Skip to main content

CWE-119

Buffer Overflow

8987 CVEs Avg CVSS 7.8 MITRE
2309
CRITICAL
4368
HIGH
2038
MEDIUM
264
LOW
2506
POC
42
KEV

Monthly

CVE-2026-33444 MEDIUM PATCH This Month

Non-persistent denial-of-service against Absolute Secure Access servers prior to version 14.55 is achievable by an attacker who has intimate knowledge of and total control over the tunnel protocol. The attack exploits a memory management flaw in the server component, causing service disruption that does not persist after the attack ends, meaning the server recovers without administrator intervention. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the network-accessible attack surface warrants patching given Absolute Secure Access is a perimeter access product. Notably, the vendor-supplied tag includes 'Information Disclosure,' which conflicts with the DoS-only description and may indicate additional undisclosed impact.

Secure Access Buffer Overflow
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-20156 HIGH This Week

Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector.

Buffer Overflow Cisco Cisco Roomos Software
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-15194 LOW Monitor

Use-after-free in Open5GS 2.7.7's AMF component allows a local low-privileged user to access freed memory within the `amf_context_final` function in `src/amf/context.c`, producing a low-severity confidentiality exposure. Exploitation is strictly local - no network vector exists - and a public proof-of-concept is confirmed by the CVSS 4.0 E:P supplemental modifier. This vulnerability is not listed in the CISA KEV catalog and carries a CVSS 4.0 base score of 1.9, reflecting its constrained real-world impact on what is a niche, telecom-research-oriented software stack.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2022-46292 PyPI HIGH POC PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading the "UNIT CELL TRANSLATION" block of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Python Cisco Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2026-14607 MEDIUM POC PATCH This Month

Memory corruption in RT-Thread's Linux-compatible process (lwp) syscall layer allows a local low-privileged user to crash the RTOS kernel by supplying a crafted `ai_addr` argument to the `sys_getaddrinfo` handler in `components/lwp/lwp_syscall.c`. All RT-Thread versions through 5.0.2 are affected, with impact limited to availability (VA:H) - no confidentiality or integrity loss is indicated. A public proof-of-concept exists (GitHub issue #11428), though exploitation is not confirmed in CISA KEV; the upstream fix remains an unmerged pull request, leaving all deployed versions currently unpatched.

Buffer Overflow Rt Thread
NVD VulDB GitHub
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-52188 MEDIUM This Month

Denial-of-service via buffer overflow in UTT nv518G firmware (nv518GV3v3.2.7-210919-161313) allows an adjacent-network attacker to crash the device by sending a crafted request to the GoAhead embedded webserver's sub_497498 handler. The vulnerability is rooted in CWE-119 (improper bounds restriction) and requires no authentication, meaning any host on the same LAN segment can trigger device unavailability. A GitHub-hosted CVE report with technical detail exists, indicating publicly available exploit code, though EPSS at 0.22% (13th percentile) reflects low observed exploitation probability - consistent with the limited geographic and market footprint of UTT devices.

Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14407 HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Buffer Overflow Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-46295 PyPI HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MSI parser allowed an out-of-bounds write into the `translationVectors[]` array when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46294 PyPI HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MOPAC input parser allowed an out-of-bounds write into the `translationVectors[]` array when reading Tv (translation-vector) atoms from a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46293 PyPI HIGH PATCH GHSA This Week

### Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading the "FINAL POINT" block of a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Non-persistent denial-of-service against Absolute Secure Access servers prior to version 14.55 is achievable by an attacker who has intimate knowledge of and total control over the tunnel protocol. The attack exploits a memory management flaw in the server component, causing service disruption that does not persist after the attack ends, meaning the server recovers without administrator intervention. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the network-accessible attack surface warrants patching given Absolute Secure Access is a perimeter access product. Notably, the vendor-supplied tag includes 'Information Disclosure,' which conflicts with the DoS-only description and may indicate additional undisclosed impact.

Secure Access Buffer Overflow
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector.

Buffer Overflow Cisco Cisco Roomos Software
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Use-after-free in Open5GS 2.7.7's AMF component allows a local low-privileged user to access freed memory within the `amf_context_final` function in `src/amf/context.c`, producing a low-severity confidentiality exposure. Exploitation is strictly local - no network vector exists - and a public proof-of-concept is confirmed by the CVSS 4.0 E:P supplemental modifier. This vulnerability is not listed in the CISA KEV catalog and carries a CVSS 4.0 base score of 1.9, reflecting its constrained real-world impact on what is a niche, telecom-research-oriented software stack.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

### Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading the "UNIT CELL TRANSLATION" block of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Python Cisco Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Memory corruption in RT-Thread's Linux-compatible process (lwp) syscall layer allows a local low-privileged user to crash the RTOS kernel by supplying a crafted `ai_addr` argument to the `sys_getaddrinfo` handler in `components/lwp/lwp_syscall.c`. All RT-Thread versions through 5.0.2 are affected, with impact limited to availability (VA:H) - no confidentiality or integrity loss is indicated. A public proof-of-concept exists (GitHub issue #11428), though exploitation is not confirmed in CISA KEV; the upstream fix remains an unmerged pull request, leaving all deployed versions currently unpatched.

Buffer Overflow Rt Thread
NVD VulDB GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial-of-service via buffer overflow in UTT nv518G firmware (nv518GV3v3.2.7-210919-161313) allows an adjacent-network attacker to crash the device by sending a crafted request to the GoAhead embedded webserver's sub_497498 handler. The vulnerability is rooted in CWE-119 (improper bounds restriction) and requires no authentication, meaning any host on the same LAN segment can trigger device unavailability. A GitHub-hosted CVE report with technical detail exists, indicating publicly available exploit code, though EPSS at 0.22% (13th percentile) reflects low observed exploitation probability - consistent with the limited geographic and market footprint of UTT devices.

Denial Of Service Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

### Summary A memory-safety vulnerability in Open Babel's MSI parser allowed an out-of-bounds write into the `translationVectors[]` array when reading a crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

### Summary A memory-safety vulnerability in Open Babel's MOPAC input parser allowed an out-of-bounds write into the `translationVectors[]` array when reading Tv (translation-vector) atoms from a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

### Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the `translationVectors[]` array when reading the "FINAL POINT" block of a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Cisco
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy