Total
2763 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-33449 | 1 Absolute | 1 Secure Access | 2026-06-17 | N/A | 7.5 HIGH |
| CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service. | |||||
| CVE-2026-33447 | 1 Absolute | 1 Secure Access | 2026-06-17 | N/A | 9.8 CRITICAL |
| CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service. | |||||
| CVE-2026-33307 | 1 Mod Gnutls Project | 1 Mod Gnutls | 2026-06-17 | N/A | 7.5 HIGH |
| Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array without checking the number of certificates is less than or equal to the array size. `gnutls_x509_crt_t` is a `typedef` for a pointer to an opaque GnuTLS structure created using with `gnutls_x509_crt_init()` before importing certificate data into it, so no attacker-controlled data was written into the stack buffer, but writing a pointer after the last array element generally triggered a segfault, and could theoretically cause stack corruption otherwise (not observed in practice). Server configurations that do not use client certificates (`GnuTLSClientVerify ignore`, the default) are not affected. The problem has been fixed in version 0.12.3 by checking the length of the provided certificate chain and rejecting it if it exceeds the buffer length, and in version 0.13.0 by rewriting certificate verification to use `gnutls_certificate_verify_peers()`, removing the need for the buffer entirely. There is no workaround. Version 0.12.3 provides the minimal fix for users of 0.12.x who do not wish to upgrade to 0.13.0 yet. | |||||
| CVE-2026-33250 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected. | |||||
| CVE-2026-33147 | 1 Generic-mapping-tools | 1 Gmt | 2026-06-17 | N/A | 7.3 HIGH |
| GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt_remote_dataset_id function within src/gmt_remote.c. This issue occurs when a specially crafted long string is passed as a dataset identifier (e.g., via the which module), leading to a crash or potential arbitrary code execution. This issue has been patched via commit 0ad2b49. | |||||
| CVE-2026-32955 | 1 Silextechnology | 3 Amc Manager, Sd-330ac, Sd-330ac Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. | |||||
| CVE-2026-32928 | 1 Fujielectric | 1 V-sft | 2026-06-17 | N/A | 7.8 HIGH |
| V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product. | |||||
| CVE-2026-32925 | 1 Fujielectric | 1 V-sft | 2026-06-17 | N/A | 7.8 HIGH |
| V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product. | |||||
| CVE-2026-32743 | 1 Dronecode | 1 Px4 Drone Autopilot | 2026-06-17 | N/A | 6.5 MEDIUM |
| PX4 is an open-source autopilot stack for drones and unmanned vehicles. Versions 1.17.0-rc2 and below are vulnerable to Stack-based Buffer Overflow through the MavlinkLogHandler, and are triggered via MAVLink log request. The LogEntry.filepath buffer is 60 bytes, but the sscanf function parses paths from the log list file with no width specifier, allowing a path longer than 60 characters to overflow the buffer. An attacker with MAVLink link access can trigger this by first creating deeply nested directories via MAVLink FTP, then requesting the log list. The flight controller MAVLink task crashes, losing telemetry and command capability and causing DoS. This issue has been fixed in this commit: https://github.com/PX4/PX4-Autopilot/commit/616b25a280e229c24d5cf12a03dbf248df89c474. | |||||
| CVE-2026-32708 | 1 Dronecode | 1 Px4 Drone Autopilot | 2026-06-17 | N/A | 7.8 HIGH |
| PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy, causing a stack overflow and crash of the Zenoh bridge task. This vulnerability is fixed in 1.17.0-rc2. | |||||
| CVE-2026-32707 | 1 Dronecode | 1 Px4 Drone Autopilot | 2026-06-17 | N/A | 5.2 MEDIUM |
| PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_can is enabled and running, a CAN-injection-capable attacker can trigger a crash (DoS) and memory corruption. This vulnerability is fixed in 1.17.0-rc2. | |||||
| CVE-2026-32705 | 1 Dronecode | 1 Px4 Drone Autopilot | 2026-06-17 | N/A | 6.8 MEDIUM |
| PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a stack overflow in the driver and crashing the task (or enabling code execution). This vulnerability is fixed in 1.17.0-rc2. | |||||
| CVE-2026-32661 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege. | |||||
| CVE-2026-32259 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 6.7 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | |||||
| CVE-2026-32203 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, .net and 3 more | 2026-06-17 | N/A | 7.5 HIGH |
| Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2026-32195 | 1 Microsoft | 1 Windows 11 26h1 | 2026-06-17 | N/A | 7.0 HIGH |
| Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-31971 | 1 Htslib | 1 Htslib | 2026-06-17 | N/A | 8.1 HIGH |
| HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_LEN` method, the `cram_byte_array_len_decode()` failed to validate that the amount of data being unpacked matched the size of the output buffer where it was to be stored. Depending on the data series being read, this could result either in a heap or a stack overflow with attacker-controlled bytes. Depending on the data stream this could result either in a heap buffer overflow or a stack overflow. If a user opens a file crafted to exploit this issue it could lead to the program crashing, overwriting of data structures on the heap or stack in ways not expected by the program, or changing the control flow of the program. It may be possible to use this to obtain arbitrary code execution. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue. | |||||
| CVE-2026-31968 | 1 Htslib | 1 Htslib | 2026-06-17 | N/A | 8.1 HIGH |
| HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the `VARINT` and `CONST` encodings, incomplete validation of the context in which the encodings were used could result in up to eight bytes being written beyond the end of a heap allocation, or up to eight bytes being written to the location of a one byte variable on the stack, possibly causing the values to adjacent variables to change unexpectedly. Depending on the data stream this could result either in a heap buffer overflow or a stack overflow. If a user opens a file crafted to exploit this issue it could lead to the program crashing, overwriting of data structures on the heap or stack in ways not expected by the program, or changing the control flow of the program. It may be possible to use this to obtain arbitrary code execution. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue. | |||||
| CVE-2026-31795 | 1 Color | 1 Iccdev | 2026-06-17 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-30987 | 1 Color | 1 Iccdev | 2026-06-17 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | |||||