OESA-2026-1219 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 & 12.1 used by IBM® Db2® Big SQL 7 & 8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...

Stack Overflow

ImageMagick is vulnerable to a stack overflow. The vulnerability is due to infinite recursion in the MSL Magick Scripting Language command when writing to MSL format, which allows an attacker to trigger a stack overflow and cause a denial-of-service condition...

CVE-2026-0792

ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

SUSE CVE-2026-24006

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

ALGO 8180 IP Audio Alerter security vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a security vulnerability. This vulnerability stems from the lack of data length verification when processing SIP INVITE requests using the Replaces header, which may lead to stack buffer...

CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

CVE-2025-68137

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...

CVE-2025-69764

Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution...

CVE-2026-1329

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

CVE-2026-1329

CVE-2026-1329 affects Tenda AX1803, v1.0.0.1. A stack-based buffer overflow exists in the fromGetWifiGuestBasic function in /goform/WifiGuestSet. Attackers can remotely manipulate arguments such as guestWrlPwd, guestEn, guestSsid, hideSsid, and guestSecurity to trigger the overflow. Exploitation ...

CVE-2026-1329

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

CVE-2026-1329 Tenda AX1803 WifiGuestSet fromGetWifiGuestBasic stack-based overflow

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

SUSE-SU-2026:0224-1 Security update for libtasn1

This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in asn1expendoctetstring bsc1256341...

CVE-2026-24006

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

CVE-2026-24006

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

CVE-2025-70645

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-70644

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub60CFC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-70650

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-70648

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security5g parameter of the sub727F4 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...