CWE-121— Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).— MITRE CWE catalog
3,266 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 53 of 66
- CVE-2025-62507HIGHCVSS 8.8EG 8.82025-11-04
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution.…
- CVE-2025-62579HIGHCVSS 7.8EG 7.82025-10-16
ASDA-Soft Stack-based Buffer Overflow Vulnerability
- CVE-2025-62580HIGHCVSS 7.8EG 7.82025-10-16
ASDA-Soft Stack-based Buffer Overflow Vulnerability
- CVE-2025-62691CRITICALCVSS 9.8EG 9.82025-11-25
Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code e…
- CVE-2025-62852MEDIUMCVSS 6.5EG 6.52026-01-02
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have …
- CVE-2025-62858MEDIUMCVSS 6.5EG 6.52026-06-09
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have …
- CVE-2025-6291HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to ini…
- CVE-2025-6292HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The att…
- CVE-2025-6302HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack…
- CVE-2025-63147HIGHCVSS 7.5EG 7.52025-11-10
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63149HIGHCVSS 7.5EG 7.52025-11-10
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63152HIGHCVSS 7.5EG 7.52025-11-10
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63153HIGHCVSS 7.5EG 7.52025-11-10
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63154HIGHCVSS 7.5EG 7.52025-11-10
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2025-6328HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiat…
- CVE-2025-6334HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can b…
- CVE-2025-63454HIGHCVSS 7.5EG 7.52025-10-31
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63455HIGHCVSS 7.5EG 7.52025-11-10
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63456HIGHCVSS 7.5EG 7.52025-11-10
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63457HIGHCVSS 7.5EG 7.52025-11-10
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63458HIGHCVSS 7.5EG 7.52025-10-31
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63459HIGHCVSS 7.5EG 7.52025-10-31
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63460HIGHCVSS 7.5EG 7.52025-10-31
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63461HIGHCVSS 7.5EG 7.52025-10-31
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63462HIGHCVSS 7.5EG 7.52025-10-31
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63463HIGHCVSS 7.5EG 7.52025-10-31
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63464HIGHCVSS 7.5EG 7.52025-10-31
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63465HIGHCVSS 7.5EG 7.52025-10-31
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63466HIGHCVSS 7.5EG 7.52025-10-31
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63467HIGHCVSS 7.5EG 7.52025-10-31
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63468HIGHCVSS 7.5EG 7.52025-10-31
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63469HIGHCVSS 7.5EG 7.52025-10-31
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63658HIGHCVSS 7.5EG 7.52026-01-29
A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CVE-2025-6367HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability was found in D-Link DIR-619L 2.06B01. It has been declared as critical. This vulnerability affects unknown code of the file /goform/formSetDomainFilter. The manipulation of the argument curTime/sched_name_%d/url_%d leads to…
- CVE-2025-6368HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument curTime/config.smtp_email_subject leads to…
- CVE-2025-6369HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads …
- CVE-2025-6370HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-…
- CVE-2025-6371HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime lead…
- CVE-2025-6372HIGHCVSS 8.8EG 8.82025-06-20
A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer over…
- CVE-2025-6373HIGHCVSS 8.8EG 8.82025-06-21
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of the argument curTime leads to stack-base…
- CVE-2025-6374HIGHCVSS 8.8EG 8.82025-06-21
A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer ov…
- CVE-2025-63835HIGHCVSS 8.8EG 8.82025-11-10
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by send…
- CVE-2025-64053HIGHCVSS 7.5EG 8.22025-12-05
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
- CVE-2025-64096HIGHCVSS 8.8EG 8.82025-10-30
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to…
- CVE-2025-64331HIGHCVSS 7.5EG 7.52025-11-26
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user …
- CVE-2025-64332HIGHCVSS 7.5EG 7.52025-11-26
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF deco…
- CVE-2025-64333HIGHCVSS 7.5EG 7.52025-11-26
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow cr…
- CVE-2025-64344HIGHCVSS 7.5EG 7.52025-11-26
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overfl…
- CVE-2025-64469HIGHCVSS 7.8EG 7.82025-12-18
There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploit…
- CVE-2025-64657CRITICALCVSS 9.8EG 9.82025-11-26
Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →