(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sfpcmAuthenticateSecAdmin function. The issue results...

CVE-2022-40876

In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution RCE...

CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...

CVE-2025-3711

The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device...

Exploit for Classic Buffer Overflow in Dlink Dsr-150_Firmware

CVE-2024-57376 Pre-auth remote code execution exploit for D-L...

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 sli...

Exploit for Out-of-bounds Write in Tenda Ac9_Firmware

CVE-2025-29384 Proof-of-Concept Exploit Overview This repo...

CVE-2025-29386

In Tenda AC9 v1.0 V15.03.05.14multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution...

CVE-2025-29385

In Tenda AC9 v1.0 V15.03.05.14multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution...

CVE-2025-21128 Substance3D - Stager | Stack-based Buffer Overflow (CWE-121)

Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-22946

Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution...

CVE-2024-41882 Stack based buffer overflow

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for the flaw, please refer...

PT-2023-7586 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version US AC10V4.0si V16.03.10.13 cn Description: The issue is related to a stack overflow in the get parentControl list Info function when handling the urls parameter. This can allow a remote attacker to execute arbitrary code or...

PT-2023-5957 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 8.0. before 8.0.30 PHP versions 8.1. before 8.1.22 PHP versions 8.2. before 8.2.8 Description: The issue is caused by insufficient length checking when loading phar files, leading to a stack buffer overflow, which can result in...

CVE-2022-47385 CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution...

CVE-2023-25211

Tenda AC5 USAC5V1.0RTLV15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

SUSE CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...

CVE-2022-40876

In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution RCE...

Arbitrary Code Execution

faad2 is vulnerable to arbitrary code execution. The vulnerability exists as there is a stack-based buffer overflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or...

CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...