CVE-2026-42904

CVE-2026-42904 is a Windows TCP/IP heap-based buffer overflow vulnerability that allows an unauthenticated attacker on an adjacent network to elevate privileges. The issue affects the Windows TCP/IP stack and is identified as a 9.6 (CRITICAL) CVSSv3.1 Base Score with attacker-friendly characteris...

CVE-2026-45463

CVE-2026-45463 describes a heap-based buffer overflow in Microsoft Office that allows an attacker with local access to execute code on the affected system. The sources identify Microsoft Office and classify the flaw as a heap-based overflow with high impact (CVSSv3.1: 8.4, LOCAL access, no user i...

CVE-2026-48563

CVE-2026-48563 describes a heap-based buffer overflow in the Remote Desktop Client that enables an unauthenticated attacker to execute code over the network. The accompanying metrics indicate a high-severity impact (CVSS 3.1 base score 7.5) with attacker control over network access, requiring use...

CVE-2026-45648

The CVE-2026-45648 entry pertains to a stack-based buffer overflow in Windows Active Directory Domain Services that allows an authorized network attacker to execute code. Affected component is Active Directory Domain Services; root cause is a buffer overflow vulnerability. Impact is remote code e...

CVE-2026-44819

CVE-2026-44819 affects Microsoft Office and is described as a heap-based buffer overflow that allows a local attacker to execute code. The vulnerability is characterized by a LOCAL attack vector, LOW attack complexity, and requires user interaction, with a high impact on confidentiality, integrit...

CVE-2026-46332

A flaw was found in the Linux kernel's Greybus subsystem, specifically in the gb-beagleplay driver. The cc1352bootloaderrx function, responsible for receiving bootloader data, does not properly check the size of incoming data chunks before copying them into a fixed-size receive buffer. This...

CVE-2026-49841 FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...

CVE-2026-0413 Buffer overflow vulnerability in certain NETGEAR Nighthawk routers

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0413 Buffer overflow vulnerability in certain NETGEAR Nighthawk routers

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0413

The CVE-2026-0413 entry covers a buffer overflow caused by insufficient input validation in certain NETGEAR Nighthawk routers. Affected: NETGEAR Nighthawk models referenced in the entry (routers listed in the references). Vulnerable condition: buffers not properly validated, enabling an authentic...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

CVE-2026-11516

A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used...

CVE-2026-11523

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

CVE-2026-11522

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2026-11517

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly...

CVE-2026-11503

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...

CVE-2026-11504

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer...

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Windows Media Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally...