CVE-2025-14992

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the...

CVE-2025-14992 Tenda AC18 HTTP Request GetParentControlInfo strcpy stack-based overflow

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the...

CVE-2025-14992

CVE-2025-14992 affects Tenda AC18 firmware 15.03.05.05. The vulnerability is a stack-based overflow in the HTTP Request Handler’s GetParentControlInfo, caused by unsafe handling of the mac argument in strcpy. Remote exploitation is possible and exploits have been publicly disclosed. Public source...

OSV-2025-1001 Dynamic-stack-buffer-overflow in _ox_err_set_with_location

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=470447384 Crash type: Dynamic-stack-buffer-overflow READ 1 Crash state: oxerrsetwithlocation readtext readelement...

Tenda AC18 安全漏洞

Tenda AC18 is a router from Tenda China. A security vulnerability exists in Tenda AC18 version 15.03.05.05, which originates from an improper handling of the parameter mac in the strcpy function of the file /goform/GetParentControlInfo in the component HTTP Request Handler, which may result in a...

Tenda FH1206和Tenda FH1201 安全漏洞

The Tenda FH1206 and Tenda FH1201 are both wireless routers from Tenda China. A security vulnerability exists in the Tenda FH1206 and Tenda FH1201 versions 1.2.0.14408 and 1.2.0.88155, which originates from the handling of the parameter webSiteId by the strcat function in the file...

PT-2025-52600

Name of the Vulnerable Software and Affected Versions Tenda WH450 version 1.0.0.18 Description A security issue exists in Tenda WH450 version 1.0.0.18 related to a stack-based buffer overflow. The issue is located within the HTTP Request Handler component, specifically in the file /goform/L7Im...

Tenda AC18 安全漏洞

Tenda AC18 is a router from Tenda China. A security vulnerability exists in Tenda AC18 version 15.03.05.05, which originates from the improper handling of the parameter scanList in the sprintf function of file /goform/SetDlnaCfg in the component HTTP Request Handler, which could result in a stack...

SUSE CVE-2025-34450

merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...

CVE-2025-8065

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP reque...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libxml2 (UTSA-2025-991295)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991295 advisory. Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPa...

CVE-2025-34450

merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...

EUVD-2025-204612

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

CVE-2025-14964

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

CVE-2025-14964

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

CVE-2025-14964 TOTOLINK T10 cstecgi.cgi sprintf stack-based overflow

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

CVE-2025-14964 TOTOLINK T10 cstecgi.cgi sprintf stack-based overflow

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote...

CVE-2025-14879

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssidindex causes stack-based buffer overflow. It is possible to initiate the attack remotely. The explo...

CVE-2025-14878

A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit...

CVE-2025-34451

A flaw was found in proxychains-ng. An attacker can exploit a stack-based buffer overflow vulnerability in the proxyfromstring function by providing crafted proxy configuration entries containing overly long username or password fields. This can lead to memory corruption or application crashes,...