Buffer Overflow

CVE-2026-24085 is a memory corruption vulnerability due to improper initialization of a variable when processing display command line information, potentially leading to a stack-based buffer overflow (CWE-121) and allowing a privileged attacker to achieve code execution.

A stack-based buffer overflow vulnerability (CVE-2026-10292) exists in the strcpy function of /goform/formTaskEdit in UTT HiPER 1200GW up to version 2.5.3-170306, allowing for remote code execution.

A stack-based buffer overflow vulnerability (CVE-2026-10293) exists in UTT HiPER 1200GW up to version 2.5.3-170306 due to the strcpy function in /goform/formFireWall, allowing remote exploitation via manipulation of the Profile argument.

Arm Whois 3.11 contains a buffer overflow vulnerability (CVE-2018-25432) that allows local attackers to execute arbitrary code by overwriting the structured exception handler via a crafted input file.

Arm Whois 3.11 is vulnerable to a stack-based buffer overflow (CVE-2018-25427) allowing remote attackers to execute arbitrary code by providing oversized input to the IP address or domain field.

A stack-based buffer overflow vulnerability (CVE-2026-10123) exists in TRENDnet TEW-432BRP version 3.10B20 within the formSetDomainFilter function, allowing a remote attacker to execute arbitrary code by manipulating specific arguments in a request to /goform/formSetDomainFilter.

A stack-based buffer overflow vulnerability (CVE-2026-10125) exists in the formPPPoESetup function of the /goform/formPPPoESetup file in Edimax BR-6478AC version 1.23, allowing a remote attacker to execute arbitrary code by manipulating the pppUserName argument in a POST request; a public exploit is available.

A stack-based buffer overflow vulnerability exists in Shibby Tomato up to version 1.28 in the rip_zebra_read_ipv4 function within the /usr/sbin/ripd component (Zserv Handler), allowing a remote attacker to execute arbitrary code.

WinMTR 0.91 is vulnerable to a denial-of-service attack where a malformed payload file containing a buffer overflow can crash the application (CVE-2018-25426).

TRENDnet TEW-432BRP version 3.10B20 is vulnerable to a stack-based buffer overflow via manipulation of the ip/mask/gateway arguments in the formSetRoute function of the /goform/formSetRoute file, enabling remote attackers to potentially execute arbitrary code.

CVE-2026-46072 is a buffer boundary check vulnerability in ntfs3 affecting an unspecified Microsoft product, requiring further investigation upon patch application to understand exploitation vectors and develop detections.

IBM Aspera High-Speed Transfer Endpoint and Server 3.7.4 through 4.4.7 Fix Pack 1 are vulnerable to a buffer overflow in the asperahttpd component, potentially allowing an authenticated user to execute arbitrary code.

IBM Aspera High-Speed Transfer Endpoint and Server are vulnerable to a buffer overflow in the asperahttpd component, potentially leading to denial of service, authentication bypass, or remote code execution.

A buffer overflow vulnerability exists in the AdminCenter component of Synology BeeStation Manager (BSM) and BeeStation OS before version 1.3.2-65648, allowing remote attackers to execute arbitrary code through unspecified vectors (CVE-2025-12686).

IBM HTTP Server 8.5 and 9.0 are vulnerable to a heap-based buffer overflow, allowing a privileged, authenticated user to execute arbitrary code or cause a denial of service.

A stack-based buffer overflow vulnerability (CVE-2026-9481) exists in the formStats function of the /goform/formStats file in Edimax EW-7438RPn version 1.31, allowing a remote attacker to execute arbitrary code by manipulating the submit-url argument.

Edimax EW-7438RPn version 1.31 is vulnerable to a stack-based buffer overflow (CVE-2026-9462) in the `formWpsProxyEnable` function of `/goform/formWpsProxyEnable`, triggered by manipulating the `submit-url` argument, allowing remote attackers to execute arbitrary code; a public exploit is available.

Flash Slideshow Maker Professional 5.20 is vulnerable to a buffer overflow in the registration dialog, allowing local attackers to execute arbitrary code with system privileges by exploiting structured exception handling and crafting a malicious payload for the Name and Code fields.

Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability (CVE-2018-25376) in the registration dialog, allowing local attackers to execute arbitrary code by overwriting the SEH chain.

SocuSoft iPod Photo Slideshow 8.05 contains a stack-based buffer overflow vulnerability (CVE-2018-25375) in the registration dialog, allowing a local attacker to execute arbitrary code by overwriting the structured exception handler via crafted input.

SocuSoft DVD Photo Slideshow Professional 8.07 is vulnerable to a stack-based buffer overflow (CVE-2018-25373) in the registration name field, allowing local attackers to execute arbitrary code by exploiting structured exception handling.

CuteFTP 5.0 XP is vulnerable to a buffer overflow (CVE-2018-25366), allowing local attackers to execute arbitrary code by injecting a malicious payload into the Site Manager label field.

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability (CVE-2018-25360) in the Trace Route host name field, allowing local attackers to execute arbitrary code by triggering structured exception handling.

A stack-based buffer overflow vulnerability (CVE-2026-9459) exists in the formConnectionSetting function of /goform/formConnectionSetting in Edimax EW-7438RPn 1.31, allowing a remote attacker to execute arbitrary code by manipulating the max_Conn/timeOut arguments, with a public exploit available.

A remote stack-based buffer overflow vulnerability (CVE-2026-9431) exists in the fromPptpUserAdd function of the /goform/PptpUserAdd file in Tenda F1202 firmware version 1.2.0.20(408), allowing unauthenticated attackers to potentially execute arbitrary code.

A stack-based buffer overflow vulnerability (CVE-2026-9430) exists in Tenda F1202 version 1.2.0.20(408) due to manipulation of the 'dips' argument in the 'formGstDhcpSetSer' function of '/goform/GstDhcpSetSerof', allowing remote code execution.

A stack-based buffer overflow vulnerability exists in Edimax EW-7438RPn version 1.31 in the formHwSet function of the /goform/formHwSet file, which can be triggered by manipulating the Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url argument, potentially leading to remote code execution.

A buffer overflow vulnerability (CVE-2026-9393) exists in the Edit_BasicSSID_5G function of H3C Magic B0 devices up to version 100R002, allowing remote attackers to execute arbitrary code by manipulating the 'param' argument in the /goform/aspForm file.

A remote buffer overflow vulnerability (CVE-2026-9381) exists in the `formPPPoESetup` function of the Edimax BR-6675nD 1.12 router's web management interface, allowing unauthenticated attackers to potentially execute arbitrary code by manipulating the `pppUserName` argument in a POST request.

SIPp 3.6 and earlier contains a local buffer overflow vulnerability (CVE-2018-25356) in command-line argument handling, allowing local attackers to potentially crash the application or execute arbitrary code by supplying oversized input to the -3pcc, -i, or -log_file parameters.

Audiograbber 1.83 contains a local buffer overflow vulnerability (CVE-2018-25355) allowing attackers to execute arbitrary code by exploiting structured exception handling mechanisms through crafted input in the Interpret or Album fields.

A buffer overflow vulnerability exists in 10-Strike Network Scanner 3.0, allowing attackers to bypass SafeSEH protections and execute arbitrary code by crafting a malicious payload in the host name or address field and triggering the vulnerability through the Trace route or System information functions.

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code via SEH overwrite.

A buffer overflow vulnerability (CVE-2026-9294) exists in the formWanTcpipSetup function of the /goform/formWanTcpipSetup file in Edimax BR-6428NS 1.10, which can be triggered by a remote attacker manipulating the pppUserName argument via a POST request, potentially leading to arbitrary code execution.

Multiple buffer overflow vulnerabilities in ABB Terra AC Wallbox versions <=1.8.33, exploitable via Bluetooth hijacking, could allow an attacker to remotely control the device and alter its firmware.

A heap-based buffer overflow vulnerability exists in MediaArea MediaInfoLib's handling of LXF elements, potentially leading to arbitrary code execution when processing maliciously crafted media files; assigned CVE-2026-28764, CVSS 7.8.

CVE-2008-4250 is a buffer overflow vulnerability in the Microsoft Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request during path canonicalization.

A remote buffer overflow vulnerability exists in the UpdateWanParams function of the /goform/aspForm file in H3C Magic B3 devices up to version 100R002, which can be exploited by manipulating the 'param' argument, leading to potential remote code execution.

VX Search 10.6.18 contains a local buffer overflow vulnerability (CVE-2018-25328) that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field, leading to arbitrary code execution with application privileges.

Allok Fast AVI MPEG Splitter 1.2 is vulnerable to a stack-based buffer overflow, allowing local attackers to execute arbitrary code by providing a malicious license name string containing a crafted payload, leading to code execution with application privileges.

CVE-2026-0250 is a medium severity buffer overflow vulnerability in Palo Alto Networks GlobalProtect App that could allow a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges by intercepting and manipulating requests and responses between the Portal and Gateway.

CVE-2026-40399 is a stack-based buffer overflow vulnerability in the Windows TCP/IP stack, allowing an authenticated local attacker to elevate privileges.

CVE-2026-40377 is a heap-based buffer overflow vulnerability in Windows Cryptographic Services, allowing an authorized local attacker to elevate privileges.

CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon that allows an unauthorized attacker to execute arbitrary code over a network.

