Skip to main content

CWE-125

Out-of-bounds Read

6961 CVEs Avg CVSS 6.7 MITRE
553
CRITICAL
2962
HIGH
3142
MEDIUM
288
LOW
1133
POC
18
KEV

Monthly

CVE-2026-62353 MEDIUM PATCH This Month

Out-of-bounds read in TDengine's SQL tokenizer (versions prior to 3.4.1.14) allows an authenticated user with SQL query access to crash the database server and potentially leak one byte of adjacent heap memory. The flaw resides in tGetToken() within source/libs/parser/src/parTokenizer.c, triggered by submitting a SQL string literal ending in a bare backslash (e.g., 'abc\). No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
5.4
CVE-2026-62351 HIGH PATCH This Week

Denial of service in TDengine time-series database versions prior to 3.4.1.15 allows unauthenticated remote attackers to crash the server by sending a malformed compressed RPC packet. The transDecompressMsg() function trusts a compression-length field without verifying the packet is large enough to contain the 8-byte STransCompMsg header, leading to an out-of-bounds read, uncontrolled/underflowed allocation, and process crash. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; a vendor fix exists in 3.4.1.15.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
7.5
CVE-2026-60065 MEDIUM PATCH This Month

Heap buffer over-read in NGINX Plus's MQTT filter module (ngx_stream_mqtt_filter_module) allows unauthenticated remote attackers to crash the NGINX worker process, causing a brief, recoverable service disruption. The vulnerability is data-plane only - no control plane exposure exists - and exploitation depends partly on runtime conditions outside the attacker's control, reflected by the CVSS 4.0 AT:P metric. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; F5 has released a patch documented in advisory K000162101.

Nginx Buffer Overflow Information Disclosure Nginx Plus
NVD
CVSS 4.0
6.3
CVE-2026-61862 LOW PATCH Monitor

ImageMagick before 7.1.2-26 (7.x branch) and 6.9.13-51 (6.x branch) discloses one byte of process memory beyond a profile boundary when the `identify` command is run with debug output enabled and the embedded profile ends with a non-printable byte. The out-of-bounds read (CWE-125) is highly conditional - requiring local access, explicit debug mode activation, and a specifically crafted profile payload - keeping real-world impact extremely low despite ImageMagick's broad deployment footprint. No public exploit code or active exploitation has been identified at time of analysis.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 4.0
2.1
CVE-2026-15030 MEDIUM This Month

Out-of-bounds memory read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager exposes kernel and firmware memory contents to local administrators via a crafted IOCTL request that bypasses the driver's length validation. The vulnerability (CWE-125) is constrained to AV:L/PR:H, meaning exploitation requires prior establishment of local administrator access on a system where the affected ASUS software is installed. No public exploit code or active exploitation has been confirmed at time of analysis; the ASUS Security Advisory documents the remediation path.

Buffer Overflow Information Disclosure System Control Interface V3 System Control Interface Business Manager
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2026-47979 MEDIUM This Month

Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-15714 MEDIUM This Month

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.

Buffer Overflow Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-15720 HIGH This Week

Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.

Buffer Overflow Denial Of Service Information Disclosure Open5gs
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2026-15712 MEDIUM This Month

Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Buffer Overflow Denial Of Service Information Disclosure Red Hat Enterprise Linux 10
NVD VulDB
CVSS 3.1
5.9
EPSS
0.5%
CVE-2026-47969 MEDIUM This Month

Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Audition
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds read in TDengine's SQL tokenizer (versions prior to 3.4.1.14) allows an authenticated user with SQL query access to crash the database server and potentially leak one byte of adjacent heap memory. The flaw resides in tGetToken() within source/libs/parser/src/parTokenizer.c, triggered by submitting a SQL string literal ending in a bare backslash (e.g., 'abc\). No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

Denial of service in TDengine time-series database versions prior to 3.4.1.15 allows unauthenticated remote attackers to crash the server by sending a malformed compressed RPC packet. The transDecompressMsg() function trusts a compression-length field without verifying the packet is large enough to contain the 8-byte STransCompMsg header, leading to an out-of-bounds read, uncontrolled/underflowed allocation, and process crash. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; a vendor fix exists in 3.4.1.15.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 6.3
MEDIUM PATCH This Month

Heap buffer over-read in NGINX Plus's MQTT filter module (ngx_stream_mqtt_filter_module) allows unauthenticated remote attackers to crash the NGINX worker process, causing a brief, recoverable service disruption. The vulnerability is data-plane only - no control plane exposure exists - and exploitation depends partly on runtime conditions outside the attacker's control, reflected by the CVSS 4.0 AT:P metric. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; F5 has released a patch documented in advisory K000162101.

Nginx Buffer Overflow Information Disclosure +1
NVD
CVSS 2.1
LOW PATCH Monitor

ImageMagick before 7.1.2-26 (7.x branch) and 6.9.13-51 (6.x branch) discloses one byte of process memory beyond a profile boundary when the `identify` command is run with debug output enabled and the embedded profile ends with a non-printable byte. The out-of-bounds read (CWE-125) is highly conditional - requiring local access, explicit debug mode activation, and a specifically crafted profile payload - keeping real-world impact extremely low despite ImageMagick's broad deployment footprint. No public exploit code or active exploitation has been identified at time of analysis.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM This Month

Out-of-bounds memory read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager exposes kernel and firmware memory contents to local administrators via a crafted IOCTL request that bypasses the driver's length validation. The vulnerability (CWE-125) is constrained to AV:L/PR:H, meaning exploitation requires prior establishment of local administrator access on a system where the affected ASUS software is installed. No public exploit code or active exploitation has been confirmed at time of analysis; the ASUS Security Advisory documents the remediation path.

Buffer Overflow Information Disclosure System Control Interface V3 +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.

Buffer Overflow Information Disclosure Red Hat Enterprise Linux 10 +4
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Audition
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy