CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-1871 Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...

CVE-2026-10188

A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-10187

A vulnerability was detected in Totolink N300RH 6.1c.1353B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is...

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 - Security Buffer Overflow Quick Usage...

CVE-2026-10047 Out-of-bounds write in Napoca real-mode hook handler via guest-controlled SS:SP (VA-13905)

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

CVE-2026-10047

The CVE-2026-10047 entry describes an out-of-bounds write in Bitdefender Napoca bare-metal hypervisor’s real-mode hook handler (napoca/kernel/handler.c). The vulnerability arises from using a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds check...

EUVD-2026-33944

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

CVE-2026-35717

A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...

SUSE-SU-2026:21980-1 Security update for rsync

This update for rsync fixes the following issues - CVE-2025-10158: Out of bounds array access via negative index bsc1254441. - CVE-2026-29518: Symlink-Race TOCTOU in Daemon use chroot = no bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. -...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write. bsc1266302 Font Alias Stack-based Buffer Overflow. bsc1266294 GLX ChangeDrawableAttributes Out-Of-Bounds...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write. bsc1266302 Font Alias Stack-based Buffer Overflow. bsc1266294 GLX ChangeDrawableAttributes Out-Of-Bounds...

SUSE-SU-2026:2225-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write. bsc1266302 - Font Alias Stack-based Buffer Overflow. bsc1266294 - GLX ChangeDrawableAttributes...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write. bsc1266302 Font Alias Stack-based Buffer Overflow. bsc1266294 GLX ChangeDrawableAttributes Out-Of-Bounds...

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

CVE-2026-10064

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument specialname results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit...

CVE-2026-10179

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

SUSE CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...