CVE-2026-27014

CVE-2026-27014 affects NanaZip’s ROMFS archive parser. From the provided records, versions before 6.0.1630.0 (specifically starting 5.0.1252.0 up to

CVE-2026-27014 NanZip has ROMFS Archive Infinite Loop / Stack Overflow

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular NextOffset chains cause an infinite loop, and deeply nested directories cause unbounded recursion stack overflow in the ROMFS archive parser. Version 6.0.1630.0 patches the issue...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection bsc1257440. CVE-2026-1761: Check length of bytes read in soupfilterinputstreamreaduntil to avoid a stack-based buffer overflow...

PJSIP 资源管理错误漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Prior to PJSIP version 2.17, there was a resource management vulnerability. This vulnerability stemmed from t...

openSUSE 15 Security Update : libxml2 (SUSE-SU-2026:0570-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0570-1 advisory. - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc125681...

CVE-2019-25357

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler SEH. Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute...

CVE-2019-25357 Control Center PRO 6.2.9 - Local Stack Based BufferOverflow

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler SEH. Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute...

CVE-2019-25357

CVE-2019-25357 affects Control Center PRO 6.2.9. A stack-based buffer overflow in the user creation module’s username field allows overwriting the Structured Exception Handler (SEH). An attacker can craft a payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on ...

CVE-2019-25357 Control Center PRO 6.2.9 - Local Stack Based BufferOverflow

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler SEH. Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute...

CVE-2026-2657

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wrencompiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclos...

CVE-2026-2657 wren-lang wren Error Message wren_compiler.c printError stack-based overflow

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wrencompiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclos...

CVE-2026-2657

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wrencompiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclos...

CVE-2026-2657

CVE-2026-2657 affects the Wren language (wren) up to version 0.4.0. The vulnerability is in the function printError within src/vm/wren_compiler.c of the Error Message Handler, where manipulation can cause a stack-based buffer overflow. The advisory notes a local attack vector and that an exploit ...

CVE-2026-2657 wren-lang wren Error Message wren_compiler.c printError stack-based overflow

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wrencompiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclos...

MGASA-2026-0042 Updated vim packages fix security vulnerability

Vim has a Netbeans specialKeys Stack Buffer Overflow. CVE-2026-26269...

Updated vim packages fix security vulnerability

Vim has a Netbeans specialKeys Stack Buffer Overflow. CVE-2026-26269...

CVE-2026-2329

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...

CVE-2026-2329 Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Overview Rapid7 Labs conducted a zero-day research project against the Grandstream GXP1600 series of Voice over Internet Protocol VoIP phones. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-2329. A remote attacker can...

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...