CVE-2026-35420 is a heap-based buffer overflow vulnerability in the Windows Kernel that allows an authorized local attacker to elevate privileges.

Adobe Illustrator versions 29.8.6, 30.3 and earlier are affected by a heap-based buffer overflow vulnerability (CVE-2026-34687) that can lead to arbitrary code execution if a user opens a malicious file.

CVE-2026-33837 is a heap-based buffer overflow vulnerability in the Windows TCP/IP stack that allows an authenticated local attacker to elevate privileges.

A buffer overflow vulnerability in Zyxel NWA1100-N firmware allows a remote attacker to cause a denial-of-service by sending a crafted HTTP request to the webs binary.

D-Link DCS-935L devices up to version 1.10.01 are vulnerable to a remote buffer overflow (CVE-2026-8260) in the HNAP service that can be triggered by manipulating the AdminPassword argument in the SetDeviceSettings function.

A stack-based buffer overflow vulnerability (CVE-2026-8234) exists in EFM ipTIME A8004T version 14.18.2, allowing remote attackers to execute arbitrary code by manipulating the security_5g argument in the formWifiBasicSet function.

CVE-2026-6665 is a buffer overflow vulnerability in the PgBouncer's SCRAM implementation that could lead to remote code execution.

A stack-based buffer overflow vulnerability exists in Dronecode PX4 Autopilot versions up to and including 1.17.0-rc2 that allows an attacker with MAVLink link access to cause a denial of service by creating a deeply nested directory via MAVLink FTP and then requesting the log list, crashing the MAVLink task.

A buffer overflow vulnerability (CVE-2026-8137) exists in the Totolink X5000R router version 9.1.0u.6369_B20230113, allowing remote attackers to execute arbitrary code via manipulation of the 'submit-url' argument in the /boafrm/formDdns file.

Tenda CX12L router version 16.03.53.12 is vulnerable to a stack-based buffer overflow in the formSetPPTPServer function of /goform/SetPptpServerCfg, allowing remote attackers to execute arbitrary code.

A buffer overflow vulnerability exists in D-Link DI-8100 version 16.07.26A1 affecting the Web Management Interface component via manipulation of the Name argument in the /url_member.asp file, enabling a remote attacker to potentially execute arbitrary code; an exploit is publicly available.

A remote buffer overflow vulnerability exists in the sprintf function of the /user_group.asp file within the CGI Handler component of D-Link DI-8100 version 16.07.26A1, potentially leading to arbitrary code execution.

A stack-based buffer overflow vulnerability exists in D-Link DI-8100 with firmware version 16.07.26A1, affecting the sprintf function in the yyxz.asp file; manipulation of the ID argument can lead to remote exploitation.

CVE-2026-25293 is a critical buffer overflow vulnerability in Qualcomm PLC FW due to incorrect authorization, potentially allowing unauthorized access and control over programmable logic controllers.

A buffer overflow vulnerability exists in Totolink N300RH version 3.2.4-B20220812, specifically affecting the setWanConfig function within the /cgi-bin/cstecgi.cgi file, allowing a remote attacker to exploit it by manipulating the priDns argument in a POST request.

A buffer overflow vulnerability exists in Totolink N300RH 3.2.4-B20220812 allowing remote attackers to execute arbitrary code by manipulating the mac_address argument in the setMacFilterRules function of the /cgi-bin/cstecgi.cgi POST request handler.

A remote buffer overflow vulnerability exists in osrg GoBGP up to version 4.3.0 within the PathAttributeAigp.DecodeFromBytes function, allowing attackers to potentially execute arbitrary code by manipulating the AIGP Attribute Parser.

A buffer overflow vulnerability exists in Totolink WA300 version 5.2cu.7112_B20190227 within the loginauth function of the /cgi-bin/cstecgi.cgi file, specifically affecting the POST Request Handler component, triggerable via manipulation of the http_host argument, and remotely exploitable with a publicly available exploit.

A remote buffer overflow vulnerability exists in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file in the POST Request Handler component of Totolink WA300 version 5.2cu.7112_B20190227, which can be exploited by manipulating the File argument.

A remote buffer overflow vulnerability exists in Edimax BR-6428nC devices up to version 1.16 via manipulation of the pptpDfGateway argument in the /goform/setWAN file, potentially allowing for arbitrary code execution.

A buffer overflow vulnerability exists in Edimax BR-6208AC devices (<= 1.02) via manipulation of the pptpDfGateway argument in the /goform/setWAN endpoint, potentially allowing remote attackers to execute arbitrary code.

A buffer overflow vulnerability exists in Shenzhen Libituo Technology LBT-T300-HW1 version 1.2.8 and earlier, allowing remote attackers to execute arbitrary code by manipulating the Channel/ApCliSsid argument in the start_lan function of the /apply.cgi file.

