CVE-2025-37169

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...

CVE-2025-37169 Stack Overflow Vulnerability in AOS-10 Web-Based Management Interface

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...

CVE-2025-37169

CVE-2025-37169 affects the AOS-10 web-based management interface of a Mobility Gateway; a stack overflow could allow an authenticated attacker to execute arbitrary code as a privileged OS user. Evidence across connected advisories confirms the issue is in ArubaOS (AOS-10) web management, with rem...

CVE-2026-21224

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

CVE-2025-71023

Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-70753

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security5g parameter of the sub4CA50 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-71026

Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-71024

Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-70753

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security5g parameter of the sub4CA50 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-71023

Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-71024

Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-71025

Tenda AX-3 v16.03.12.10CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

Astra Linux – Vulnerability in libxml2

Uncontrolled recursion occurs during XPath evaluation in libxml2, including in versions up to and including 2.9.14. This allows a local attacker to cause a stack overflow through crafted expressions. The XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr reset t...

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick failed to detect circular references between two MVGs, resulting in a stack overflow issue. This is a DoS vulnerability, and any situation that allows reading the mvg...

Astra Linux – Vulnerability in libmodbus

A stack-based buffer overflow vulnerability exists in libmodbus v3.1.10; it allows for the overflow of the buffer allocated for Modbus responses if the function attempts to respond to a Modbus request with an unexpected length...

Astra Linux – Vulnerability in OpenSSL

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData messages with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing a Denial of Service, or potentially remote code execution. When parsing CMS...