PT-2026-30273

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

EUVD-2026-18360

A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function updatepcdb of the file /setup.cgi. The manipulation of the argument macpcdba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the...

CVE-2026-34122

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter,...

CVE-2026-34122

Affected product: TP-Link Tapo C520WS (firmware v2.6). Vulnerability: stack-based buffer overflow in the configuration handling component due to insufficient input validation, triggered by an excessively long configuration parameter value. Impact: Denial of Service (service crash or device reboot...

CVE-2026-5350

CVE-2026-5350 affects Trendnet TEW-657BRM running 1.00.1. The flaw is in function update_pcdb within /setup.cgi, where manipulating the mac_pc_dba argument causes a stack-based buffer overflow. Attack can be launched remotely and the exploit has been released publicly. The vendor notes the produc...

CVE-2026-5349

A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function addapcdb of the file /setup.cgi. The manipulation of the argument macpcdba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be...

CVE-2026-5349 Trendnet TEW-657BRM setup.cgi add_apcdb stack-based overflow

A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function addapcdb of the file /setup.cgi. The manipulation of the argument macpcdba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be...

CVE-2026-5349

Trendnet TEW-657BRM (1.00.1) is affected by CVE-2026-5349 via the function add_apcdb in /setup.cgi. The mac_pc_dba argument manipulation causes a stack-based buffer overflow, and the vulnerability can be triggered remotely. An exploit is publicly available. The vendor notes the product has been d...

CVE-2026-5245

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

DEBIAN-CVE-2026-5245

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

CVE-2026-5245

Cesanta Mongoose up to 7.20 contains a stack-based buffer overflow in the function handle_mdns_record (mongoose.c, mDNS Record Handler) caused by manipulation of the buf argument. Remote exploitation is possible; the exploit is described as difficult with a high attack complexity. A fixed version...

CVE-2026-5245 Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

CVE-2026-5245

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

SUSE CVE-2026-23404

In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for i=...

EUVD-2026-18104

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

EUVD-2026-18098

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

TRENDnet TEW-657BRM 安全漏洞

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. A stack overflow vulnerability exists in the TRENDnet TEW-657BRM addapcdb function, which originates from a misuse of the addapcdb function parameter macpcdba in file /setup.cgi, for which no detailed vulnerability details are available...

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by the TP-Link company. The TP-Link Tapo C520WS v2.6 version has a security vulnerability. This vulnerability stems from insufficient input validation in the configuration processing component, which may lead to a stack buffer overflow, potentiall...

PT-2026-29790

A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add apcdb of the file /setup.cgi. The manipulation of the argument mac pc dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might ...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...