CVE-2026-23995 EVerest has stack buffer overflow in ifreq.ifr_name when interface name exceeds IFNAMSIZ

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

CVE-2024-41318

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcliwpsgenpincode function...

CVE-2024-41315

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpinwps function...

Buffer Overflow

libcsp.so is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of the ifname parameter in the cspethinit function, where strcpy is used without validating input length, which allows an attacker to overflow the buffer and potentially execute arbitrary code...

EUVD-2025-13460

Malicious code in bioql PyPI...

EUVD-2025-24163

Malicious code in bioql PyPI...

EUVD-2023-42635

Malicious code in bioql PyPI...

GNU libcdio csp_eth_init function buffer overflow vulnerability

GNU libcdio is an American GNU community library for CD-ROM and CD image access. A buffer overflow vulnerability exists in GNU libcdio version 2.0, which stems from the failure of the ifname parameter in the cspethinit function to properly validate the length and size of the input data, and can b...

CVE-2025-51823

libcsp 2.0 is vulnerable to Buffer Overflow in the cspethinit function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member ctx-name without validating the input length...

UBUNTU-CVE-2025-51823

libcsp 2.0 is vulnerable to Buffer Overflow in the cspethinit function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member ctx-name without validating the input length...

CVE-2025-51823

The CVE-2025-51823 entry affects libcsp 2.0. The vulnerability is a buffer overflow in the csp_eth_init() function caused by copying the interface name (ifname) into ctx->name with strcpy without validating input length. This is the underlying root cause described across multiple sources, whic...

GNU libcdio 安全漏洞

GNU libcdio is an American GNU community library for CD-ROM and CD image access. A buffer overflow vulnerability exists in GNU libcdio version 2.0, which stems from the failure of the ifname parameter in the cspethinit function to properly validate the length and size of the input data, and can b...

CVE-2024-57224

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpinwps function...

CVE-2024-57227

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...

CVE-2024-57222

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apclicancelwps function...

CVE-2024-41317

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...

CVE-2023-38863

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub410074 function at bin/webmgnt...

CVE-2010-5330

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi aka Show AP info because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSyn...

CVE-2024-57232

NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcliwpsgenpincode function...

CVE-2024-57234

NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apclicancelwps function...