SUSE CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

CVE-2026-29972

nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recvreadregistersres in nanomodbus.c. When a client calls nmbsreadholdingregisters or nmbsreadinputregisters, the library writes register data from the server response to the caller-provided buffer based on the response's bytecount...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an error in the bin2hex parameter in the q54sj108a2debugfsread function, which leads to a stack buffer...

PT-2026-38866

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

PT-2026-39041

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The q54sj108a2 debugfs read function contains a stack buffer overflow. This occurs because incorrect arguments are passed to the bin2hex function, where the destination and source buffer...

CVE-2026-29974

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

PT-2026-38665

Name of the Vulnerable Software and Affected Versions Tenda CX12L version 16.03.53.12 Description A stack-based buffer overflow occurs in the formSetPPTPServer function within the '/goform/SetPptpServerCfg' file. This issue allows for remote execution of an attack. Recommendations At the moment,...

CVE-2026-29972

nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recvreadregistersres in nanomodbus.c. When a client calls nmbsreadholdingregisters or nmbsreadinputregisters, the library writes register data from the server response to the caller-provided buffer based on the response's bytecount...

CVE-2026-42241

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

CVE-2026-42241

ParquetSharp (a .NET library for Parquet) has a vulnerability in DecimalConverter.ReadDecimal from 18.1.0 up to before 23.0.0.1 where a stackalloc is performed using an attacker‑supplied width, allowing stack overflow if a decimal column width is unreasonably large. In a service environment, this...

CVE-2026-42241 ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

EUVD-2026-28430

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

CVE-2026-42241

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

CVE-2026-42241 ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this...

JLSEC-2026-485

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function...

CVE-2026-42482

A flaw was found in hashcat. A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or...

Uncontrolled Recursion

@nestjs/microservices is vulnerable to Uncontrolled Recursion. The vulnerability is due to recursive processing of multiple JSON messages in a single TCP frame without proper recursion limits, which allows an attacker to trigger a stack overflow and crash the application...

CLSA-2026-1778142360 jq: Fix of 2 CVEs

CVE-2026-33947: limit path depth in jvsetpath, jvgetpath, and jvdelpaths to prevent stack overflow from deep path arrays - CVE-2026-33948: remove strlen-based length calculation that truncated JSON input at embedded NUL bytes, preventing parser-differential attacks...

CLSA-2026-1778128255 wireshark: Fix of 8 CVEs

CVE-2022-0585: fix large/infinite loops in multiple dissectors AMP, ATN-ULCS, BP, GDSDB, PMUL, WAP, ZigBee ZCL, OpenFlow v5/v6, IPDC, TDS, ASN.1 PER, FTUINTBYTES/STRING - CVE-2022-4344: fix Kafka dissector memory exhaustion via decompression/loop bounds - CVE-2023-0666: fix RTPS dissector...

CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...