Search Results (3818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-15013 1 Floooh 1 Sokol 2026-04-15 5.3 Medium
A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is b95c5245ba357967220c9a860c7578a7487937b0. It is best practice to apply a patch to resolve this issue.
CVE-2025-3916 2026-04-15 N/A
CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker.
CVE-2025-23284 1 Nvidia 1 Gpu Display Driver 2026-04-15 7.8 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.
CVE-2020-37181 1 Torrentrockyou 1 Torrent Flv Converter 2026-04-15 9.8 Critical
Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.
CVE-2025-6565 1 Netgear 1 Wnce3001 2026-04-15 8.8 High
A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2009-20004 2 Galan, Microsoft 2 Galan, Windows 2026-04-15 N/A
gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file.
CVE-2025-29951 1 Amd 4 Ryzen 5000 Series Mobile Processors With Radeon Graphics, Ryzen Embedded R1000 Series Processors, Ryzen Embedded R2000 Series Processors and 1 more 2026-04-15 N/A
A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
CVE-2013-10036 1 Beetel 1 Connection Manager 2026-04-15 N/A
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
CVE-2025-34457 1 Wb2osz 1 Dire Wolf 2026-04-15 7.5 High
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.
CVE-2025-3588 2026-04-15 5.3 Medium
A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-5403 1 Honeywell 1 Experion Server 2026-04-15 8.1 High
Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2024-34579 2026-04-15 7.8 High
Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
CVE-2020-37183 1 Allok Soft 1 Allok Rm Rmvb To Avi Mpeg Dvd Converter 2026-04-15 9.8 Critical
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.
CVE-2020-36965 1 Verypdf 1 Docprint Pro 2026-04-15 8.4 High
docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute shellcode and gain remote system access.
CVE-2020-36961 1 10-strike 1 Network Inventory Explorer 2026-04-15 9.8 Critical
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.
CVE-2009-20007 1 Talkative 1 Irc 2026-04-15 N/A
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.
CVE-2024-38309 1 Fujielectric 3 Tellus, Tellus Lite, V-sft 2026-04-15 7.8 High
There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
CVE-2025-24922 2026-04-15 8.8 High
A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability.
CVE-2025-6072 1 Abb 2 Rmc-100, Rmc-100-lite 2026-04-15 7.5 High
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016.
CVE-2011-10024 2026-04-15 N/A
MJM Core Player (likely now referred to as MJM Player) 2011 is vulnerable to a stack-based buffer overflow when parsing specially crafted .s3m music files. The vulnerability arises from improper bounds checking in the file parser, allowing an attacker to overwrite memory on the stack and execute arbitrary code. Exploitation is triggered when a user opens a malicious .s3m file, and the exploit bypasses DEP and ASLR protections using a ROP chain.