CWE-121— Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).— MITRE CWE catalog
3,273 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 61 of 66
- CVE-2026-26354HIGHCVSS 8.1EG 8.12026-04-22
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-base…
- CVE-2026-26731HIGHCVSS 8.8EG 8.82026-02-17
TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function.
- CVE-2026-26732HIGHCVSS 8.8EG 8.82026-02-17
TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.
- CVE-2026-26736HIGHCVSS 8.8EG 8.82026-02-17
TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.
- CVE-2026-26738HIGHCVSS 7.8EG 7.82026-03-10
Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
- CVE-2026-26951MEDIUMCVSS 6.7EG 6.72026-04-20
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attac…
- CVE-2026-27671CRITICALCVSS 9.8EG 9.82026-06-09
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management,…
- CVE-2026-28221MEDIUMCVSS 6.5EG 6.52026-04-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() in wazuh-remoted. The bug is triggered wh…
- CVE-2026-28846HIGHCVSS 7.5EG 7.52026-05-11
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26…
- CVE-2026-28848HIGHCVSS 7.5EG 7.52026-05-11
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.
- CVE-2026-28897MEDIUMCVSS 6.2EG 6.22026-05-11
A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 2…
- CVE-2026-29628MEDIUMCVSS 6.2EG 6.22026-04-13
A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl file.
- CVE-2026-29972HIGHCVSS 8.2EG 8.22026-05-08
nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server r…
- CVE-2026-29974HIGHCVSS 7.5EG 7.52026-05-08
An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan on untrusted input are vulnerable to a st…
- CVE-2026-30363HIGHCVSS 8.4EG 8.42026-05-01
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
- CVE-2026-30364HIGHCVSS 7.5EG 7.52026-04-15
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
- CVE-2026-30649HIGHCVSS 7.3EG 7.32026-06-02
Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
- CVE-2026-3081HIGHCVSS 7.8EG 7.82026-03-16
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is req…
- CVE-2026-30814HIGHCVSS 8.0EG 8.02026-04-08
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file.…
- CVE-2026-31267MEDIUMCVSS 5.7EG 5.72026-07-09
Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with adminis…
- CVE-2026-32195HIGHCVSS 7.0EG 7.02026-04-14
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-32203HIGHCVSS 7.5EG 7.52026-04-14
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
- CVE-2026-32661CRITICALCVSS 9.8EG 9.82026-05-13
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be exec…
- CVE-2026-32925HIGHCVSS 7.8EG 7.82026-04-01
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
- CVE-2026-32928HIGHCVSS 7.8EG 7.82026-04-01
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
- CVE-2026-32955HIGHCVSS 8.8EG 8.82026-04-20
SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
- CVE-2026-33447CRITICALCVSS 9.8EG 9.82026-04-30
CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably…
- CVE-2026-33449HIGHCVSS 7.5EG 7.52026-04-30
CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small por…
- CVE-2026-33452MEDIUMCVSS 5.5EG 5.52026-04-30
CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.
- CVE-2026-33554HIGHCVSS 7.5EG 7.52026-03-24
ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large …
- CVE-2026-34122MEDIUMCVSS 6.5EG 6.52026-04-02
A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively …
- CVE-2026-34459HIGHCVSS 8.8EG 8.82026-05-05
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox esca…
- CVE-2026-34461HIGHCVSS 7.8EG 7.82026-05-05
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_INI_RUN_SBIE_CTRL message is handled befo…
- CVE-2026-34462HIGHCVSS 7.8EG 7.82026-05-05
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from …
- CVE-2026-34464HIGHCVSS 8.8EG 8.82026-05-05
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer usin…
- CVE-2026-34690HIGHCVSS 7.8EG 7.82026-05-12
After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact…
- CVE-2026-34695HIGHCVSS 7.8EG 7.82026-06-09
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inter…
- CVE-2026-34697HIGHCVSS 7.8EG 7.82026-06-09
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inter…
- CVE-2026-34702HIGHCVSS 7.8EG 7.82026-06-09
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inter…
- CVE-2026-34708HIGHCVSS 7.8EG 7.82026-06-09
InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in …
- CVE-2026-35083HIGHCVSS 8.8EG 8.82026-06-03
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
- CVE-2026-35084HIGHCVSS 8.8EG 8.82026-06-03
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
- CVE-2026-35085HIGHCVSS 8.8EG 8.82026-06-03
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
- CVE-2026-35553MEDIUMCVSS 6.7EG 6.72026-04-13
Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.
- CVE-2026-35716MEDIUMCVSS 6.3EG 6.32026-06-02
A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi…
- CVE-2026-35717MEDIUMCVSS 6.3EG 6.32026-06-02
A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export_la…
- CVE-2026-36770HIGHCVSS 7.5EG 7.52026-06-09
Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafte…
- CVE-2026-36771HIGHCVSS 7.5EG 7.52026-06-09
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Servic…
- CVE-2026-36772MEDIUMCVSS 6.5EG 6.52026-06-09
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Servic…
- CVE-2026-36773MEDIUMCVSS 6.5EG 6.52026-06-09
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS)…
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →