37 matches found
CVE-2026-35716
A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...
CVE-2026-35717
A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...
PT-2026-45775
Name of the Vulnerable Software and Affected Versions VIVOTEK FD8136 version FD8136-VVTK-0300a Description A stack-based buffer overflow occurs in the motion privacy.cgi binary. Authenticated remote attackers can execute arbitrary code with root privileges by sending an oversized n1 parameter in ...
CVE-2026-35717
A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...
CVE-2026-35716
A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...
CVE-2026-35717
CVE-2026-35717 affects VIVOTEK FD8136 firmware FD8136-VVTK-0300a, specifically the export_language.cgi endpoint. The vulnerability is a stack-based buffer overflow where the handler passes the attacker-controlled Content-Length value directly to fread() as the read size into a fixed-size 0x60-byt...
CVE-2026-37530
AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3...
Defending Buffer Overflows in WebAssembly: A Transpiler Approach
WebAssembly is quickly becoming a popular compilation target for a variety of code. However, vulnerabilities in the source languages translate to vulnerabilities in the WebAssembly binaries. This work proposes a methodology and a WebAssembly transpiler to prevent buffer overflows in the unmanaged...
SUSE CVE-2025-68670
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...
UBUNTU-CVE-2025-68670
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000898)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000898 advisory. The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002680)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002680 advisory. The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...
EUVD-2023-47228
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-1000410
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...
CVE-2023-42801
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...
Exploit for CVE-2025-29329
CVE-2025-29329 - Sagemcom F@st 3686 ippprint Buffer Overflow R...
Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks
Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband i.e., modem refers to a processor on the device that's responsible for handling all connectivity, su...
CVE-2020-8006
The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In...
CVE-2020-8006
The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In...
CVE-2023-42801
Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...