A buffer overflow vulnerability (CVE-2026-7674) exists in the Web Management Interface of Shenzhen Libituo Technology LBT-T300-HW1 devices, allowing remote attackers to execute arbitrary code by manipulating the vpn_pptp_server or vpn_l2tp_server arguments in the start_single_service function.

A buffer overflow vulnerability exists in TRENDnet TEW-821DAP version 1.12B01, allowing a remote attacker to execute arbitrary code by manipulating the 'str' argument in the auto_update_firmware function of the Firmware Update component.

A buffer overflow vulnerability exists in UTT HiPER 1200GW devices up to version 2.5.3-170306, stemming from manipulation of the `strcpy` function in the `/goform/formRemoteControl` file, which allows remote attackers to execute arbitrary code.

A buffer overflow vulnerability (CVE-2026-7503) exists in code-projects Plugin 4.1.2cu.5137, allowing a remote attacker to execute arbitrary code by manipulating the 'wepkey2' argument in the 'setWiFiMultipleConfig' function of the '/lib/cste_modules/wireless.so' library, posing a critical risk due to publicly available exploits.

A remote stack-based buffer overflow vulnerability exists in the Tenda 4G300 router, version US_4G300V1.0Mt_V1.01.42_CN_TDC01, allowing an attacker to potentially execute arbitrary code by manipulating the 'page' argument to the sub_427C3C function in the /goform/SafeMacFilter file.

A buffer overflow vulnerability in UTT HiPER 1250GW devices (versions up to 3.2.7-210907-180535) allows remote attackers to execute arbitrary code by manipulating the 'Profile' argument in the `strcpy` function of the `route/goform/ConfigAdvideo` file, due to insufficient bounds checking.

A remote buffer overflow vulnerability exists in the UTT HiPER 1250GW device due to improper handling of the 'Profile' argument in the NTP configuration, potentially allowing for arbitrary code execution.

Alloksoft Video Joiner 4.6.1217 is vulnerable to a local buffer overflow (CVE-2018-25315) allowing attackers to execute arbitrary code via a crafted license name.

Allok Soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 is vulnerable to a buffer overflow, allowing local attackers to execute arbitrary code via a crafted License Name field.

Prime95 version 29.4b8 contains a local buffer overflow vulnerability, allowing attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms through a malicious payload in the PrimeNet proxy hostname field.

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation, leading to arbitrary code execution.

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string.

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability (CVE-2018-25303) in the License Name field, allowing a local attacker to execute arbitrary code by triggering a structured exception handler (SEH) overwrite.

Allok AVI to DVD SVCD VCD Converter 4.0.1217 is vulnerable to a SEH-based buffer overflow, allowing local attackers to execute arbitrary code by providing a malicious string in the License Name field.

D-Link DIR-825M version 1.1.12 is vulnerable to a buffer overflow via manipulation of the submit-url argument in the /boafrm/formWanConfigSetup file's sub_414BA8 function, allowing a remote attacker to execute arbitrary code.

A stack-based buffer overflow vulnerability in the formUploadConfig function of Tenda HG3 v2.0's /boaform/formIPv6Routing file allows remote attackers to execute arbitrary code by manipulating the destNet argument.

A buffer overflow vulnerability in the D-Link DI-8100 router allows remote attackers to execute arbitrary code by manipulating the 'fn' argument in the tgfile_htm function of the CGI endpoint.

A remote buffer overflow vulnerability exists in Totolink N300RT 3.4.0-B20250430 via manipulation of the 'entry_name' argument in the /boafrm/formIpQoS file, potentially leading to arbitrary code execution.

A buffer overflow vulnerability in Tenda F456 version 1.0.0.5 allows remote attackers to execute arbitrary code via a crafted request to the fromWrlclientSet function in the /goform/WrlclientSet file of the httpd component.

A buffer overflow vulnerability in Tenda F456 router version 1.0.0.5 allows a remote attacker to execute arbitrary code by exploiting the fromSafeClientFilter function in the /goform/SafeClientFilter endpoint through manipulation of the 'menufacturer/Go' argument.

A buffer overflow vulnerability in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon allows remote attackers to execute arbitrary code by manipulating the nextHop argument in the formRoute function of the /boaform/formRouting file, impacting device availability and integrity.

The rust-openssl crate versions 0.9.24 prior to 0.10.78 are vulnerable to memory leaks due to unchecked callback lengths in PSK/cookie trampolines, potentially leading to buffer overflows.

LanSpy 2.0.1.159 is vulnerable to a local buffer overflow, allowing an attacker to overwrite the instruction pointer by providing a crafted payload to the scan field, potentially leading to code execution.

A buffer overflow vulnerability (CVE-2026-6581) in H3C Magic B1 routers allows remote attackers to execute arbitrary code by manipulating the 'param' argument in the SetMobileAPInfoById function.

A buffer overflow vulnerability (CVE-2026-6560) in H3C Magic B0 up to 100R002 allows remote attackers to execute arbitrary code by manipulating the 'param' argument in the Edit_BasicSSID function of the /goform/aspForm file.

Firebird versions before 5.0.4, 4.0.7, and 3.0.14 are vulnerable to a buffer overflow in the xdr_datum() function during slice packet deserialization, enabling unauthenticated attackers to cause a crash or potentially achieve arbitrary code execution by sending a malicious packet.

Openfind MailGates/MailAudit is vulnerable to a stack-based buffer overflow (CVE-2026-6350) allowing unauthenticated remote attackers to execute arbitrary code by controlling the program's execution flow.

A buffer overflow vulnerability in the GIF image loading component of GIMP allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file, potentially leading to denial of service or arbitrary code execution.

CVE-2026-32195 is a stack-based buffer overflow vulnerability in the Windows Kernel that allows an authorized attacker to elevate privileges locally.

CVE-2026-32221 is a heap-based buffer overflow vulnerability in the Microsoft Graphics Component, allowing a local attacker to execute arbitrary code.

CVE-2026-26176 is a heap-based buffer overflow vulnerability in the Windows Client Side Caching driver (csc.sys), which allows an authorized attacker to elevate privileges locally.

A stack-based buffer overflow vulnerability (CVE-2026-6194) exists in the Totolink A3002MU B20211125.1046 router firmware, specifically affecting the `/boafrm/formWlanSetup` component's HTTP request handler, which allows remote attackers to execute arbitrary code by manipulating the `wan-url` argument.

A stack-based buffer overflow vulnerability (CVE-2026-6168) exists in TOTOLINK A7000R devices up to version 9.1.0u.6115, allowing remote attackers to execute arbitrary code via a crafted ssid5g argument to the setWiFiEasyGuestCfg function in /cgi-bin/cstecgi.cgi.

CVE-2026-25207 is an out-of-bounds write vulnerability in Samsung Open Source Escargot that allows for buffer overflows, potentially leading to arbitrary code execution.

A remote buffer overflow vulnerability exists in the Totolink A800R router version 4.1.2cu.5137_B20200730, allowing unauthenticated attackers to potentially execute arbitrary code by overflowing the apcliSsid argument in the setAppEasyWizardConfig function within the /lib/cste_modules/app.so library.

Easy Video to iPod Converter 1.6.20 is vulnerable to a local buffer overflow in the user registration field, allowing a local attacker to overwrite the structured exception handler (SEH) by providing a crafted payload exceeding 996 bytes in the username field, potentially leading to arbitrary code execution with user privileges.

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation, leading to arbitrary code execution.

HTML5 Video Player version 1.2.5 is vulnerable to a local buffer overflow, allowing attackers to execute arbitrary code by providing an oversized key code string through the Help Register dialog.

A remote stack-based buffer overflow vulnerability exists in the fromDhcpListClient function of the /goform/DhcpListClient component (httpd) within Tenda F451 firmware version 1.0.0.7, triggered by manipulating the 'page' argument, potentially allowing for arbitrary code execution.

Tenda F451 router version 1.0.0.7 is vulnerable to a stack-based buffer overflow in the frmL7ProtForm function, enabling remote attackers to execute arbitrary code by manipulating the 'page' argument.

A stack-based buffer overflow vulnerability (CVE-2026-6121) exists in the WrlclientSet function of the /goform/WrlclientSet file in the httpd component of Tenda F451 version 1.0.0.7, allowing remote attackers to execute arbitrary code by manipulating the GO argument.

A stack buffer overflow vulnerability (CVE-2026-39853) exists in osslsigncode versions prior to 2.12 due to insufficient validation of digest length during PKCS#7 signature verification, potentially leading to arbitrary code execution.

A stack-based buffer overflow vulnerability (CVE-2026-5830) in Tenda AC15 firmware version 15.03.05.18 allows remote attackers to execute arbitrary code by manipulating password change parameters, potentially leading to complete device compromise.

A stack-based buffer overflow vulnerability exists in ASDA-Soft, potentially leading to arbitrary code execution, as identified by CVE-2026-5726 and reported by Deltaww with a CVSS v3.1 score of 7.8.

A stack-based buffer overflow vulnerability exists in the Tenda CX12L router (version 16.03.53.12) due to improper handling of the 'page' argument in the 'fromwebExcptypemanFilter' function, potentially allowing attackers with local network access to execute arbitrary code.

