kernel: Bluetooth: MGMT: validate LTK enc_size on load

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

kernel: Bluetooth: MGMT: validate LTK enc_size on load

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

PT-2026-44494

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm unpack 24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

PT-2026-44386

Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.088 001 Description A stack buffer overflow exists in four AEAD decrypt verify helpers. The XS routines gcm decrypt verify, ccm decrypt verify, chacha20poly1305 decrypt verify, and eax decrypt verify copy a...

XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. The XCharge C6 has a security vulnerability, which stems from a stack-based buffer overflow in the signal processing logic. Attackers can exploit this vulnerability by physically...

PT-2026-44296

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where an exiting task that experiences an oops a kernel panic that does not require a full system reboot can be preempted during the execution of do task dead. This occur...

PT-2026-44272

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow occurs in the target tg pt gp members show function when formatting LUN paths using snprintf into a 256-byte stack buffer. Because iSCSI IQN names can reach 223 bytes,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the rtnlfillvfinfo function in rtnetlink does not initialize the iflavfbroadcast...

Linux Distros Unpatched Vulnerability : CVE-2026-46063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack...

RockyLinux 9 : python3.12 (RLSA-2026:19177)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19177 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

CryptX 安全漏洞

CryptX is a open-source cryptographic toolkit developed by DCIT, based on various encryption algorithms. Versions of CryptX prior to 0.088001 contained security vulnerabilities. These vulnerabilities stemmed from stack buffer overflows in four AEAD decryption validation functions, which could all...

PT-2026-44255

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack information leak exists in the rtnl fill vfinfo function. The function declares a struct ifla vf broadcast on the stack without initialization. This structure contains a 32-byte...

PT-2026-44305

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel stack memory leak occurs in the pseries/papr-hvpipe component. The hdr variable is allocated on the stack, but only hdr.version and hdr.flags are explicitly initialized. Since t...

GHSA-C2P3-7M5P-CV8X Symfony hardened the parser when handling untrusted input

Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

exploit-lab

Exploit Development Lab — From Stack Smash to Kernel 0-Day 20...

CVE-2026-8362

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome...

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

CVE-2026-9348

A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The explo...

CVE-2026-24200

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code executi...

CVE-2026-46063

A flaw was found in the Linux kernel. A deadlock can occur during the shadow stack signal return shstk sigreturn process on x86 systems. This happens when the kernel attempts to read the shadow stack signal frame, and a page fault occurs, leading to a recursive attempt to acquire an mmap read loc...