CVE-2026-50259
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWi
CVSS
7.8
Alto
EPSS
0.2%
p6
KEV
—
Exploit Today
2
0-100
Publicado: 5 jun 2026 · Última mod.: 15 jul 2026 · CWE-121
0.2%EPSS · 30 días0.2%
2026-06-302026-07-17
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26562
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26566
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26590
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26610
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:26709
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:28923
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:29844
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36083
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36085
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36086
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36087
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36632
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36633
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36634
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36768
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36791
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36792
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36798
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:38502
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:38810
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-510878.6 ALT94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.13dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.13dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.13dCVE-2021-271378.1 ALT91.8%
——28An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP (which is off by default, and only listens on internal interfaces by default). This occurs in ssdp_msearch (reachable by an M-SEARCH request).1dCVE-2025-606908.8 ALT89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.13dCVE-2026-248818.1 ALT75.3%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.3d