Skip to main content

CWE-118

Incorrect Access of Indexable Resource ('Range Error')

16 CVEs Avg CVSS 7.0 MITRE
1
CRITICAL
7
HIGH
8
MEDIUM
0
LOW
5
POC
0
KEV

Monthly

CVE-2026-50367 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Sensor Data Service allows an authenticated low-privileged user to gain full SYSTEM-level control on affected Windows 10, Windows 11, and Windows Server (2019-2025) systems. The flaw stems from incorrect access to an indexable resource (a range/bounds error, CWE-118) and yields high confidentiality, integrity, and availability impact per the CVSS 7.8 vector. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-54628 MEDIUM This Month

Vulnerability of incomplete verification information in the communication module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-48902 MEDIUM This Month

A remote code execution vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-43524 MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2023-37923 HIGH POC This Week

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37922 HIGH POC This Week

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37921 HIGH POC This Week

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-0201 MEDIUM This Month

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Bmc
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-36402 MEDIUM This Month

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-3369 HIGH This Week

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sd Wan Firmware Vedge Cloud Router
NVD
CVSS 3.1
7.5
EPSS
1.4%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Sensor Data Service allows an authenticated low-privileged user to gain full SYSTEM-level control on affected Windows 10, Windows 11, and Windows Server (2019-2025) systems. The flaw stems from incorrect access to an indexable resource (a range/bounds error, CWE-118) and yields high confidentiality, integrity, and availability impact per the CVSS 7.8 vector. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability of incomplete verification information in the communication module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

A remote code execution vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Windows Mobile Broadband Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1809 +8
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gtkwave
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gtkwave
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gtkwave
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sd Wan Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy