EUVD-2026-11591

A security vulnerability has been detected in Tenda i12 1.0.0.62204. The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclos...

CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

DEBIAN-CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

UBUNTU-CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

CVE-2026-32141

The CVE concerns the flatted library (circular JSON parser). Before version 3.4.0, flatted.parse() uses a recursive revive() phase to resolve circular references; crafted payloads with deeply nested or self-referential $ indices can cause unbounded recursion, leading to a stack overflow that cras...

CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

CVE-2026-4043

A security vulnerability has been detected in Tenda i12 1.0.0.62204. The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclos...

CVE-2026-4043 Tenda i12 wifiSSIDget formwrlSSIDget stack-based overflow

A security vulnerability has been detected in Tenda i12 1.0.0.62204. The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclos...

CVE-2026-4043 Tenda i12 wifiSSIDget formwrlSSIDget stack-based overflow

A security vulnerability has been detected in Tenda i12 1.0.0.62204. The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclos...

CVE-2026-4043

CVE-2026-4043 describes a stack-based buffer overflow in the Tenda i12 firmware 1.0.0.6(2204), caused by the function formwrlSSIDget in the file /goform/wifiSSIDget . The issue can be triggered remotely and has been publicly disclosed, indicating exploitability. Affected component: WiFi SSID retr...

CVE-2026-4042

A weakness has been identified in Tenda i12 1.0.0.62204. The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made...

CVE-2026-4042 Tenda i12 WifiMacFilterGet formWifiMacFilterGet stack-based overflow

A weakness has been identified in Tenda i12 1.0.0.62204. The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made...

CVE-2026-4042 Tenda i12 WifiMacFilterGet formWifiMacFilterGet stack-based overflow

A weakness has been identified in Tenda i12 1.0.0.62204. The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made...

CVE-2026-4042

CVE-2026-4042 affects Tenda i12 firmware 1.0.0.6(2204). The flaw is in the function formWifiMacFilterGet (file /goform/WifiMacFilterGet), where argument index manipulation causes a stack-based buffer overflow. The description indicates the vulnerability may be exploited remotely and that the expl...

CVE-2026-4041

A security flaw has been discovered in Tenda i12 1.0.0.62204. Impacted is the function vosstrcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and m...

CVE-2026-4041 Tenda i12 exeCommand vos_strcpy stack-based overflow

A security flaw has been discovered in Tenda i12 1.0.0.62204. Impacted is the function vosstrcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and m...

CVE-2026-4041

CVE-2026-4041 affects Tenda i12 (firmware 1.0.0.6(2204)). The vulnerability is in the vos_strcpy function of /goform/exeCommand, where an input cmdinput can cause a stack-based buffer overflow. Impact is high (confidentiality, integrity, availability), with remote exploitation possible and no use...

ImageMagick has stack buffer overflow in MagnifyImage

MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack...