SUSE CVE-2026-29628

A stack overflow in the experimental/tinyobjloaderopt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service DoS via supplying a crafted .mtl file...

CVE-2026-29628

A flaw was found in tinyobjloader. A stack overflow vulnerability exists in the experimental/tinyobjloaderopt.h file. A remote attacker could exploit this by supplying a specially crafted .mtl file. This could lead to a Denial of Service DoS, making the application unavailable...

EUVD-2026-21926

A stack overflow in the experimental/tinyobjloaderopt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service DoS via supplying a crafted .mtl file...

CVE-2026-29628

A stack overflow in the experimental/tinyobjloaderopt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service DoS via supplying a crafted .mtl file...

CVE-2026-29628

The CVE affects the tinyobjloader project, where a stack overflow in the experimental/tinyobj_loader_opt.h file (commit d56555b) can be triggered by a specially crafted .mtl file, leading to a Denial of Service. Evidence across multiple feeds (NVD, SUSE, Red Hat, ENISA, PT-Security, etc.) confirm...

CVE-2026-29628

A stack overflow in the experimental/tinyobjloaderopt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service DoS via supplying a crafted .mtl file...

CVE-2025-14802 LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/fileid REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the...