could lead t...

PT-2026-37047

Name of the Vulnerable Software and Affected Versions ipTIME NAS1dual version 1.5.24 Description A stack-based buffer overflow can be triggered remotely via the get csrf whites function within the '/cgi/advanced/misc main.cgi' endpoint. A stack-based buffer overflow occurs when a program writes...

PT-2026-37226

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains an information leak and a stack buffer overflow. An information leak occurs when a sandboxed process sends an IPC reque...

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the GetRawInputDeviceInfoSlave handler in the SbieSvc proxy service, which has issues with information...