253407 matches found
CVE-2026-9460
A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...
CVE-2026-9442
A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. Th...
kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
CVE-2026-46149
In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...
UBUNTU-CVE-2026-46198
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buffpos Fixing an integer overflow present in batadvivogmsendtoif. The size check is done using the int type in batadvivogmaggrpacket whereas the buffpos variable uses the s16 type. This could...
UBUNTU-CVE-2026-46149
In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...
EUVD-2026-32776
In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...
CVE-2026-46149
Summary: CVE-2026-46149 affects the Linux kernel SCSI target subsystem, specifically the configfs path in tg_pt_gp_members_show(). The function formats LUN paths with snprintf() into a 256-byte stack buffer and then copies cur_len bytes via memcpy(), but snprintf() may return a length that exceed...
CVE-2026-46149
In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...
kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
CVE-2026-8834
IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...
Self-Researched-POC
NGINX ngxhttpr...
SUSE CVE-2026-44988
LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A malicious VNC serve...
SUSE CVE-2026-45878
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watchid bounds checking in debug address watch v2 The address watch clear code receives watchid as an unsigned value u32, but some helper functions were using a signed int and checked bits by shifting with watchid...
CVE-2026-45878
A flaw was found in the Linux kernel's AMD KFD Kernel Fusion Driver component. A local user could exploit a boundary error in the debug address watch v2 functionality by providing a specially crafted watchid. This could lead to a buffer overflow, potentially allowing memory access outside of...
kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...
CVE-2026-8915
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...
CVE-2026-8915
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...
EUVD-2026-32679
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...