CVE-2026-32928

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

CVE-2026-32928

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

CVE-2026-32925

CVE-2026-32925 affects FUJI Electric V-SFT: stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom for versions

CVE-2026-32925

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

CVE-2026-5204

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

CLSA-2026-1774999144 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDouble functions - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

SUSE-SU-2026:20989-1 Security update for kea

This update for kea fixes the following issues: Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message bsc1260380. Changelog: A large number of bracket pairs in a JSON payload directed to any endpoint would...

CLSA-2026-1774997937 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDouble functions - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

OpenSC: Stack-buffer-overflow WRITE in card-oberthur

...

OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

...

CVE-2026-5156

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mitlinktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. Th...

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities arise from failing to detect or prevent...

PT-2026-29646

CVE-2026-32925 V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary co… https://t.co/5nss7YAOEB...

PT-2026-29649

CVE-2026-32928 V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData:: conv AnimationItem. Opening a crafted V7 file may lead to arbitrary … https://t.co/R460FJw3tQ...

Medium: python

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

Amazon Linux 2 : python, --advisory ALAS2-2026-3218 (ALAS-2026-3218)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3218 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |=...

SUSE SLES15 Security Update : libjxl (SUSE-SU-2026:1154-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1154-1 advisory. This update for libjxl fixes the following issue: - CVE-2024-11498: Resource exhaustion via Stack overflow in libjxl bsc1233785. Tenable has extracted...

SUSE CVE-2025-49010

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

SUSE CVE-2025-66215

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...

CVE-2026-34555

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow SBO in CIccTagFixedNum::GetValues and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a...