33984 matches found
CVE-2026-40489
editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...
CVE-2026-40324
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...
JLSEC-2026-154
Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file...
CVE-2026-26951
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this...
CVE-2026-26951
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this...
CVE-2026-26951
CVE-2026-26951 affects Dell PowerProtect Data Domain. The advisory states a stack-based buffer overflow in the product affecting: 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The vulnerability could be exploited by a high-privilege attacker with local access to achieve a...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. CVE-2026-28494: missing bounds checks in the morphology...
SUSE-SU-2026:1497-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the...
Security update for opensc
This update for opensc fixes the following issues: CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds heap...
SUSE-SU-2026:1477-1 Security update for opensc
This update for opensc fixes the following issues: - CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. - CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds he...
EUVD-2026-23786
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
curl: Stack exhaustion in MIME multipart reading with deeply nested subparts
Summary: The MIME read path uses mutually recursive helpers for nested multipart structures without enforcing a recursion depth limit. A sufficiently deep tree of nested curlmimesubparts objects causes stack exhaustion when libcurl starts reading the MIME body. The attached PoC builds a deeply...
CVE-2026-6643 A stack-based buffer overflow vulnerability in the VPN Clients on the ADM
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
CVE-2026-6643
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
CVE-2026-6643
ASUSTOR ADM VPN clients (ADM 4.1.0–4.3.3.RR42 and 5.0.0–5.1.2.REO1) are affected by CVE-2026-6643 due to a stack-based buffer overflow caused by unbounded sscanf() and passing user-controlled data to printf() in vpnupload.cgi (upload_wireguard). The vulnerability can lead to code execution as the...
EUVD-2026-23747
SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device...
Silex SD-330AC和Silex AMC Manager 安全漏洞
Both the Silex SD-330AC and Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management of...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.6 of Dell PowerProtect Data Domain, as well as in LTS2025 versions 8.3.1.0 to 8.3.1.20 a...
PT-2026-33693
Name of the Vulnerable Software and Affected Versions SD-330AC affected versions not specified AMC Manager affected versions not specified Description SD-330AC and AMC Manager contain a stack-based buffer overflow in the redirect handler. This issue occurs during the processing of redirect URLs,...
PT-2026-46938
Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A stack-based buffer overflow occurs because the X server utilizes multiple stack buffers sized by XkbMaxShiftLevel XkbNumKbdGroups, but the...