CWE-121
Stack-based Buffer Overflow
Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Hierarchy (View 1000)
CVEs mapped to this weakness (790)
page 27 of 40| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-30364 | Hig | 0.49 | 7.5 | 0.00 | Apr 15, 2026 | CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function. | ||
| CVE-2026-4156 | Hig | 0.49 | 7.5 | 0.00 | Apr 11, 2026 | ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to… | ||
| CVE-2025-50671 | Hig | 0.49 | 7.5 | 0.00 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en,… | ||
| CVE-2025-50664 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr. | ||
| CVE-2025-50663 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint. | ||
| CVE-2025-50662 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint. | ||
| CVE-2025-50661 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri,… | ||
| CVE-2025-50660 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint. | ||
| CVE-2025-50659 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint. | ||
| CVE-2025-50657 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint. | ||
| CVE-2025-50655 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2026 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint. | ||
| CVE-2026-33554 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2026 | ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to… | ||
| CVE-2019-25341 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2026 | iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash. | ||
| CVE-2019-25339 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2026 | GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices. | ||
| CVE-2019-25330 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2026 | SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific… | ||
| CVE-2019-25328 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2026 | XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application… | ||
| CVE-2025-67432 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2026 | A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||
| CVE-2020-37198 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger… | ||
| CVE-2020-37182 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation… | ||
| CVE-2020-37177 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash… |
- risk 0.49cvss 7.5epss 0.00
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
- risk 0.49cvss 7.5epss 0.00
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to…
- risk 0.49cvss 7.5epss 0.00
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en,…
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr.
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri,…
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint.
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint.
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.
- risk 0.49cvss 7.5epss 0.01
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint.
- risk 0.49cvss 7.5epss 0.00
ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to…
- risk 0.49cvss 7.5epss 0.00
iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash.
- risk 0.49cvss 7.5epss 0.00
GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices.
- risk 0.49cvss 7.5epss 0.00
SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific…
- risk 0.49cvss 7.5epss 0.00
XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application…
- risk 0.49cvss 7.5epss 0.00
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- risk 0.49cvss 7.5epss 0.00
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger…
- risk 0.49cvss 7.5epss 0.00
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation…
- risk 0.49cvss 7.5epss 0.00
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash…