CVE-2026-5317

CVE-2026-5317 affects Nothings stb up to 1.22; vulnerable area is start_decoder in stb_vorbis.c. The issue is an out-of-bounds write caused by manipulation of data, with potential for remote execution. Public exploit exists; vendor was contacted early but did not respond. Metrics indicate exploit...

EUVD-2026-18109

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbttbufget8 in the library stbtruetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly...

EUVD-2026-18091

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

DEBIAN-CVE-2026-5316

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

DEBIAN-CVE-2026-5315

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbttbufget8 in the library stbtruetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly...

UBUNTU-CVE-2026-5315

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbttbufget8 in the library stbtruetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly...

CVE-2026-5316 Nothings stb stb_vorbis.c setup_free allocation of resources

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

CVE-2026-5316 Nothings stb stb_vorbis.c setup_free allocation of resources

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

CVE-2026-5316

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

PT-2026-29791

A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update pcdb of the file /setup.cgi. The manipulation of the argument mac pc dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the...

PT-2026-29733

A vulnerability was found in SourceCodester/mayuri k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

PT-2026-29680

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

PT-2026-29692

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg tls recv cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has bee...

PT-2026-29679

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A security issue exists in vanna-ai vanna, specifically within the Chat API Endpoint component. A manipulation of the /api/vanna/v2/ file results in missing authentication. This can be exploited...

PT-2026-29748

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action set net settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument...

PT-2026-29715

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle mdns record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. ...

PT-2026-29674

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.22 Description A security flaw exists in Nothings stb, specifically within the start decoder function of the stb vorbis.c file. This flaw results in an out-of-bounds write, and can be exploited remotely. The explo...

PT-2026-29787

A vulnerability was determined in huimeicloud hm editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the atta...

PT-2026-29734

A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

PT-2026-29678

A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclos...