Total
2512 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3697 | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-3137 | 1 Codeastro | 1 Food Ordering System | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-5684 | 2026-04-29 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15013 | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2020-36855 | 1 Offis | 1 Dcmtk | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component. | |||||
| CVE-2026-2016 | 1 Happyfish100 | 1 Libfastcommon | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue. | |||||
| CVE-2025-15008 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-8845 | 1 Nasm | 1 Netwide Assembler | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-5037 | 2026-04-29 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue. | |||||
| CVE-2026-5683 | 2026-04-29 | 5.2 MEDIUM | 5.5 MEDIUM | ||
| A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the local network. The exploit has been made public and could be used. | |||||
| CVE-2025-9175 | 1 Neurobin | 1 Shc | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | |||||
| CVE-2025-3196 | 1 Assimp | 1 Assimp | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2025-11012 | 1 Behaviortree | 1 Behaviortree | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue. | |||||
| CVE-2026-2930 | 1 Tenda | 2 A18, A18 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-5555 | 2026-04-29 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0.1 is able to mitigate this issue. Upgrading the affected component is recommended. The vendor was contacted beforehand and was able to provide a patch very early. | |||||
| CVE-2026-3972 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-29 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used. | |||||
| CVE-2026-2657 | 1 Wren | 1 Wren | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-8962 | 1 Fabian | 1 Hostel Management System | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8846 | 1 Nasm | 1 Netwide Assembler | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-4185 | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The patch is identified as 8961c74f87ae3fe2d3352e622f7730ca96d50cf1. A patch should be applied to remediate this issue. | |||||