CVE-2026-27821 GPAC NHML Demuxer (dmx_nhml.c) Vulnerable to Stack Buffer Overflow

GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in src/filters/dmxnhml.c. The value of the xmlHeaderEnd XML attribute is copied from att-value into szXmlHeaderEnd1000 using strcpy without any length...

CVE-2026-27821

GPAC has a stack-based overflow in NHML demuxer (dmx_nhml.c) affecting versions up to 26.02.0. The parser copies the xmlHeaderEnd attribute into a 1000-byte buffer with strcpy(), enabling overflow if input exceeds 1000 bytes. A fix is available via commit 9bd7137fded2db40de61a2cf3045812c8741ec52....

PT-2026-20528

Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login...

CVE-2019-25328

XnConvert 1.82 contains a denial-of-service vulnerability in the registration code input field. A crafted 9000-byte buffer of repeated characters pasted into the registration field can crash the application. The CVSS metrics indicate a high impact on availability (AVAILABILITY: HIGH) with network...

CVE-2020-37140

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigge...

CVE-2020-37140

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigge...

CVE-2020-37140 Everest 5.50.2100 - 'Open File' Denial of Service

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigge...

CVE-2020-37140

CVE-2020-37140 affects Everest/AIDA64 (version 5.50.2100). The vulnerability is a denial of service in the file-open dialog: a crafted 450-byte buffer of repeated characters pasted into the dialog crashes the application. Exploitation is local and requires user interaction; the attacker must inte...

CVE-2020-37140 Everest 5.50.2100 - 'Open File' Denial of Service

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigge...

CVE-2020-37136 ZOC Terminal v7.25.5 - 'Private key file' Denial of Service

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create S...

PT-2026-6583

Name of the Vulnerable Software and Affected Versions AIDA64 version 5.50.2100 Description AIDA64 version 5.50.2100 contains a denial of service issue that allows local attackers to crash the application by manipulating file open functionality. An attacker can create a 450-byte buffer of repeated...

CVE-2020-36964 YATinyWinFTP - Denial of Service

YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash...

CVE-2020-36964 YATinyWinFTP - Denial of Service

YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash...

CVE-2020-36964

YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash...

CVE-2021-47786

Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGONMOUSE device to crash the kernel driver...

DEBIAN-CVE-2021-47793

Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash...

CVE-2021-47797

CVE-2021-47797 concerns Leawo Prof. Media 11.0.0.1. A DoS vulnerability in the activation keycode handling allows an oversized payload (6000-byte, repeated characters) to crash the application when pasted into the registration interface. The CVE references PoC material in multiple sources. No pat...

CVE-2021-47793

Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash...

EUVD-2022-55749

Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash...

CVE-2022-50687

Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash...