CVE-2026-4861

CVE-2026-4861 affects Wavlink WL-NU516U1 (260227) via the /cgi-bin/nas.cgi, function ftext. The issue arises from manipulating the Content-Length argument, triggering a stack-based buffer overflow. Exploitation is remote and public, with a proof-of-concept in CVSS data. Impact indicators show hig...

bpf: Fix stack-out-of-bounds write in devmap

...

CVE-2026-4747

Each RPCSECGSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not...

CVE-2026-4747

Each RPCSECGSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not...

Security update for vim

This update for vim fixes the following issues: Update Vim to version 9.2.0110: CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip bsc1246602. CVE-2026-26269: Netbeans specialKeys stack buffer overflow bsc1258229. CVE-2026-28417: crafted URL parsed by netrw plugin can...

PT-2026-28666

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the function formQuickIndex located in the file /goform/QuickIndex within the POST Request Handler component. Manipulation of the PPPOEPassword argument can lead to a stack-based buffe...

PT-2026-28323

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. A flaw exists in IsoMux certificate filename handling due to an off-by-one check. This can lead to a stack-based buffer overflow when a filename length...

PT-2026-28328

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Prior to version 2026.02.0, the HomeplugMessage::setup payload function trusts the len variable after an assert check. In release builds, this check is...

PT-2026-28665

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the Tenda AC5 version 15.03.06.47 device. This issue is located within the POST Request Handler component, specifically in the fromAddressNat function of the /goform/addressNat file...

EVerest 安全漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained security vulnerabilities. These vulnerabilities stemmed from a minor error in the handling of the IsoMux certificate file name, which could lead to stack...

EVerest 安全漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained security vulnerabilities. These vulnerabilities were caused by stack buffer overflows during CAN interface initialization, which could lead to stack data...

Zen C 缓冲区错误漏洞

Zen C is a modern system programming language developed by z-libs. Versions of Zen C prior to 0.4.4 contained a buffer error vulnerability. This vulnerability stemmed from a stack-based buffer overflow in the compiler, which could lead to compiler crashes or the execution of arbitrary code...

Tenda AC5 安全漏洞

Tenda AC5 is a wireless router produced by the Chinese company Tenda. Version 15.03.06.47 of Tenda AC5 contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “page” in the file/goform/addressNat component’s POST Request Handler, which may lead to a...

Tenda AC5 安全漏洞

Tenda AC5 is a wireless router produced by the Chinese company Tenda. Version 15.03.06.47 of Tenda AC5 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters “PPPOEPassword” in the file/goform/QuickIndex component of the POST Request Handler, which may...

WAVLINK WL-NU516U1 安全漏洞

WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The WAVLINK WL-NU516U1 260227 version contains a security vulnerability. This vulnerability stems from incorrect handling of the Content-Length parameter in the function ftext located in the /cgi-bin/nas.cgi file. It...

FreeBSD Security Advisory - FreeBSD-SA-26:08.rpcsec_gss

FreeBSD Security Advisory - Each RPCSECGSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow...

PT-2026-28667

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the Tenda AC5 version 15.03.06.47. This issue is located within the formSetCfm function of the /goform/setcfm file, part of the POST Request Handler component. Manipulation of the...

YAML 安全漏洞

YAML is a parsing and serialization library developed by Eemeli Aro, which supports YAML 1.1 and 1.2 standards. Versions of YAML prior to 1.10.3 and 2.8.3 contain security vulnerabilities. These vulnerabilities stem from the use of depth-limited recursive function calls during node...

FreeBSD-SA-26:08.rpcsec_gss

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:08.rpcsecgss Security Advisory The FreeBSD Project Topic: Remote code execution via RPCSECGSS packet validation Category: core Module: rpcsecgss Announced:...

GHSA-V3RJ-XJV7-4JMQ smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...