LIVE · cybersecurity feed

memory-safety

zeroday.news · 106d ago·medium

CVE-2026-29772: Astro is a web framework.

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse() allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achieves ~15x memory amplification (wire bytes to heap bytes), allowing a single unauthenticated request to exhaust the process heap and crash the server. The /_server-islands/[name] route is registered on all Astro SSR apps regardless of whether any component uses server:defer, and the body is parsed before the island name is validated, so any Astro SSR app with the Node standalone adapter is affected.

CVE-2026-32853vulnerability
zeroday.news · 106d ago·high

CVE-2026-32853: LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability i

LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.

CVE-2026-4775vulnerability
zeroday.news · 106d ago·high

CVE-2026-4775: A flaw was found in the libtiff library.

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

CVE-2026-33554vulnerability
zeroday.news · 106d ago·high

CVE-2026-33554: ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages.

ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific info

CVE-2026-27654vulnerability
zeroday.news · 106d ago·high

CVE-2026-27654: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attack

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which

CVE-2019-25646vulnerability
zeroday.news · 106d ago·critical

CVE-2019-25646: Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.

CVE-2019-25644vulnerability
zeroday.news · 106d ago·medium

CVE-2019-25644: WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog t

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition.

CVE-2019-25637vulnerability
zeroday.news · 106d ago·high

CVE-2019-25637: X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality.

CVE-2019-25634vulnerability
zeroday.news · 106d ago·high

CVE-2019-25634: Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute a

Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution.

CVE-2019-25633vulnerability
zeroday.news · 106d ago·high

CVE-2019-25633: AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name field and Load from file parameter to trigger the overflow and execute shellcode with application privileges.

CVE-2019-25631vulnerability
zeroday.news · 106d ago·high

CVE-2019-25631: AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges.

CVE-2019-25629vulnerability
zeroday.news · 106d ago·high

CVE-2019-25629: AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging func

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging preferences to overflow the buffer and trigger code execution when the application processes the log file path.

CVE-2019-25628vulnerability
zeroday.news · 106d ago·critical

CVE-2019-25628: Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.

CVE-2019-25627vulnerability
zeroday.news · 106d ago·high

CVE-2019-25627: FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers t

FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.

CVE-2019-25626vulnerability
zeroday.news · 106d ago·high

CVE-2019-25626: River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that all

River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.

CVE-2026-4756vulnerability
zeroday.news · 106d ago·high

CVE-2026-4756: Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: be

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

CVE-2026-4753vulnerability
zeroday.news · 106d ago·critical

CVE-2026-4753: Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.

Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.

CVE-2026-4750vulnerability
zeroday.news · 106d ago·critical

CVE-2026-4750: Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.

Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.

CVE-2026-33854vulnerability
zeroday.news · 106d ago·high

CVE-2026-33854: Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: b

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.

CVE-2026-33850vulnerability
zeroday.news · 106d ago·high

CVE-2026-33850: Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.

Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.

CVE-2026-4746vulnerability
zeroday.news · 106d ago

CVE-2026-4746: Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules).

Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules). This vulnerability is associated with program files inflate.C. This issue affects proton: before 1.6.16.

CVE-2026-4744vulnerability
zeroday.news · 106d ago

CVE-2026-4744: Out-of-bounds Read vulnerability in rizonesoft Notepad3 (‎scintilla/oniguruma/src modules).

Out-of-bounds Read vulnerability in rizonesoft Notepad3 (‎scintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C‎. This issue affects Notepad3: before 6.25.714.1.

CVE-2026-4735vulnerability
zeroday.news · 106d ago

CVE-2026-4735: Deserialization of Untrusted Data vulnerability in DTStack chunjun (‎chunjun-core/src/main/java/com/dtstack/chunjun

Deserialization of Untrusted Data vulnerability in DTStack chunjun (‎chunjun-core/src/main/java/com/dtstack/chunjun/util modules). This vulnerability is associated with program files GsonUtil.Java. This issue affects chunjun: before 1.16.1.

CVE-2026-4732vulnerability
zeroday.news · 106d ago

CVE-2026-4732: Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules).

Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7.

CVE-2026-33307vulnerability
zeroday.news · 106d ago·high

CVE-2026-33307: Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS.

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size `gnutls_x509_crt_t x509[]` array without checking the number of certificates is less than or equal to the array size. `gnutls_x509_crt_t` is a `typedef` for a pointer to an opaque GnuTLS structure created using with `gnutls_x509_crt_init()` before importing certificate data into it, so no attacker-controlled data was written into the stack buffer, but writing a pointer after the last array element generally triggered a segfault, and could theoretically cause stack corruption otherwise

CVE-2026-4675vulnerability
zeroday.news · 106d ago·high

CVE-2026-4675: Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

CVE-2026-4673vulnerability
zeroday.news · 106d ago·high

CVE-2026-4673: Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an o

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

CVE-2026-33298vulnerability
zeroday.news · 106d ago·high

CVE-2026-33298: llama.cpp is an inference of several LLM models in C/C++.

