By weakness (CWE)
CWE-120: related vulnerabilities
CVEs classified under CWE-120. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
16 published vulnerabilities
- CVE-2026-10126HIGH 8.8
A buffer overflow vulnerability exists in Edimax BR-6478AC version 1.23 that allows authenticated users to crash the device or potentially execute arbitrary code. The flaw is in the QoS settings handler and can be triggered by sending a specially crafted request with an oversized value in the selSSID parameter. An attacker with valid router credentials can exploit this remotely without user interaction. Public exploit code is available, elevating the practical risk.
- CVE-2026-10163HIGH 8.8
A buffer overflow vulnerability exists in Edimax BR-6478AC version 1.23 that allows authenticated users to crash the router or potentially execute code by sending specially crafted requests to the USB account configuration endpoint. An attacker with login credentials can exploit this flaw remotely without further user interaction. The vulnerability has already been publicly disclosed, increasing the likelihood of active exploitation.
- CVE-2026-10164HIGH 8.8
A buffer overflow vulnerability exists in Edimax BR-6478AC router firmware version 1.23 that allows authenticated users to execute arbitrary code on the device. The flaw resides in the USB folder sharing feature and can be triggered by sending a specially crafted request with an oversized ShareName or SelectName parameter. Because the vulnerability requires valid credentials and the exploit has already been disclosed publicly, the risk of active exploitation is elevated.
- CVE-2026-30650HIGH 8.8
A remote code execution flaw exists in Vivotek FD8136 network cameras that allows an authenticated attacker to take complete control of the device. The vulnerability resides in the admin interface's event task handler and can be exploited over the network without user interaction, enabling an attacker with valid credentials to execute arbitrary commands with root-level privileges.
- CVE-2026-30652HIGH 8.8
A buffer overflow flaw in Vivotek FD8136 network cameras allows authenticated users with admin access to run malicious code with root-level privileges on the device. The vulnerability exists in a specific administrative interface endpoint and affects cameras running firmware version FD8136-VVTK-0300a. An attacker would need valid credentials to exploit it, but once inside the admin panel, they could completely compromise the camera and potentially use it as a foothold into your network.
- CVE-2018-25432HIGH 8.4
Arm Whois version 3.11 contains a buffer overflow flaw that allows attackers with local access to execute arbitrary code. The vulnerability stems from insufficient bounds checking when processing input, allowing an attacker to craft a specially crafted file that overwrites critical memory structures used by Windows exception handling. This hijacking of the structured exception handler (SEH) gives the attacker the ability to run malicious code with the privileges of the user running the application.
- CVE-2019-25733HIGH 8.4
NetShareWatcher version 1.5.8.0 contains a memory safety flaw that lets a local attacker run malicious code on an affected system. The vulnerability exists in how the application handles user-supplied text in its Restrictions custom filter field. When a specially crafted filter is supplied and the Find function is triggered, the application's exception handling mechanism can be hijacked to execute arbitrary commands with the privileges of the user running NetShareWatcher. This is a local-only attack—the attacker must have access to the machine running the application.
- CVE-2019-25735HIGH 8.4
AllPlayer version 7.4 contains a buffer overflow flaw in how it processes URLs. When a user opens the application's URL dialog and pastes an unusually long URL string, the application fails to validate the input length properly. This allows an attacker to overwrite critical memory structures called structured exception handlers (SEH pointers), which Windows uses to manage error handling. By crafting a malicious URL, an attacker can hijack this process to execute arbitrary commands on the affected system with the same privileges as the logged-in user.
- CVE-2019-25736HIGH 8.4
LabF nfsAxe 3.7 Ping Client is vulnerable to a buffer overflow flaw that allows an unauthenticated attacker with local system access to run arbitrary code. An attacker can craft a malicious input file and submit it through the Host IP field to overwrite memory and execute commands with the privileges of the user running the application.
- CVE-2026-28580HIGH 7.8
CVE-2026-28580 is a local privilege escalation vulnerability affecting Google Android. An attacker with basic user-level access to a device can exploit an incorrect bounds check in multiple persistence-related functions to gain elevated privileges without requiring additional capabilities or interaction from the user. The issue stems from a synchronization problem that allows the attacker to manipulate persistent data in an unexpected way, ultimately escalating their permissions on the system.
- CVE-2018-25426HIGH 7.5
WinMTR version 0.91 has a denial-of-service flaw that allows remote attackers to crash the application without authentication. By sending a specially crafted input file with approximately 238 bytes of repeated characters, an attacker can trigger a buffer overflow condition that terminates the application. This is a straightforward denial-of-service attack with no authentication requirement, making it accessible to any network-adjacent threat actor.
- CVE-2026-3870MEDIUM 6.5
Zyxel VMG4005-B50B routers with firmware up to version 5.13(ABRL.5.4)C0 contain a buffer overflow flaw in their UPnP port-mapping feature. An attacker on the same local network can exploit this to crash the UPnP service temporarily, preventing legitimate port-forwarding operations until the service recovers or the device is rebooted.
- CVE-2026-3871MEDIUM 6.5
Zyxel VMG4005-B50B gateway devices running firmware version 5.13(ABRL.5.4)C0 and earlier contain a buffer overflow flaw in the UPnP DeletePortMapping command. An attacker on the same local network can exploit this to crash the UPnP service, temporarily disabling port mapping features. The vulnerability requires network adjacency and does not enable data theft or system compromise, but does degrade device functionality.
- CVE-2018-25423MEDIUM 6.2
Arm Whois version 3.11 has a buffer overflow flaw that allows local users to crash the application by entering an extremely long string into IP address or domain input fields. An attacker with local access can supply a malicious 700-byte input to trigger a denial of service, making the tool temporarily unavailable but without risking data theft or system compromise.
- CVE-2026-10275MEDIUM 5.0
A buffer overflow vulnerability exists in OpenSC versions up to 0.26.1 within the pkcs11-tool component's key generation functionality. The flaw allows an attacker to overflow a buffer during certificate writing operations, potentially enabling remote code execution or data corruption. Exploitation requires user interaction and specific conditions, making it moderately difficult to weaponize, though a proof-of-concept has already been disclosed.
- CVE-2026-0056LOW 3.3
CVE-2026-0056 is a memory safety issue in Android's ResourceTypes.cpp component where an incorrect bounds check allows a local process to read data outside intended memory boundaries. This flaw exposes sensitive information resident in adjacent memory to any app with basic local access—no special permissions, elevated privileges, or user interaction required. The vulnerability is classified as low severity due to its limited scope and local-only nature.