Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-40489

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-18 Apr, 2026 | 01:24
Updated At-20 Apr, 2026 | 16:15
Rejected At-
Credits

editorconfig-core-c has incomplete fix for CVE-2023-0341

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directory structure and .editorconfig file. This is an incomplete fix for CVE-2023-0341. The pcre_str buffer was protected in 0.12.6 but the adjacent l_pattern[8194] stack buffer received no equivalent protection. On Ubuntu 24.04, FORTIFY_SOURCE converts the overflow to SIGABRT (DoS). Version 0.12.11 contains an updated fix.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:18 Apr, 2026 | 01:24
Updated At:20 Apr, 2026 | 16:15
Rejected At:
â–¼CVE Numbering Authority (CNA)
editorconfig-core-c has incomplete fix for CVE-2023-0341

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directory structure and .editorconfig file. This is an incomplete fix for CVE-2023-0341. The pcre_str buffer was protected in 0.12.6 but the adjacent l_pattern[8194] stack buffer received no equivalent protection. On Ubuntu 24.04, FORTIFY_SOURCE converts the overflow to SIGABRT (DoS). Version 0.12.11 contains an updated fix.

Affected Products
Vendor
editorconfig
Product
editorconfig-core-c
Versions
Affected
  • < 0.12.11
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
4.08.6HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-97xg-vrcq-254h
x_refsource_CONFIRM
https://github.com/editorconfig/editorconfig-core-c/commit/5159be88ad50641d9843289adda791ba300421ff
x_refsource_MISC
https://github.com/editorconfig/editorconfig-core-c/releases/tag/v0.12.11
x_refsource_MISC
Hyperlink: https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-97xg-vrcq-254h
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/editorconfig/editorconfig-core-c/commit/5159be88ad50641d9843289adda791ba300421ff
Resource:
x_refsource_MISC
Hyperlink: https://github.com/editorconfig/editorconfig-core-c/releases/tag/v0.12.11
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:18 Apr, 2026 | 02:16
Updated At:20 Apr, 2026 | 18:59

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directory structure and .editorconfig file. This is an incomplete fix for CVE-2023-0341. The pcre_str buffer was protected in 0.12.6 but the adjacent l_pattern[8194] stack buffer received no equivalent protection. On Ubuntu 24.04, FORTIFY_SOURCE converts the overflow to SIGABRT (DoS). Version 0.12.11 contains an updated fix.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.6HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-121Primarysecurity-advisories@github.com
CWE-787Primarysecurity-advisories@github.com
CWE ID: CWE-121
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-787
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/editorconfig/editorconfig-core-c/commit/5159be88ad50641d9843289adda791ba300421ffsecurity-advisories@github.com
N/A
https://github.com/editorconfig/editorconfig-core-c/releases/tag/v0.12.11security-advisories@github.com
N/A
https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-97xg-vrcq-254hsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/editorconfig/editorconfig-core-c/commit/5159be88ad50641d9843289adda791ba300421ff
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/editorconfig/editorconfig-core-c/releases/tag/v0.12.11
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-97xg-vrcq-254h
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

67Records found

CVE-2024-53849
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 10.32%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 23:34
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Several stack buffer overflows and pointer overflows in editorconfig-core-c

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-editorconfigeditorconfig
Product-editorconfig-core-ceditorconfig
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-0341
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.97% / 57.38%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 23:22
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Buffer Overflow in editorconfig-core-c

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.

Action-Not Available
Vendor-editorconfigEditorConfig
Product-editorconfigEditorConfig C Core
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-6691
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-8.6||HIGH
EPSS-0.13% / 2.65%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 15:08
Updated-18 Jun, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI.

Action-Not Available
Vendor-MongoDB, Inc.
Product-c_driverMongoDB C Driver
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-25990
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.37% / 28.72%
||
7 Day CHG-0.00%
Published-11 Feb, 2026 | 20:53
Updated-01 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pillow has an out-of-bounds write when loading PSD images

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Action-Not Available
Vendor-python-pillowRed Hat, Inc.Python Software Foundation
Product-pillowPillowRed Hat Enterprise Linux 7Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat AI Inference ServerRed Hat AI Inference Server 3.3Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Quay 3.16Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Satellite 6.18 for RHEL 9Red Hat Ansible Automation Platform 2Red Hat AI Inference Server 3.2Red Hat Ansible Automation Platform 2.5Red Hat Satellite 6.17 for RHEL 9Red Hat Enterprise Linux 8Red Hat Satellite 6Red Hat Quay 3.12OpenShift LightspeedRed Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Ansible Automation Platform 2.6Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47538
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-1.25% / 65.72%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 18:52
Updated-17 Mar, 2026 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.

Action-Not Available
Vendor-gstreamergstreamer
Product-gstreamergstreamer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47613
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.88% / 54.77%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 19:14
Updated-17 Mar, 2026 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.

Action-Not Available
Vendor-gstreamergstreamer
Product-gstreamergstreamer
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47539
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.97% / 57.76%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 18:53
Updated-17 Mar, 2026 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.

Action-Not Available
Vendor-gstreamergstreamer
Product-gstreamergstreamer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47607
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-1.18% / 63.76%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 19:13
Updated-17 Mar, 2026 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header

GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.

Action-Not Available
Vendor-gstreamergstreamer
Product-gstreamergstreamer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47537
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.94% / 56.50%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 18:51
Updated-17 Mar, 2026 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.

Action-Not Available
Vendor-gstreamergstreamer
Product-gstreamergstreamer
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25373
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.18% / 7.95%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 14:15
Updated-27 May, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.

Action-Not Available
Vendor-SocuSoft
Product-DVD Photo Slideshow Professional
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-25212
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.21% / 10.74%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 13:24
Updated-31 Mar, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Boxoft wav-wma Converter 1.0 Local Buffer Overflow SEH

Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH chain and achieve code execution on Windows systems.

Action-Not Available
Vendor-boxoftBoxoft
Product-wav_to_wma_converterWAV to WMA Converter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25213
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.25% / 15.87%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 13:24
Updated-01 May, 2026 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nsauditor 3.0.28.0 Local SEH Buffer Overflow

Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through the DNS Query field to achieve code execution with application privileges.

Action-Not Available
Vendor-nsasoftNsauditor
Product-nsauditorNsauditor Local SEH Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25217
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.22% / 12.42%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 13:24
Updated-27 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution

PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field.

Action-Not Available
Vendor-rttsoftwareRttsoftware
Product-pdf_explorerPDF Explorer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25218
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.21% / 11.92%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 13:24
Updated-31 Mar, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow

PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution.

Action-Not Available
Vendor-passfabPassfab
Product-rar_password_recoveryRAR Password Recovery
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25219
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.25% / 15.87%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 13:24
Updated-31 Mar, 2026 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PassFab Excel Password Recovery 8.3.1 SEH Buffer Overflow

PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.

Action-Not Available
Vendor-passfabPassfab
Product-excel_password_recoveryExcel Password Recovery
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25222
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.14% / 3.78%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-01 May, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SC v7.16 Stack-Based Buffer Overflow Remote Code Execution

SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.

Action-Not Available
Vendor-sc
Product-SC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25251
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.18% / 8.31%
||
7 Day CHG~0.00%
Published-04 Apr, 2026 | 13:51
Updated-16 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Snes9K 0.0.9z Buffer Overflow SEH via Netplay Socket

Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation.

Action-Not Available
Vendor-SourceForge (Slashdot Media, LLC)
Product-Snes9K 0.0.9z
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25255
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.18% / 8.31%
||
7 Day CHG~0.00%
Published-04 Apr, 2026 | 13:51
Updated-16 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
10-Strike LANState 8.8 Local Buffer Overflow SEH

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.

Action-Not Available
Vendor-10-Strike
Product-Strike LANState
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25260
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.21% / 11.80%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 14:56
Updated-14 May, 2026 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MAGIX Music Editor 3.1 Buffer Overflow via SEH

MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu's FreeDB Proxy Options, and trigger code execution when settings are accepted.

Action-Not Available
Vendor-magixMagix
Product-music_editor_deluxeMAGIX Music Editor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25261
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.21% / 10.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 14:56
Updated-29 Apr, 2026 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Iperius Backup 5.8.1 Local Buffer Overflow SEH

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location field that triggers a buffer overflow when the backup job executes, enabling code execution with application privileges.

Action-Not Available
Vendor-entersrlIperiusbackup
Product-iperius_backupIperius Backup
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25265
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.21% / 10.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 14:57
Updated-14 May, 2026 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LanSpy 2.0.1.159 Local Buffer Overflow

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.

Action-Not Available
Vendor-lizardsystemsLizardsystems
Product-lanspyLanSpy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25268
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.20% / 10.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 14:57
Updated-27 Apr, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LanSpy 2.0.1.159 Local Buffer Overflow via Scan Field

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or potentially achieve code execution.

Action-Not Available
Vendor-lizardsystemsLizardsystems
Product-lanspyLanSpy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-25303
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.16% / 5.30%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 19:24
Updated-30 Apr, 2026 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution.

Action-Not Available
Vendor-Alloksoft
Product-Allok Video to DVD Burner
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-25344
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.16% / 5.78%
||
7 Day CHG~0.00%
Published-23 May, 2026 | 18:30
Updated-26 May, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.

Action-Not Available
Vendor-10-Strike
Product-Network Inventory Explorer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-25360
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.19% / 8.64%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 14:15
Updated-26 May, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructions that overwrite the SEH handler pointer to achieve code execution when the file contents are pasted into the application.

Action-Not Available
Vendor-Agatasoft
Product-Auto PingMaster
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-25375
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.18% / 7.95%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 14:15
Updated-26 May, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH

SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to trigger a stack-based buffer overflow and execute a reverse shell payload.

Action-Not Available
Vendor-SocuSoft
Product-iPod Photo Slideshow
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-25383
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.18% / 7.89%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 14:46
Updated-29 May, 2026 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Convert function, enabling execution of arbitrary code through ROP chain gadgets and shellcode injection.

Action-Not Available
Vendor-Commentcamarche
Product-Free MP3 CD Ripper
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-25322
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.42%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 12:11
Updated-18 May, 2026 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the License Name field to trigger the overflow and execute code with application privileges.

Action-Not Available
Vendor-alloksoft
Product-Fast AVI MPEG Splitter
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-42311
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.55%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 04:11
Updated-14 May, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.

Action-Not Available
Vendor-python-pillowPython Software Foundation
Product-pillowPillow
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-34588
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.48% / 38.10%
||
7 Day CHG+0.23%
Published-06 Apr, 2026 | 15:31
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Action-Not Available
Vendor-openexrAcademySoftwareFoundationRed Hat, Inc.
Product-openexropenexrRed Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat AI Inference Server 3.3
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47615
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-1.11% / 61.92%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 19:13
Updated-17 Mar, 2026 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer

GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.

Action-Not Available
Vendor-gstreamergstreamer
Product-gstreamergstreamer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-20226
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.55%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-01 May, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mapscrn 2.0.3 Stack-Based Buffer Overflow

Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.

Action-Not Available
Vendor-msk
Product-Mapscrn
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20037
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.39%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:57
Updated-30 Mar, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xwpe 1.5.30a-2.1 Stack-based Buffer Overflow

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service.

Action-Not Available
Vendor-Identicalsoftware
Product-xWPE
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20038
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.18% / 7.46%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-30 Mar, 2026 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yTree 1.94-1.1 Stack-Based Buffer Overflow

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.

