CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-10126

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has...

SUSE CVE-2010-4314

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter...

EUVD-2016-10850

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

CVE-2016-20048

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...

CVE-2016-20040

TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and...

CVE-2016-20043 NRSS RSS Reader 0.3.9-1 Stack Buffer Overflow

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

CVE-2016-20040 TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter

TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and...

PT-2026-28668

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A stack-based buffer overflow exists in the POST Request Handler component of Tenda AC5 version 15.03.06.47. The issue is located in the formWifiWpsOOB function within the /goform/WifiWpsOOB file...

GO-2026-4543 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow in github.com/gofiber/fiber

Fiber has a Denial of Service Vulnerability via Route Parameter Overflow in github.com/gofiber/fiber...

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

CVE-2026-25882

Summary: CVE-2026-25882 affects the Go web framework Fiber (v2 and v3). The issue arises from missing validation during route registration combined with an unbounded array write during request matching, enabling a denial-of-service by sending requests to routes with more than 30 parameters. The v...

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

GHSA-MRQ8-RJMW-WPQ3 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route registration combined with an unbounded array write during...

📄 OpenSSL 3.x PKCS#12 PBMAC1 KeyLength Buffer Overflow

This proof of concept demonstrates a buffer overflow vulnerability in OpenSSL versions 3.4 to 3.6 related to improper handling of the PBMAC1 keyLength parameter in PKCS12 files. By crafting a malicious PKCS12 structure with an excessively large keyLength value, the proof of concept triggers a...

EUVD-2026-3653

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub60CFC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

TOTOLINK LR350 security vulnerabilities

TOTOLINK LR350 is a wireless router produced by TOTOLINK Corporation. The TOTOLINK LR350 9.3.5u.6369B20220309 version contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “ssid” in the file /cgi-bin/cstecgi.cgi, which may lead to a buffer overflow...

TOTOLINK A3300R lang parameter buffer overflow vulnerability

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A3300R version 17.0.0cu.557B20221024, which originates from the parameter lang in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length of the...

CVE-2025-12260 TOTOLINK A3300R POST Parameter cstecgi.cgi setSyslogCfg stack-based overflow

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to...