CVE-2026-6240

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

CVE-2026-6240 Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

CVE-2026-36785

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-7164

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

CVE-2026-30363

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function...

CVE-2026-30364

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function...

CVE-2026-29974

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

CVE-2026-41963

Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-10528

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

CVE-2026-36837

TOTOLINK A3002RU V3 = V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function...

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

CVE-2026-45250

The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...

CVE-2026-42485

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...

CVE-2026-37530

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3...

CVE-2026-34852

Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-5525

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...

CVE-2026-1681

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

CVE-2026-41287

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service...

CVE-2026-32955

SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device...

CVE-2026-5992

A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed an...