Total
3267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36961 | 1 10-strike | 1 Network Inventory Explorer | 2026-03-05 | 9.8 Critical |
| 10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution. | ||||
| CVE-2019-25435 | 1 Sricam | 1 Deviceviewer | 2026-03-05 | 7.8 High |
| Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User Management to trigger a stack-based buffer overflow and execute commands via ROP chain gadgets. | ||||
| CVE-2019-25360 | 2 Aida64, Finalwire Ltd. | 2 Aida64, Aida64 | 2026-03-05 | 9.8 Critical |
| Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers can exploit the vulnerability by creating a malformed log file with carefully constructed SEH (Structured Exception Handler) overwrite techniques to achieve remote code execution. | ||||
| CVE-2019-25357 | 1 Webgate | 2 Control Center, Control Center Pro | 2026-03-05 | 8.4 High |
| Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems. | ||||
| CVE-2019-25340 | 1 Nsasoft | 2 Nsauditor Spotauditor, Spotauditor | 2026-03-05 | 7.5 High |
| SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field. | ||||
| CVE-2019-25336 | 1 Nsasoft | 2 Nsauditor Spotauditor, Spotauditor | 2026-03-05 | 8.4 High |
| SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system. | ||||
| CVE-2019-25334 | 1 Nsauditor | 1 Product Key Explorer | 2026-03-05 | 6.2 Medium |
| Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to trigger a buffer overflow when pasted into the registration name field, causing the application to crash. | ||||
| CVE-2019-25331 | 1 Avs4you | 1 Avs Audio Converter | 2026-03-05 | 8.4 High |
| AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code. | ||||
| CVE-2019-25318 | 1 Avs4you | 1 Avs Audio Converter | 2026-03-05 | 8.8 High |
| AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked. | ||||
| CVE-2019-25434 | 1 Nsasoft | 2 Nsauditor Spotauditor, Spotauditor | 2026-03-05 | 7.5 High |
| SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application. | ||||
| CVE-2026-3439 | 2026-03-04 | 4.9 Medium | ||
| A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. | ||||
| CVE-2025-69765 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-03-04 | 7.5 High |
| Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. | ||||
| CVE-2025-70252 | 1 Tenda | 1 Ac6 | 2026-03-03 | 7.5 High |
| An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability. | ||||
| CVE-2026-3400 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-03-03 | 8.8 High |
| A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2019-25321 | 2 Internet-soft, Softpedia | 2 Ftp Navigator, Ftp Navigator | 2026-03-03 | 9.8 Critical |
| FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept. | ||||
| CVE-2019-25329 | 1 Internet-soft | 1 Ftp Navigator | 2026-03-03 | 7.5 High |
| FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger a program crash when pasted into the custom command input. | ||||
| CVE-2026-28422 | 1 Vim | 1 Vim | 2026-03-02 | 2.2 Low |
| Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue. | ||||
| CVE-2025-9820 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-03-02 | 4 Medium |
| A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks. | ||||
| CVE-2026-2930 | 1 Tenda | 2 A18, A18 Firmware | 2026-02-27 | 6.3 Medium |
| A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-2929 | 2 D-link, Dlink | 3 Dwr-m960, Dwr-m960, Dwr-m960 Firmware | 2026-02-27 | 8.8 High |
| A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||