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix.

CVE-2026-33250vulnerability
zeroday.news · 106d ago·high

CVE-2026-33250: Freeciv21 is a free open source, turn-based, empire-building strategy game.

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected.

CVE-2026-29111vulnerability
zeroday.news · 106d ago·medium

CVE-2026-29111: systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC AP

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

CVE-2026-1940vulnerability
zeroday.news · 106d ago·medium

CVE-2026-1940: An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function.

An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.

CVE-2026-26209vulnerability
zeroday.news · 107d ago·high

CVE-2026-26209: cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format.

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the pure Python implementation and the C extension `_cbor2`. The C extension relies on Python's internal recursion limits `Py_EnterRecursiveCall` rather than a data-driven depth limit, meaning it still raises `RecursionError` and crashes the worker process when the limit is hit. While the library handles moderate nesting levels, it lacks a hard depth limit. An attacker can supply a crafted CBOR payloa

CVE-2026-30006vulnerability
zeroday.news · 107d ago·medium

CVE-2026-30006: XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.

XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.

CVE-2026-32845vulnerability
zeroday.news · 107d ago·high

CVE-2026-32845: cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when valid

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory disclosure.

CVE-2026-4567vulnerability
zeroday.news · 107d ago·critical

CVE-2026-4567: A vulnerability has been found in Tenda A15 15.13.07.13.

A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-4566vulnerability
zeroday.news · 107d ago·high

CVE-2026-4566: A flaw has been found in Belkin F9K1122 1.00.33.

A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4565vulnerability
zeroday.news · 107d ago·high

CVE-2026-4565: A vulnerability was detected in Tenda AC21 16.03.08.16.

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

CVE-2026-4555vulnerability
zeroday.news · 108d ago·high

CVE-2026-4555: A weakness has been identified in D-Link DIR-513 1.10.

A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2026-4553vulnerability
zeroday.news · 108d ago·high

CVE-2026-4553: A vulnerability was identified in Tenda F453 1.0.0.3.

A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVE-2026-4552vulnerability
zeroday.news · 108d ago·high

CVE-2026-4552: A vulnerability was determined in Tenda F453 1.0.0.3.

A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

CVE-2026-4551vulnerability
zeroday.news · 108d ago·high

CVE-2026-4551: A vulnerability was found in Tenda F453 1.0.0.3.

A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVE-2019-25619vulnerability
zeroday.news · 108d ago·high

CVE-2019-25619: FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows loca

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.

CVE-2019-25616vulnerability
zeroday.news · 108d ago·medium

CVE-2019-25616: AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the applica

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.

CVE-2019-25615vulnerability
zeroday.news · 108d ago·high

CVE-2019-25615: Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows loc

Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110.

CVE-2019-25614vulnerability
zeroday.news · 108d ago·critical

CVE-2019-25614: Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attacke

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the FTP server.

CVE-2019-25612vulnerability
zeroday.news · 108d ago·high

CVE-2019-25612: Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows l

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature by pasting a crafted buffer overflow payload into the left-hand side Folder Path field and clicking the scale icon to execute shellcode with application privileges.

CVE-2019-25611vulnerability
zeroday.news · 108d ago·high

CVE-2019-25611: MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attacker

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.

CVE-2019-25609vulnerability
zeroday.news · 108d ago·high

CVE-2019-25609: JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuratio

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.

CVE-2019-25607vulnerability
zeroday.news · 108d ago·high

CVE-2019-25607: Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attac

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

CVE-2019-25606vulnerability
zeroday.news · 108d ago·medium

CVE-2019-25606: Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the ap

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked.

CVE-2019-25604vulnerability
zeroday.news · 108d ago·high

CVE-2019-25604: DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows l

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.

CVE-2019-25603vulnerability
zeroday.news · 108d ago·high

CVE-2019-25603: TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attac

TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell.

CVE-2019-25601vulnerability
zeroday.news · 108d ago·medium

CVE-2019-25601: UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that a

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition.

CVE-2019-25600vulnerability
zeroday.news · 108d ago·medium

CVE-2019-25600: UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.

CVE-2019-25598vulnerability
zeroday.news · 108d ago·medium

CVE-2019-25598: HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash.

CVE-2019-25597vulnerability
zeroday.news · 108d ago·medium

CVE-2019-25597: NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local a

NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.

CVE-2019-25591vulnerability
zeroday.news · 108d ago·medium

CVE-2019-25591: DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input fie

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious registration code containing 300 repeated characters into the Name/Key field via the Register menu option.

CVE-2026-4535vulnerability
zeroday.news · 108d ago·high

CVE-2026-4535: A vulnerability has been found in Tenda FH451 1.0.0.9.

A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-4534vulnerability
zeroday.news · 108d ago·high

CVE-2026-4534: A flaw has been found in Tenda FH451 1.0.0.9.

A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

CVE-2019-25589vulnerability
zeroday.news · 108d ago·medium

CVE-2019-25589: ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows lo

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessing the Command Shell feature.