Total
2539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-5525 | 2026-04-13 | N/A | 6.0 MEDIUM | ||
| A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checking, resulting in a stack buffer overflow and application crash (STATUS_STACK_BUFFER_OVERRUN). | |||||
| CVE-2026-35553 | 2026-04-13 | N/A | 6.7 MEDIUM | ||
| Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values. | |||||
| CVE-2026-5726 | 1 Deltaww | 1 Asda Soft | 2026-04-13 | N/A | 7.8 HIGH |
| ASDA-Soft Stack-based Buffer Overflow Vulnerability | |||||
| CVE-2025-50671 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-10 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, user_id, shibie_name, time, act, log, and rpri. | |||||
| CVE-2025-47391 | 1 Qualcomm | 202 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 199 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory corruption while processing a frame request from user. | |||||
| CVE-2026-32928 | 1 Fujielectric | 1 V-sft | 2026-04-07 | N/A | 7.8 HIGH |
| V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product. | |||||
| CVE-2026-32925 | 1 Fujielectric | 1 V-sft | 2026-04-07 | N/A | 7.8 HIGH |
| V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product. | |||||
| CVE-2025-54328 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2026-04-07 | N/A | 10.0 CRITICAL |
| An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages. | |||||
| CVE-2026-5350 | 1 Trendnet | 2 Tew-657brm, Tew-657brm Firmware | 2026-04-07 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-15555 | 1 Open5gs | 1 Open5gs | 2026-04-07 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue. | |||||
| CVE-2026-5349 | 1 Trendnet | 2 Tew-657brm, Tew-657brm Firmware | 2026-04-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-34122 | 1 Tp-link | 2 Tapo C520ws, Tapo C520ws Firmware | 2026-04-06 | N/A | 6.5 MEDIUM |
| A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow. Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability. | |||||
| CVE-2026-25833 | 1 Arm | 1 Mbed Tls | 2026-04-06 | N/A | 7.5 HIGH |
| Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function | |||||
| CVE-2026-4181 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2026-04-06 | 10.0 HIGH | 9.8 CRITICAL |
| A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-26595 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2026-04-06 | N/A | 7.8 HIGH |
| A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. | |||||
| CVE-2026-4486 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-04-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-4555 | 1 Dlink | 2 Dir-513, Dir-513 Firmware | 2026-04-03 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-4534 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-04-03 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2026-4535 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-04-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8065 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2026-04-03 | N/A | 6.5 MEDIUM |
| A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device. | |||||