CVE-2026-22212 TinyOS <= 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio

TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy and strcat functions when constructing device paths during automatic device discovery. A local attacker can exploit this by...

CVE-2026-22212

CVE-2026-22212 concerns TinyOS up to 2.1.2, where the mcp2200gpio utility is vulnerable to a stack-based buffer overflow. The root cause is unsafe use of strcpy() and strcat() when constructing device paths during automatic device discovery, allowing a local attacker to craft filenames under /dev...

Remote Code Execution (RCE)

pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe path construction in the addcrypted endpoint via the package parameter, which allows unauthenticated attackers to write arbitrary files outside the designated directory, enabling privilege escalation and remot...

The vulnerability of the HttpServletRequest.getParameter() function in the centralized multimedia content management system MagicINFO 9 allows a hacker to execute arbitrary code.

The vulnerability of the HttpServletRequest.getParameter function in the MagicINFO 9 centralized multimedia content management system is related to the improper creation of a file system path by combining a permanent directory, a temporary marker, and the fileName parameter. Exploiting this...