Important: python3.11

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

CVE-2018-25303

Allok Video to DVD Burner 2.6.1217 is affected by a stack-based buffer overflow in the License Name field that enables local code execution via SEH overwrite. An input of ~780 junk bytes followed by SEH chain pointers and shellcode can be pasted into the License Name field during registration to ...

CVE-2018-25303 Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input string with 780 bytes of junk...

CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

CVE-2026-28221

CVE-2026-28221 – Wazuh pre-auth stack-based buffer overflow is confirmed in wazuh-remoted’s print_hex_string(). From versions 4.8.0 to before 4.14.4, attacker-controlled bytes are formatted with sprintf(dst_buf + 2*i, "%.2x", src_buf[i]) on signed-char platforms, causing sign-extension and an out...

EUVD-2026-26270

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

CLSA-2026-1777465067 binutils: Fix of CVE-2021-3826

CVE-2021-3826: fix heap/stack buffer overflow in libiberty d-demangle dlangsymbolbackref...

CVE-2026-0206

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall...

EUVD-2026-26256

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall...

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

JLSEC-2026-297

HDF5 through 1.14.3 contains a stack buffer overflow in H5Rdecodeheap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

JLSEC-2026-291

HDF5 through 1.14.3 contains a stack buffer overflow in H5FLarrmalloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-15467 DESCRIPTION: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Json-smart

Summary A vulnerability has been identified in Json-smart library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION:Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON...

BIT-THRIFT-2026-41606 Apache Thrift: c_glib dispatch stack overflow

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015467 advisory. A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c...

Allok Video Converter 安全漏洞

Allok Video Converter is a video encoding tool developed by Allok Corporation. Version 2.6.1217 of Allok Video Converter contains a security vulnerability. This vulnerability stems from a stack-based buffer overflow issue, which could allow local attackers to overwrite execution code by triggerin...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.8.0 to 4.14.4 contained security vulnerabilities. These...

FreeBSD -- pf can overflow the stack parsing crafted SCTP packets

Problem Description: Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Impact: Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to...

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWALL SonicOS, which stems from a stack buffer overflow issue after authentication. This vulnerability may allow...