Export limit exceeded: 364661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (3838 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7704 1 Supermicro 1 Bmc 2026-04-15 5.4 Medium
Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
CVE-2020-37159 1 Parallaxis 1 Cuckoo Clock 2026-04-15 9.8 Critical
Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
CVE-2024-51979 2026-04-15 7.2 High
An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). The malformed request will contain an empty Origin header value and a malformed Referer header value. The Referer header value will trigger a stack based buffer overflow when the host value in the Referer header is processed and is greater than 64 bytes in length.
CVE-2020-37142 1 10-strike 1 Network Inventory Explorer 2026-04-15 8.4 High
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigger remote code execution.
CVE-2025-29951 1 Amd 4 Ryzen 5000 Series Mobile Processors With Radeon Graphics, Ryzen Embedded R1000 Series Processors, Ryzen Embedded R2000 Series Processors and 1 more 2026-04-15 N/A
A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
CVE-2024-53849 1 Editorconfig 1 Editorconfig 2026-04-15 N/A
editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-15013 1 Floooh 1 Sokol 2026-04-15 5.3 Medium
A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue.
CVE-2025-66635 1 Seiko Epson Corporation 1 Web Config 2026-04-15 N/A
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
CVE-2009-20007 1 Talkative 1 Irc 2026-04-15 N/A
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.
CVE-2025-34457 1 Wb2osz 1 Dire Wolf 2026-04-15 7.5 High
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.
CVE-2024-43661 2026-04-15 9.8 Critical
The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the <redacted> action of the <redacted>.exe CGI binary or to the <redacted>.sh CGI script. This binary or script will write this file path to <redacted>, which is then read by <redacted>.so This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – An attacker will have to find this exploit by either obtaining the binaries involved in this vulnerability, or by trial and error. Furthermore, the attacker will need a (low privilege) account to gain access to the <redacted>.exe CGI binary or <redacted>.sh script to trigger the vulnerability, or convince a user with such access send an HTTP request that triggers it. Impact: High – The <redacted> process, which we assume is responsible for OCPP communication, will keep crashing after performing the exploit. This happens because the buffer overflow causes the process to segfault before <redacted> is removed. This means that, even though <redacted> is automatically restarted, it will crash again as soon as it tries to parse the text file. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I).
CVE-2019-25357 1 Webgate 2 Control Center, Control Center Pro 2026-04-15 8.4 High
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems.
CVE-2024-3079 1 Asus 7 Rt-ac68u Firmware, Rt-ac86u Firmware, Rt-ax57 Firmware and 4 more 2026-04-15 7.2 High
Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.
CVE-2023-52162 1 Mercusys 1 Mw325r Eu V3 2026-04-15 6.7 Medium
Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication.
CVE-2020-37177 1 Weird Solutions 1 Bootpturbo 2026-04-15 7.5 High
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.
CVE-2019-25319 1 Internet-soft 1 Domain Quester Pro 2026-04-15 9.8 Critical
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation and execute a bind shell on port 9999.
CVE-2019-25332 1 Internet-soft 1 Ftp Commander Pro 2026-04-15 8.4 High
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.
CVE-2024-45415 1 Zte 10 Zxhn E1600 Firmware, Zxhn E2603 Firmware, Zxhn E2615 Firmware and 7 more 2026-04-15 9.8 Critical
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.
CVE-2010-10015 1 Aol 2 Aim, Aol 2026-04-15 N/A
AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.
CVE-2023-48906 2026-04-15 4.3 Medium
Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.