Total
2529 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-37126 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code. | |||||
| CVE-2024-28038 | 2026-04-15 | N/A | 9.0 CRITICAL | ||
| The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |||||
| CVE-2012-10058 | 2026-04-15 | N/A | N/A | ||
| RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process. | |||||
| CVE-2023-45924 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | |||||
| CVE-2021-4464 | 2026-04-15 | N/A | N/A | ||
| FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow. | |||||
| CVE-2010-20042 | 2026-04-15 | N/A | N/A | ||
| Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code. | |||||
| CVE-2024-45162 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field. | |||||
| CVE-2020-37138 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypass data execution prevention through a ROP chain. | |||||
| CVE-2020-37184 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field. | |||||
| CVE-2024-41882 | 2026-04-15 | N/A | N/A | ||
| Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | |||||
| CVE-2025-8076 | 2026-04-15 | N/A | 7.2 HIGH | ||
| There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | |||||
| CVE-2009-20003 | 2026-04-15 | N/A | N/A | ||
| Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file. | |||||
| CVE-2025-3588 | 2026-04-15 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-37159 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution. | |||||
| CVE-2020-37127 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters. | |||||
| CVE-2024-23933 | 2026-04-15 | N/A | 6.8 MEDIUM | ||
| Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238 | |||||
| CVE-2020-37121 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution. | |||||
| CVE-2025-3711 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | |||||
| CVE-2025-67432 | 2026-04-15 | N/A | 7.5 HIGH | ||
| A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-41170 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | |||||