PT-2026-35929

Name of the Vulnerable Software and Affected Versions Text::CSV XS versions prior to 1.62 Description A use-after-free issue exists when registered callbacks extend the Perl argument stack, potentially leading to type confusion or memory corruption. The Parse, print, getline, and getline all...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015461)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015461 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick...

PT-2026-36012

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 15.0-RELEASE-p7 FreeBSD versions prior to 14.4-RELEASE-p3 FreeBSD versions prior to 14.3-RELEASE-p12 FreeBSD versions prior to 13.5-RELEASE-p13 FreeBSD versions from 2013 through 13.4.x Description An operator...

Text::CSV_XS -- CWE-825 Expired Pointer Dereference

H.Merijn Brand - Tux reports: Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example...

FreeBSD -- Stack overflow via select() file descriptor set overflow

Problem Description: When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. Impact: An attacker who is able to force a libnv applicati...

FreeBSD -- pf can overflow the stack parsing crafted SCTP packets

Problem Description: Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Impact: Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libtiff (UTSA-2026-014369)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014369 advisory. libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. Tenable has extracted the preceding description block...

CLSA-2026-1777396174 perl-XML-Parser: Fix of CVE-2006-10003

CVE-2006-10003: fix off-by-one heap buffer overflow in stserialstack growth check in Expat/Expat.xs startElement; also backport upstream follow-up 2abd177 to initialize stserialstacksize=1024 after allocation...

JLSEC-2026-282

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4getatt called from nc4getatttc and ncgetatttext and in uffdcleanup called from netCDFDataset::netCDFDataset and netCDFDataset::netCDFDataset...

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the skip function. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers deep recursion. Remediation Upgrade...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the dispatch process. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers excessive recursive calls...

Kea: Kea: Denial of Service via maliciously crafted message

A flaw was found in Kea. A remote attacker can send a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener. This can cause a stack overflow error, leading to the daemon exiting and resulting in a Denial of...

CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41606

CVE-2026-41606 describes an Uncontrolled Recursion vulnerability in Apache Thrift affecting versions prior to 0.23.0 . The issue is triggered in the Thrift stack (specific component/file not disclosed in the provided documents) and can be remedied by upgrading to 0.23.0 or later. The available so...

Exploit for Stack-based Buffer Overflow in Asustor Data_Master

CVE-2026-6643 — ASUSTOR ADM 5.1.2 RCE Format String CWE-134...

PT-2026-45096

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-432BRP version 3.10B20 Description A stack-based buffer overflow occurs due to the manipulation of the filter name argument within the formSetMACFilter function located in the /goform/formSetMACFilter file. This allows for remote...

Cista 代码问题漏洞

Cista is a C++ data serialization and reflection tool developed by Felix Gündling. Versions of Cista prior to 0.15 contained code vulnerabilities. These vulnerabilities stemmed from unsafe deserialization of untrusted inputs, which could lead to stack address leaks and bypassing ASLR protection...

EUVD-2025-209582

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...