253659 matches found
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
CVE-2026-0300
CVE-2026-0300 is a buffer-overflow vulnerability in the PAN-OS User-ID Authentication Portal (Captive Portal) that allows unauthenticated remote code execution with root privileges on affected PA-Series and VM-Series firewalls. Exploitation has been observed in the wild when the portal is exposed...
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
EUVD-2026-27838
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
EUVD-2026-27834
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service...
CVE-2026-7900
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via unsafe string copying in the canonicalization process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted username in the MongoDB URI with authMechanism=GSSAPI before...
CVE-2026-41286
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service...
CVE-2026-41286
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service...
CVE-2026-41286
The CVE-2026-41286 entry concerns the WatchGuard Agent Discovery Service on Windows. A stack-based buffer overflow in the discovery component is exploitable by an unauthenticated attacker on the same local network, with the practical outcome being a crash of the agent service (Denial of Service)....
CVE-2026-43107
A flaw was found in the Linux kernel's xfrm subsystem. A remote attacker could send a specially crafted netlink message that, due to an incorrect size calculation when handling XFRMAIFID attributes, would lead to a buffer overflow. This issue could cause a kernel panic, resulting in a Denial of...
CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
BIT-JAVA-2025-6052 Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...
BIT-JAVA-2025-6021 Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...
BIT-JAVA-MIN-2025-24928
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...
BIT-JAVA-2025-24928
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...
BIT-JAVA-2024-47777 GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...