Action-Not Available
Vendor-werner
Product-yTree
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20039
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.30%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-30 Mar, 2026 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multi Emulator Super System 0.154-3.1 Buffer Overflow

Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.

Action-Not Available
Vendor-mamedev
Product-Mess Emulator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20042
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.14% / 4.11%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-30 Mar, 2026 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TRN 3.6-23 Stack Buffer Overflow Local Code Execution

TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.

Action-Not Available
Vendor-trn
Product-Threaded USENET News Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20043
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.20% / 10.40%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-10 Apr, 2026 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NRSS RSS Reader 0.3.9-1 Stack Buffer Overflow

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and achieve code execution.

Action-Not Available
Vendor-nrssnrss
Product-nrssNRSS Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20044
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.24% / 15.15%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-10 Apr, 2026 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.

Action-Not Available
Vendor-surfpinfo
Product-pinfoPInfo
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20045
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.21% / 10.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-08 Apr, 2026 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HNB Organizer 1.9.18-10 Local Buffer Overflow via -rc Parameter

HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution.

Action-Not Available
Vendor-hnb_projecthnb
Product-hierarchical_notebookHNB
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20046
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.55%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-01 Apr, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.

Action-Not Available
Vendor-zFTP
Product-zFTP Client
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-20047
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.55%
||
7 Day CHG~0.00%
Published-28 Mar, 2026 | 11:58
Updated-30 Mar, 2026 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EKG Gadu 1.9 Local Buffer Overflow via Username Parameter

EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.

Action-Not Available
Vendor-ekg
Product-EKG Gadu
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25650
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.18% / 8.09%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 13:24
Updated-26 Mar, 2026 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow

River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110.

Action-Not Available
Vendor-riverpast
Product-River Past CamDo
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25701
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.21% / 11.01%
||
7 Day CHG~0.00%
Published-12 Apr, 2026 | 12:28
Updated-17 Apr, 2026 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Video to iPod Converter 1.6.20 Local Buffer Overflow SEH

Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.

Action-Not Available
Vendor-ether_softwareDivxtodvd
Product-easy_video_to_ipod_converterEasy Video to iPod Converter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25611
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.55%
||
7 Day CHG~0.00%
Published-22 Mar, 2026 | 13:38
Updated-16 Apr, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiniFtp parseconf_load_setting Buffer Overflow via Configuration

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.

Action-Not Available
Vendor-skyqinsc
Product-MiniFtp
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25689
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.21% / 10.74%
||
7 Day CHG~0.00%
Published-12 Apr, 2026 | 12:28
Updated-17 Apr, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process.

Action-Not Available
Vendor-socusoftHtml5Videoplayer
Product-html5_video_playerHTML5 Video Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25670
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.20% / 10.21%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 20:45
Updated-27 Apr, 2026 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
River Past Video Cleaner 7.6.3 Buffer Overflow via SEH

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception handler override, and shellcode to trigger code execution when the application processes the input.

Action-Not Available
Vendor-river_past_video_cleaner_projectRiver Past
Product-river_past_video_cleanerRiver Past Video Cleaner
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-37031
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.16% / 5.67%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 22:07
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Startup Manager 1.17 - 'File' Local Buffer Overflow

Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memory addresses to launch calc.exe.

Action-Not Available
Vendor-Ashkon Software
Product-Simple Startup Manager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-37221
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.74%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 14:22
Updated-13 May, 2026 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections and execute arbitrary commands with application privileges.

Action-Not Available
Vendor-Drive-software
Product-Atomic Alarm Clock
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25467
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.11% / 1.68%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:23
Updated-07 Apr, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Verypdf docPrint Pro 8.0 Local SEH Buffer Overflow

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.

Action-Not Available
Vendor-Verypdf
Product-docPrint Pro
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25607
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.15% / 4.69%
||
7 Day CHG~0.00%
Published-22 Mar, 2026 | 13:38
Updated-16 Apr, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

Action-Not Available
Vendor-Labf
Product-Axessh
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found