CVE-2026-3222

The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'locationid' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer FlipperCodeModelBase::iscolumn treating user input wrapped in backticks as column...

CVE-2026-3974

A vulnerability was identified in Tenda W3 1.0.0.32204. This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. Th...

CVE-2026-3555

Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this...

CVE-2026-3975

A security flaw has been discovered in Tenda W3 1.0.0.32204. This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wlradio results in stack-based buffer overflow. It is possible ...

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

CVE-2026-4627

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handlerupdatesystemtime of the file libdeuteronmodules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only...

CVE-2026-4529

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirectcountdownpage of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This...

CVE-2026-4551

A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is...

CVE-2026-4008

A flaw has been found in Tenda W3 1.0.0.32204. This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotel...

CVE-2019-25628

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and...

CVE-2019-25650

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...

CVE-2018-25218

PassFab RAR Password Recovery 9.3.2 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into...

CVE-2019-25650 River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...

CVE-2019-25650 River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...

CVE-2019-25650

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...

CVE-2018-25218 PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow

PassFab RAR Password Recovery 9.3.2 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into...

CVE-2018-25217

CVE-2018-25217 affects PDF Explorer 1.5.66.2. The issue is a structured exception handler (SEH) overflow in processing the Label field within the Custom fields settings dialog, enabling local code execution by overwriting SEH records with a crafted payload (buffer overflow, NSEH jump, and ROP gad...

CVE-2018-25217 PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

CVE-2018-25212

The CVE-2018-25212 entry concerns Boxoft wav-wma Converter 1.0, which reportedly contains a local buffer overflow vulnerability in structured exception handling. An attacker can craft WAV files with excess data and ROP gadgets to overwrite the SEH chain, enabling arbitrary code execution on Windo...

CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...