CWE-121— Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).— MITRE CWE catalog
3,266 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 41 of 66
- CVE-2024-8227HIGHCVSS 8.8EG 8.82024-08-28
A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/d…
- CVE-2024-8228HIGHCVSS 8.8EG 8.82024-08-28
A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-…
- CVE-2024-8229HIGHCVSS 8.8EG 8.82024-08-28
A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-ba…
- CVE-2024-8230HIGHCVSS 8.8EG 8.82024-08-28
A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack…
- CVE-2024-8231HIGHCVSS 8.8EG 8.82024-08-28
A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based …
- CVE-2024-8408MEDIUMCVSS 6.3EG 6.32024-09-04
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argume…
- CVE-2024-9043CRITICALCVSS 9.8EG 9.82024-09-20
Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system adminis…
- CVE-2024-9261HIGHCVSS 7.8EG 7.82024-11-22
IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploi…
- CVE-2024-9284MEDIUMCVSS 6.5EG 6.52024-09-27
A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to…
- CVE-2024-9726HIGHCVSS 7.8EG 7.82024-11-22
Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User inter…
- CVE-2024-9745HIGHCVSS 7.8EG 7.82024-11-22
Tungsten Automation Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF…
- CVE-2025-0282CRITICALCVSS 9.0EG 9.0⚠ KEV2025-01-08
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve r…
- CVE-2025-0283HIGHCVSS 7.0EG 7.02025-01-08
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate the…
- CVE-2025-0349HIGHCVSS 8.8EG 8.82025-01-09
A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer ov…
- CVE-2025-0373MEDIUMCVSS 6.0EG 6.02025-01-30
On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system c…
- CVE-2025-0438HIGHCVSS 8.8EG 8.82025-01-15
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0529MEDIUMCVSS 5.3EG 5.32025-01-17
A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the argument username leads to stack-based buf…
- CVE-2025-0566HIGHCVSS 8.8EG 8.82025-01-19
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It i…
- CVE-2025-0649HIGHCVSS 7.5EG 7.52025-05-06
Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.
- CVE-2025-0720LOWCVSS 3.3EG 3.32025-01-26
A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rtscanner of the component Folder Watch Li…
- CVE-2025-0840MEDIUMCVSS 5.0EG 5.02025-01-29
A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overfl…
- CVE-2025-0848MEDIUMCVSS 6.5EG 6.52025-01-30
A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the ar…
- CVE-2025-10392CRITICALCVSS 9.8EG 9.82025-09-14
A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can b…
- CVE-2025-10432CRITICALCVSS 9.8EG 9.82025-09-15
A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU res…
- CVE-2025-10773HIGHCVSS 8.8EG 8.82025-09-22
A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface. The manipulation of the argument Type …
- CVE-2025-10779HIGHCVSS 8.8EG 8.82025-09-22
A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may b…
- CVE-2025-10925HIGHCVSS 7.8EG 7.82025-10-29
GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vu…
- CVE-2025-11012MEDIUMCVSS 5.3EG 5.32025-09-26
A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can …
- CVE-2025-11122HIGHCVSS 8.8EG 8.82025-09-28
A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. The attack can be launched re…
- CVE-2025-11123HIGHCVSS 8.8EG 8.82025-09-28
A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The explo…
- CVE-2025-11324HIGHCVSS 8.8EG 8.82025-10-06
A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow…
- CVE-2025-11325HIGHCVSS 8.8EG 8.82025-10-06
A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing a manipulation of the argument Username results in stack-based…
- CVE-2025-11326HIGHCVSS 8.8EG 8.82025-10-06
A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing a manipulation of the argument wifi_chkHz can lead to stack-based buffer overflow. The attack may …
- CVE-2025-11327HIGHCVSS 8.8EG 8.82025-10-06
A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based buffer overflow. It is possibl…
- CVE-2025-11328HIGHCVSS 8.8EG 8.82025-10-06
A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to laun…
- CVE-2025-11386HIGHCVSS 8.8EG 8.82025-10-07
A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer …
- CVE-2025-11387HIGHCVSS 8.8EG 8.82025-10-07
A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiat…
- CVE-2025-11388HIGHCVSS 8.8EG 8.82025-10-07
A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched rem…
- CVE-2025-11389HIGHCVSS 8.8EG 8.82025-10-07
A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of…
- CVE-2025-11418CRITICALCVSS 9.8EG 9.82025-10-08
A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mit_ssid_in…
- CVE-2025-11524HIGHCVSS 8.8EG 8.82025-10-09
A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn causes stack-based buffer overflow. The attack can be initiated remotely. T…
- CVE-2025-11525HIGHCVSS 8.8EG 8.82025-10-09
A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads to stack-based buffer overflow. The attack can be launched remotely. Th…
- CVE-2025-11526HIGHCVSS 8.8EG 8.82025-10-09
A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack m…
- CVE-2025-11527HIGHCVSS 8.8EG 8.82025-10-09
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The…
- CVE-2025-11528HIGHCVSS 8.8EG 8.82025-10-09
A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is p…
- CVE-2025-11541CRITICALCVSS 9.8EG 9.82025-12-22
Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
- CVE-2025-11542CRITICALCVSS 9.8EG 9.82025-12-22
Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.
- CVE-2025-11549HIGHCVSS 8.8EG 8.82025-10-09
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based b…
- CVE-2025-11586HIGHCVSS 8.8EG 8.82025-10-10
A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carr…
- CVE-2025-1163MEDIUMCVSS 5.3EG 5.32025-02-11
A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. This vulnerability affects the function login of the component Authentication. The manipulation of the argument username leads to stac…
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →