VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 3 of 40
  • CVE-2026-10187CriMay 31, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer…

  • CVE-2026-8363CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:

  • CVE-2026-8362CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome

  • CVE-2026-32661CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.00

    Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to…

  • CVE-2026-41089CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.72

    Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

  • CVE-2026-7834CriMay 5, 2026
    risk 0.64cvss 9.8epss 0.01

    A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been…

  • CVE-2026-37539CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames.

  • CVE-2026-42482CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.00

    A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password…

  • CVE-2026-7546CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.01

    A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely.…

  • CVE-2026-33447CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.00

    CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial…

  • CVE-2026-1951CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

  • CVE-2026-1950CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.

  • CVE-2026-6643CriApr 20, 2026
    risk 0.64cvss 9.9epss 0.00

    A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker…

  • CVE-2026-6350CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.01

    MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.

  • CVE-2026-4567CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.04

    A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-15608CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.01

    This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote…

  • CVE-2026-4181CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.01

    A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack…

  • CVE-2026-25823CriMar 13, 2026
    risk 0.64cvss 9.8epss 0.01

    HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.

  • CVE-2019-25365CriFeb 18, 2026
    risk 0.64cvss 9.8epss 0.00

    ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to…

  • CVE-2019-25361CriFeb 18, 2026
    risk 0.64cvss 9.8epss 0.01

    Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell…