CVE-2023-25123

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2026-22189 Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...

CVE-2026-22189 Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...

PT-2026-2163

Name of the Vulnerable Software and Affected Versions Panda3D versions up to and including 1.10.16 Description The software contains a stack-based buffer overflow issue because of the use of an unbounded sprintf call with input controlled by an attacker. When creating glyph filenames, the softwar...

CVE-2025-14995

A vulnerability has been found in Tenda FH1201 1.2.0.14408. Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

CVE-2025-14995 Tenda FH1201 SetIpBind sprintf stack-based overflow

A vulnerability has been found in Tenda FH1201 1.2.0.14408. Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

CVE-2025-14995

The CVE describes a stack-based buffer overflow in Tenda FH1201 routers (version 1.2.0.14(408)) caused by mis-handling of the page parameter in the sprintf call in /goform/SetIpBind. The issue can be triggered remotely, with public PoC/exploit disclosures and active exploitation reported by multi...

CVE-2025-14993

Mode C: The CVE-2025-14993 affects Tenda AC18 v15.03.05.05 in the HTTP Request Handler’s SetDlnaCfg, where improper handling of the scanList argument in sprintf causes a stack-based buffer overflow. This vulnerability is exploitable remotely, and multiple sources indicate a public exploit exists....

Tenda FH1201 安全漏洞

Tenda FH1201 is a wireless router from Tenda China. A security vulnerability exists in Tenda FH1201 version 1.2.0.14408, which originates from the sprintf function in file /goform/SetIpBind improperly handles the parameter page, which could result in a stack buffer overflow...

CVE-2025-14964

The CVE-2025-14964 entry affects TOTOLINK T10 firmware version 4.1.8cu.5083_B20200521. The vulnerability arises from improper handling of the loginAuthUrl parameter in the /cgi-bin/cstecgi.cgi function sprintf, enabling a stack-based buffer overflow that can be triggered remotely. Several connect...

CVE-2025-14964 TOTOLINK T10 cstecgi.cgi sprintf stack-based overflow

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

EUVD-2025-200236

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated in...

EUVD-2025-200234

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...

EUVD-2025-200232

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...

PT-2025-48674

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2. The ShowMeterDatabase function copies user-controlled input into a fixed-size buffer using sprintf...

PT-2025-48670

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists due to insufficient input validation. The GetParametermeter function retrieves user-supplied input, specifically the meter parameter, and copies it...

PT-2025-48675

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists due to insufficient input validation. The GetParametermeter function retrieves user-supplied input, specifically the meter parameter, and copies it...

CVE-2025-60691

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The applycgi and blockcgi functions copy user-supplied input from the "url" CGI parameter into stack buffers v36, v29 using sprintf without bounds checking. Because these buffe...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990343 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function...

EUVD-2022-54959

In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfsemit instead of sprintf sprintf still used in the MMC core for the sysfs output is vulnerable to the buffer overflow. Use the new-fangled sysfsemit instead. Found by Linux Verification Center linuxtesting.org...