CVE-2026-21382 is a memory corruption vulnerability related to handling power management requests with improperly sized input/output buffers, potentially leading to code execution.

CVE-2025-47389 describes a memory corruption vulnerability stemming from a buffer copy operation failure due to an integer overflow during the attestation report generation process, potentially leading to arbitrary code execution.

A stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 allows a remote attacker to execute arbitrary code by manipulating the 'GO' argument in the formWrlExtraSet function via the /goform/WrlExtraSet endpoint.

A stack-based buffer overflow vulnerability (CVE-2026-5612) exists in Belkin F9K1015 1.00.10, allowing remote attackers to execute arbitrary code by manipulating the 'webpage' argument in the 'formWlEncrypt' function of the '/goform/formWlEncrypt' file.

A stack-based buffer overflow vulnerability (CVE-2026-5608) exists in the formWlanSetup function of Belkin F9K1122 version 1.00.33, allowing remote attackers to execute arbitrary code by manipulating the 'webpage' argument in the /goform/formWlanSetup file.

A stack-based buffer overflow vulnerability (CVE-2026-5604) in Tenda CH22 1.0.0.1 allows remote attackers to execute arbitrary code by manipulating the 'standard' argument in the formCertLocalPrecreate function of the /goform/CertLocalPrecreate file within the Parameter Handler component.

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability allowing local attackers to execute arbitrary code by supplying a malicious payload via the Echo Port tab.

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability allowing local attackers to execute arbitrary code by providing a malicious string in the Lame_enc.dll field.

R i386 version 3.5.0 is susceptible to a local buffer overflow in the GUI Preferences dialog, allowing a local attacker to overwrite the structured exception handler (SEH) by supplying a malicious string to the 'Language for menus and messages' field, leading to arbitrary code execution.

A buffer overflow vulnerability exists in Tenda M3 1.0.0.10 via manipulation of the policyType argument in the setAdvPolicyData function, allowing remote attackers to execute arbitrary code.

A stack-based buffer overflow vulnerability (CVE-2026-5550) in Tenda AC10 firmware version 16.03.10.10_multi_TDE01 within the /bin/httpd SysToolChangePwd function allows remote attackers to execute arbitrary code.

Snes9K 0.0.9z is vulnerable to a buffer overflow in the Netplay Socket Port Number field, enabling local attackers to execute arbitrary code via a crafted payload.

V-SFT versions 6.2.10.0 and prior are susceptible to a stack-based buffer overflow vulnerability that could allow arbitrary code execution when a malicious V7 file is opened.

A buffer overflow vulnerability (CVE-2026-34875) exists in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0 during public key export for FFDH keys, potentially leading to code execution or denial of service.

A stack-based buffer overflow vulnerability (CVE-2026-5204) exists in the Tenda CH22 1.0.0.1 router, allowing remote attackers to execute arbitrary code by manipulating the webSiteId argument in the formWebTypeLibrary function.

A stack-based buffer overflow vulnerability exists in Tenda CH22 1.0.0.1 via manipulation of the `mit_linktype` argument in the `/goform/QuickIndex` endpoint, potentially enabling remote code execution.

A stack-based buffer overflow vulnerability exists in Tenda CH22 1.0.0.1/1.If allowing remote attackers to execute arbitrary code by manipulating the `funcname` argument in the `/goform/setcfm` endpoint.

A stack-based buffer overflow vulnerability (CVE-2026-5046) in Tenda FH1201 version 1.2.0.14(408) allows remote attackers to execute arbitrary code by manipulating the GO argument in the formWrlExtraSet function of the /goform/WrlExtraSet component.

A stack-based buffer overflow vulnerability (CVE-2026-5044) in Belkin F9K1122 version 1.00.33 allows remote attackers to execute arbitrary code by manipulating the 'webpage' argument in the formSetSystemSettings function, potentially leading to complete system compromise.

A stack-based buffer overflow vulnerability (CVE-2026-5042) exists in the Belkin F9K1122 router version 1.00.33, allowing remote attackers to execute arbitrary code by manipulating the webpage argument in the formCrossBandSwitch function.

A stack-based buffer overflow vulnerability (CVE-2026-5036) exists in the fromDhcpListClient function of the Tenda 4G06 router (version 04.06.01.29), potentially allowing remote attackers to execute arbitrary code by manipulating the 'page' argument in the /goform/DhcpListClient endpoint.

A stack-based buffer overflow vulnerability in Tenda F453 1.0.0.3 allows a remote attacker to execute arbitrary code by manipulating the 'delno' argument in the fromPPTPUserSetting function of the /goform/PPTPUserSetting component's httpd process.

A stack-based buffer overflow vulnerability exists in Wavlink WL-WN579X3-C 231124's UPNP Handler component, specifically in the /cgi-bin/firewall.cgi file and the sub_4019FC function, allowing remote attackers to execute arbitrary code by manipulating the UpnpEnabled argument; public exploits are available, but the vendor has not responded to the disclosure.

Crashmail 1.6 is vulnerable to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code via malicious input and potentially leading to denial of service.

SC v7.16 is vulnerable to a stack-based buffer overflow, allowing local attackers to execute arbitrary code by providing oversized input exceeding 1052 bytes, leading to potential arbitrary code execution.

Flat Assembler version 1.71.21 is susceptible to a stack-based buffer overflow vulnerability, allowing local attackers to achieve arbitrary code execution by providing a crafted, oversized input file.

EChat Server 3.1 is vulnerable to a buffer overflow in the chat.ghp endpoint, allowing remote attackers to execute arbitrary code by sending a crafted GET request with an oversized username parameter.

PInfo version 0.6.9-5.1 is susceptible to a local buffer overflow vulnerability, enabling local attackers to execute arbitrary code by providing an overly large argument to the '-m' parameter, ultimately allowing for shellcode execution with user privileges.

yTree version 1.94-1.1 is vulnerable to a stack-based buffer overflow, allowing local attackers to execute arbitrary code by supplying an excessively long argument to overwrite the stack with shellcode.

TiEmu 3.03 is vulnerable to a buffer overflow in ROM parameter handling, enabling local attackers to crash the application or execute arbitrary code by providing an oversized ROM parameter via the command-line interface.

Multi Emulator Super System 0.154-3.1 is vulnerable to a buffer overflow (CVE-2016-20039) allowing local attackers to achieve arbitrary code execution by supplying a malicious gamma parameter, leading to potential system compromise.

A stack-based buffer overflow vulnerability exists in xwpe version 1.5.30a-2.1 and prior, allowing a local attacker to execute arbitrary code or cause denial of service by supplying a crafted command-line argument with an overly long input string.

A stack-based buffer overflow vulnerability (CVE-2026-4975) exists in the Tenda AC15 router version 15.03.05.19, allowing remote attackers to execute arbitrary code by manipulating the 'funcpara1' argument in a POST request to /goform/setcfm.

CVE-2026-1679 describes a vulnerability in the eswifi socket offload driver where user-provided payloads are copied into a fixed buffer without proper size checking, leading to a buffer overflow and kernel memory corruption.

A buffer overflow vulnerability in Totolink LR350 version 9.3.5u.6369_B20220309 allows a remote attacker to execute arbitrary code by manipulating the 'ssid' argument in the setWiFiGuestCfg function.

A stack-based buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44 within the fromSetSysTime function of the /goform/SetSysTimeCfg component's POST Request Handler, allowing a remote attacker to potentially execute arbitrary code by manipulating the 'Time' argument.

A stack-based buffer overflow vulnerability in Tenda AC6 version 15.03.05.16 allows remote attackers to execute arbitrary code by manipulating the WANT/WANS argument in the /goform/WizardHandle POST request handler.

A stack-based buffer overflow vulnerability exists in Tenda AC5 version 15.03.06.47, allowing remote attackers to execute arbitrary code by manipulating the `PPPOEPassword` argument in the `formQuickIndex` function of the `/goform/QuickIndex` component.

A stack-based buffer overflow vulnerability exists in EVerest EV charging software stack versions prior to 2026.02.0. Passing an interface name longer than 16 characters to CAN open routines overflows `ifreq.ifr_name`, potentially leading to code execution.

A stack-based buffer overflow vulnerability (CVE-2026-4905) exists in Tenda AC5 firmware version 15.03.06.47 allowing remote attackers to execute arbitrary code by manipulating the 'index' argument in a POST request to the /goform/WifiWpsOOB endpoint.

A stack-based buffer overflow vulnerability exists in EVerest's IsoMux certificate filename handling before version 2026.02.0, potentially allowing code execution via a crafted filename.

EVerest versions before 2026.02.0 are vulnerable to a stack-based buffer overflow (CVE-2026-22790) in the `HomeplugMessage::setup_payload` function, enabling remote code execution via network frames with oversized SLAC payloads.

Tabs Mail Carrier 2.5.1 is vulnerable to a buffer overflow in the MAIL FROM SMTP command, allowing remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter with an oversized buffer to overwrite the EIP register and execute a bind shell payload via port 25.

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability (CVE-2019-25637) allowing local attackers to execute arbitrary code by overwriting the EIP register.

Base64 Decoder 1.1.2 is vulnerable to a stack-based buffer overflow (CVE-2019-25634) allowing local attackers to achieve arbitrary code execution via a crafted input file that triggers an SEH overwrite.

AIDA64 Business 5.99.4900 is vulnerable to a local Structured Exception Handling (SEH) buffer overflow (CVE-2019-25631) allowing attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode.

FlexHEX 2.71 is vulnerable to a local buffer overflow in the Stream Name field, allowing local attackers to execute arbitrary code via a structured exception handler (SEH) overflow.

Download Accelerator Plus DAP 10.0.6.0 is vulnerable to a structured exception handler buffer overflow, allowing remote attackers to execute arbitrary code via malicious crafted URLs by overwriting SEH pointers and executing embedded shellcode.

AIDA64 Extreme 5.99.4900 is vulnerable to a structured exception handler buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious CSV log file path through the Hardware Monitoring logging preferences.

JetAudio jetCast Server 2.0 is vulnerable to a stack-based buffer overflow in the Log Directory configuration, enabling local attackers to overwrite structured exception handling pointers and execute arbitrary code.

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in joncampbell123's doslib before version doslib-20250729, potentially leading to arbitrary code execution.

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms before PR#96 could lead to arbitrary code execution.

Lavavo CD Ripper 4.20 is vulnerable to a structured exception handling (SEH) buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field leading to arbitrary code execution and a bind shell.

FTP Shell Server 6.83 contains a buffer overflow vulnerability (CVE-2019-25619) in the 'Account name to ban' field, enabling a local attacker to execute arbitrary code by injecting shellcode through a crafted string in the Manage FTP Accounts dialog.

Admin Express 1.2.5.485 is susceptible to a local structured exception handling buffer overflow vulnerability, enabling local attackers to execute arbitrary code via a crafted payload in the Folder Path field of the System Compare feature.

TuneClone 2.20 is vulnerable to a structured exception handler (SEH) buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious license code string via the application's license registration feature.

A stack-based buffer overflow vulnerability exists in Tenda F453 version 1.0.0.3 in the fromNatlimit function of the /goform/Natlimit Parameters Handler component, triggered remotely by manipulating the 'page' argument, allowing for potential arbitrary code execution.

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function allowing local attackers to execute arbitrary code by supplying oversized configuration values in the miniftpd.conf file.

DVDXPlayer Pro 5.5 is vulnerable to a local buffer overflow, allowing local attackers to execute arbitrary code by crafting malicious playlist files.

Axessh 4.2 is vulnerable to a stack-based buffer overflow in the log file name field, allowing local attackers to execute arbitrary code by supplying an excessively long filename.

A stack-based buffer overflow vulnerability exists in Belkin F9K1122 version 1.00.33, allowing remote attackers to execute arbitrary code by manipulating the 'webpage' argument in the 'formWISP5G' function.

CVE-2025-49010 is a critical stack buffer overflow vulnerability within the GET RESPONSE function of OpenSC, potentially leading to arbitrary code execution.

CVE-2026-41676 is a buffer overflow vulnerability in rust-openssl's Deriver::derive and PkeyCtxRef::derive functions when used with OpenSSL 1.1.1, potentially leading to denial of service or arbitrary code execution.

The rust-openssl crate is vulnerable to a stack-based buffer overflow (CVE-2026-41681) where the `EVP_DigestFinal()` function writes beyond the allocated buffer, potentially corrupting the stack, affecting versions >= 0.10.39 and < 0.10.78.

The rust-openssl crate's `Deriver::derive` and `PkeyCtxRef::derive` functions can cause heap/stack overflows when used with OpenSSL 1.1.x due to insufficient buffer length validation in X25519, X448, DH, and HKDF-extract, affecting rust-openssl versions >= 0.9.27 and < 0.10.78.

D-Link DI-8100 version 16.07.26A1 is vulnerable to a remote buffer overflow in the `sprintf` function within the `/auto_reboot.asp` file's HTTP handler component due to improper handling of the `enable/time` argument, potentially leading to arbitrary code execution.

A stack-based buffer overflow vulnerability exists in the Tenda FH1202 router, specifically in the WrlExtraSet function, allowing remote attackers to execute arbitrary code by manipulating the 'Go' argument in a request to /goform/WrlExtraSet.

A remote buffer overflow vulnerability exists in Tenda F456 version 1.0.0.5 via manipulation of the 'page' argument in the fromDhcpListClient function of the /goform/DhcpListClient component, potentially leading to arbitrary code execution.

A stack buffer overflow vulnerability in Linksys E1200 firmware version 2.0.04 and earlier allows an authenticated attacker to achieve remote code execution by sending a crafted HTTP POST request to the apply.cgi endpoint.

A buffer overflow vulnerability (CVE-2026-7069) exists in the AddPortMapping function of the miniupnpd component within D-Link DIR-825 routers (up to version 3.00b32), potentially enabling attackers on the local network to execute arbitrary code.