CVE-2025-51087
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time l
CVSS
8.6
Alto
EPSS
7.9%
p94
KEV
—
Exploit Today
28
0-100
Publicado: 24 jul 2025 · Última mod.: 5 jul 2026 · CWE-121
7.9%EPSS · 30 días8.4%
2026-06-302026-07-16
Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.12dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.12dCVE-2025-606908.8 ALT89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.12dCVE-2026-248818.1 ALT75.2%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.2dCVE-2026-503877.8 ALT75.0%
——22Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.20hCVE-2026-322037.5 ALT72.3%
——22Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.2d