CVE-2025-3802 Tenda W12/i24 httpd cgiPingSet stack-based overflow

A vulnerability was found in Tenda W12 and i24 3.0.0.42887/3.0.0.53644. It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely...

CVE-2025-3802

CVE-2025-3802 affects Tenda W12 and i24 devices (versions 3.0.0.4(2887)/3.0.0.5(3644)). The issue is a stack-based buffer overflow in the function cgiPingSet within /bin/httpd when the pingIP argument is manipulated. This vulnerability can be triggered remotely and has been publicly disclosed, wi...

CVE-2025-3785

The CVE-2025-3785 entry concerns D-Link DWR-M961 (version 1.1.36) and affects the Authorization Interface component, specifically the /boafrm/formStaticDHCP file. The root cause is improper validation of the Hostname argument, causing a stack-based buffer overflow that can be triggered remotely. ...

CVE-2025-3785 D-Link DWR-M961 Authorization Interface formStaticDHCP stack-based overflow

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can ...

CVE-2025-3693 Tenda W12 httpd cgiWifiRadioSet stack-based overflow

A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-2497

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-3588

CVE-2025-3588 affects joelittlejohn jsonschema2pojo v1.2.2, specifically the apply function in org/jsonschema2pojo/rules/SchemaRule.java. The issue is a stack-based buffer overflow with local access required. The exploit has been publicly disclosed and vendor response is unavailable. Public mitig...

CVE-2025-3588 joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow

A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow...

The vulnerability of the neigh_forced_gc() function in the net/core/neighbour.c module of the Linux kernel’s networking functions allows a hacker to cause a service failure.

The vulnerability of the neighforcedgc function in the net/core/neighbour.c module, which is part of Linux’s kernel-based networking functions, is related to buffer overflows based on a stack. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2025-3538 D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function authasp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within th...

CVE-2025-3538 D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function authasp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within th...

CVE-2025-3538

CVE-2025-3538 affects D-Link DI-8100 (version 16.07.26A1) via the vulnerable jhttpd component: the function in /auth.asp named auth_asp does not properly validate the input length, allowing a stack-based buffer overflow when manipulating the argument callback . Impact is high (confidentiality, in...

Exploit for Stack-based Buffer Overflow in Ivanti Connect_Secure

CVE-2025-22457 CVE-2025-22457: Python Exploit POC Scanner to D...

CVE-2025-3289 Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the manipulation of the pathtoincludes argument. Remediation There is no fixed version for stb. References - GitHub Issue...

CVE-2025-3409 Nothings stb stb_include_string stack-based overflow

A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stbincludestring. The manipulation of the argument pathtoincludes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use...

CVE-2025-3409

CVE-2025-3409 affects the Nothings stb library up to f056911, specifically the function stb_include_string. The vulnerability arises from manipulating the path_to_includes argument, causing a stack-based buffer overflow that can be exploited remotely. The project uses stb without versioning, and ...

CVE-2025-3266 qinguoyi TinyWebServer http_conn.cpp stack-based overflow

A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/httpconn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launch...

CVE-2025-3266 qinguoyi TinyWebServer http_conn.cpp stack-based overflow

A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/httpconn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launch...

CVE-2025-3259 Tenda RX3 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely...