Total
2304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-37133 | 1 Uvnc | 1 Ultravnc | 2026-02-09 | N/A | 7.5 HIGH |
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash. | |||||
| CVE-2020-37132 | 1 Uvnc | 1 Ultravnc | 2026-02-09 | N/A | 6.2 MEDIUM |
| UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality. | |||||
| CVE-2020-37119 | 1 Nsasoft | 1 Nsauditor | 2026-02-09 | N/A | 9.8 CRITICAL |
| Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefully constructed exploit. | |||||
| CVE-2020-37159 | 2026-02-09 | N/A | 9.8 CRITICAL | ||
| Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution. | |||||
| CVE-2020-37095 | 2026-02-09 | N/A | 9.8 CRITICAL | ||
| Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access. | |||||
| CVE-2026-2069 | 2026-02-09 | 1.7 LOW | 3.3 LOW | ||
| A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 18993. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2020-37122 | 2026-02-09 | N/A | 7.5 HIGH | ||
| SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash. | |||||
| CVE-2026-22903 | 2026-02-09 | N/A | 9.8 CRITICAL | ||
| An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections. | |||||
| CVE-2026-22904 | 2026-02-09 | N/A | 9.8 CRITICAL | ||
| Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution. | |||||
| CVE-2025-68670 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2026-02-06 | N/A | 9.1 CRITICAL |
| xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system. The vulnerability allows an attacker to overwrite the stack buffer and the return address, which could theoretically be used to redirect the execution flow. The impact of this vulnerability is lessened if a compiler flag has been used to build the xrdp executable with stack canary protection. If this is the case, a second vulnerability would need to be used to leak the stack canary value. Upgrade to version 0.10.5 to receive a patch. Additionally, do not rely on stack canary protection on production systems. | |||||
| CVE-2026-24882 | 2 Gnupg, Gpg4win | 2 Gnupg, Gpg4win | 2026-02-06 | N/A | 8.4 HIGH |
| In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. | |||||
| CVE-2026-0660 | 1 Autodesk | 1 3ds Max | 2026-02-06 | N/A | 7.8 HIGH |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2020-37121 | 2026-02-05 | N/A | 5.5 MEDIUM | ||
| CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution. | |||||
| CVE-2020-37120 | 2026-02-05 | N/A | 9.8 CRITICAL | ||
| Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution. | |||||
| CVE-2020-37136 | 2026-02-05 | N/A | 7.5 HIGH | ||
| ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files. | |||||
| CVE-2020-37124 | 2026-02-05 | N/A | 9.8 CRITICAL | ||
| B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process. | |||||
| CVE-2020-37126 | 2026-02-05 | N/A | 9.8 CRITICAL | ||
| Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code. | |||||
| CVE-2020-37138 | 2026-02-05 | N/A | 9.8 CRITICAL | ||
| 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypass data execution prevention through a ROP chain. | |||||
| CVE-2020-37127 | 2026-02-05 | N/A | 5.5 MEDIUM | ||
| Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters. | |||||
| CVE-2020-37142 | 2026-02-05 | N/A | 8.4 HIGH | ||
| 10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigger remote code execution. | |||||