33993 matches found
Belkin F9K1122 Stack Buffer Overflow Vulnerability (CNVD-2026-14686)
The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a stack buffer overflow vulnerability, which originates from a misbehavior of the webpage parameter of the function formReboot in the file /goform/formReboot, that can be exploited by an attacker to execute arbitrary co...
PT-2026-26312
A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc PKCS7 BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available spa...
PX4-Autopilot 安全漏洞
PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions of PX4-Autopilot prior to 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities were caused by a stack-based buffer overflow issue in the MavlinkLogHandler, which could potentially allow attackers to...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from a stack buffer overflow in the PKCS7 SignedData encoding function. When...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US-based wolfSSL company, designed for developers working with embedded systems. Version 5.8.4 of wolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from a stack buffer overflow issue in...
OpenWrt 安全漏洞
OpenWrt is an open-source Linux operating system designed for embedded devices. Versions prior to OpenWrt 24.10.6 and 25.12.1 contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the matchipv6addresses function of the mdns daemon, which could lead to...
Important: libtiff
Issue Overview: libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c. CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. CVE-2025-61144 Affected Packages: libtiff...
Important: compat-libtiff3
Issue Overview: libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c. CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. CVE-2025-61144 Affected Packages:...
PT-2026-26380
Name of the Vulnerable Software and Affected Versions OpenWrt Project versions prior to 24.10.6 and versions prior to 25.12.1 Description The OpenWrt Project, a Linux operating system for embedded devices, is affected by a Stack-based Buffer Overflow in the mdns daemon. The issue resides within t...
ROS-20260319-73-0036
Vulnerability in vim related to stack buffer overflow. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2026-1641)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : libtiff, --advisory ALAS2-2026-3196 (ALAS-2026-3196)
The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3196 advisory. libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c...
CVE-2026-32743
PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses...
CVE-2026-32743
PX4 Autopilot versions 1.17.0-rc2 and earlier are affected by a Stack-based Buffer Overflow in the MAVLink log request handling via MavlogHandler. The LogEntry.filepath buffer is 60 bytes, and paths are parsed with sscanf without a width specifier, allowing overflow when a longer path is provided...
CVE-2026-32886
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype...
CVE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype...
CVE-2026-32886
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype...
CVE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype...
CVE-2026-32886
Parse Server (Node.js) is affected by CVE-2026-32886 through a cloud function dispatch crash caused by an attacker-controlled function name traversing the JavaScript prototype chain of a registered cloud function handler, leading to a stack overflow. The root cause is prototype chain traversal du...
CVE-2026-32886 Parse Server's Cloud function dispatch crashes server via prototype chain traversal
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype...