Skip to main content

CWE-129

Improper Validation of Array Index

387 CVEs Avg CVSS 7.5 MITRE
33
CRITICAL
270
HIGH
77
MEDIUM
5
LOW
46
POC
0
KEV

Monthly

CVE-2026-24238 HIGH This Week

Improper array index validation (CWE-129) in NVIDIA TensorRT allows an attacker to trigger out-of-bounds memory access that may lead to arbitrary code execution when a victim processes malicious input on the local host. The CVSS 3.1 vector (AV:L/UI:R) indicates the target must actively load attacker-controlled content, so exploitation hinges on tricking a user or automated pipeline into ingesting a crafted model or input file. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but with high confidentiality, integrity, and availability impact this is a meaningful priority for AI/ML inference environments.

Nvidia RCE Tensorrt
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-15685 HIGH This Week

Denial-of-service in Ollama's downloadBlob function lets remote, unauthenticated attackers crash affected installations by supplying malformed data that triggers an out-of-bounds array access. The flaw (ZDI-CAN-27277 / ZDI-26-403, CWE-129) carries a CVSS 7.5 with an availability-only impact and requires no authentication or user interaction. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Information Disclosure Ollama
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2026-57251 HIGH This Week

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-style annotation/border appearances, because the code that builds that geometry omits an upper-bound limit and consistency checks. A local attacker who convinces a user to open a malicious PDF can trigger an out-of-bounds array access that crashes the application; no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV. Although the NVD vector claims high confidentiality and integrity impact, the vendor description and tags describe only a crash.

Denial Of Service Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-57272 HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer add-on (also branded 'Web Plugin' for GV-VMS and 'WS Player' for VMS-Cloud) lets an attacker abuse the 'byPass' WebSocket command by supplying an unchecked 'index' value, corrupting memory to achieve high-impact compromise (CVSS 8.3). The bundled component runs a local WebSocket server for GeoVision web interfaces (GV-VMS, GV-Cloud); because the server is reachable from a victim's browser, a malicious web page can drive the flaw with only user interaction and no authentication. No public exploit identified at time of analysis, though a Talos vulnerability report (TALOS-2026-2373) documents the issue.

Authentication Bypass Geowebplayer
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-57271 HIGH This Week

Out-of-bounds array indexing in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) allows a remote attacker to leak memory or crash the local WebSocket service by delivering a malformed 'pause' command. The addon runs a WebSocket server that backs the browser interfaces of GeoVision products such as GV-VMS and GV-Cloud, so any browser tricked into connecting to it can trigger the flaw. No public exploit identified at time of analysis; the issue was reported by the vendor (GeoVision) and documented by Cisco Talos (TALOS-2026-2373).

Information Disclosure Geowebplayer
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-57270 HIGH This Week

Out-of-bounds array access in GeoVision GeoWebPlayer (a.k.a. "Web Plugin"/"WS Player"), a websocket-server addon bundled with GV-VMS, GV-Cloud and related GeoVision software, lets an attacker who lures a victim to a malicious web page reach the localhost websocket and supply an unvalidated `index` to leak memory and corrupt state (CWE-129). The play command in particular accepts an attacker-controlled index used to index internal arrays without a range check, enabling information disclosure and potential code-path corruption. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the vendor has published a security advisory and Talos has released a detailed report.

Information Disclosure Geowebplayer
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-57269 HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer (a.k.a. 'Web Plugin' / 'WS Player') addon lets an attacker read memory, corrupt state, or crash the local WebSocket helper bundled with GV-VMS, GV-Cloud, and related surveillance software. The plugin's localhost WebSocket server processes commands (such as 'disconnect') that carry an attacker-controlled 'index' used to dereference internal arrays without bounds checking (CWE-129), yielding high confidentiality, integrity, and availability impact. The CVSS 3.1 vector (AV:N/UI:R/S:C) reflects a cross-origin browser-driven vector where a victim lured to a malicious page has their browser relay commands to the local WebSocket; there is no public exploit identified at time of analysis and no CISA KEV listing.

Information Disclosure Geowebplayer
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-57268 HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) can lead to remote code execution when the addon's localhost WebSocket server processes a saveVideo command with an attacker-controlled index. Because the addon ships with widely-used GeoVision products (GV-VMS, GV-Cloud) and is reachable from a victim's browser via a malicious web page, a lured user visiting attacker-controlled content can trigger an out-of-bounds function-pointer call. This is a Talos-reported (TALOS-2026-2373) issue with no public exploit identified at time of analysis and is not listed in CISA KEV.

RCE Geowebplayer
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-57267 HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer (the 'Web Plugin'/'WS Player' addon bundled with GV-VMS, GV-Cloud and related software) lets an attacker abuse the local WebSocket server's snapshot command by supplying an unchecked 'index' value that indexes arrays beyond their bounds. Because the CVSS vector is AV:N/UI:R with a scope change, a victim who visits a malicious web page can have their browser drive the localhost WebSocket into out-of-bounds reads/writes, yielding information disclosure and potential memory corruption (C:H/I:H/A:H). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Information Disclosure Geowebplayer
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-57266 HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' for VMS-Cloud) lets an attacker corrupt memory or leak sensitive data by sending a 2wayAudio WebSocket command with an unchecked index value. The addon runs a localhost WebSocket server that expands GeoVision web interfaces, and its command handlers use caller-supplied index values to index internal arrays without validating their range. Reported by GeoVision and Talos (TALOS-2026-2373); no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Information Disclosure Geowebplayer
NVD
CVSS 3.1
8.3
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Week

Improper array index validation (CWE-129) in NVIDIA TensorRT allows an attacker to trigger out-of-bounds memory access that may lead to arbitrary code execution when a victim processes malicious input on the local host. The CVSS 3.1 vector (AV:L/UI:R) indicates the target must actively load attacker-controlled content, so exploitation hinges on tricking a user or automated pipeline into ingesting a crafted model or input file. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but with high confidentiality, integrity, and availability impact this is a meaningful priority for AI/ML inference environments.

Nvidia RCE Tensorrt
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service in Ollama's downloadBlob function lets remote, unauthenticated attackers crash affected installations by supplying malformed data that triggers an out-of-bounds array access. The flaw (ZDI-CAN-27277 / ZDI-26-403, CWE-129) carries a CVSS 7.5 with an availability-only impact and requires no authentication or user interaction. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Information Disclosure Ollama
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-style annotation/border appearances, because the code that builds that geometry omits an upper-bound limit and consistency checks. A local attacker who convinces a user to open a malicious PDF can trigger an out-of-bounds array access that crashes the application; no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV. Although the NVD vector claims high confidentiality and integrity impact, the vendor description and tags describe only a crash.

Denial Of Service Foxit Pdf Editor Foxit Pdf Reader
NVD VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer add-on (also branded 'Web Plugin' for GV-VMS and 'WS Player' for VMS-Cloud) lets an attacker abuse the 'byPass' WebSocket command by supplying an unchecked 'index' value, corrupting memory to achieve high-impact compromise (CVSS 8.3). The bundled component runs a local WebSocket server for GeoVision web interfaces (GV-VMS, GV-Cloud); because the server is reachable from a victim's browser, a malicious web page can drive the flaw with only user interaction and no authentication. No public exploit identified at time of analysis, though a Talos vulnerability report (TALOS-2026-2373) documents the issue.

Authentication Bypass Geowebplayer
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds array indexing in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) allows a remote attacker to leak memory or crash the local WebSocket service by delivering a malformed 'pause' command. The addon runs a WebSocket server that backs the browser interfaces of GeoVision products such as GV-VMS and GV-Cloud, so any browser tricked into connecting to it can trigger the flaw. No public exploit identified at time of analysis; the issue was reported by the vendor (GeoVision) and documented by Cisco Talos (TALOS-2026-2373).

Information Disclosure Geowebplayer
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds array access in GeoVision GeoWebPlayer (a.k.a. "Web Plugin"/"WS Player"), a websocket-server addon bundled with GV-VMS, GV-Cloud and related GeoVision software, lets an attacker who lures a victim to a malicious web page reach the localhost websocket and supply an unvalidated `index` to leak memory and corrupt state (CWE-129). The play command in particular accepts an attacker-controlled index used to index internal arrays without a range check, enabling information disclosure and potential code-path corruption. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the vendor has published a security advisory and Talos has released a detailed report.

Information Disclosure Geowebplayer
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer (a.k.a. 'Web Plugin' / 'WS Player') addon lets an attacker read memory, corrupt state, or crash the local WebSocket helper bundled with GV-VMS, GV-Cloud, and related surveillance software. The plugin's localhost WebSocket server processes commands (such as 'disconnect') that carry an attacker-controlled 'index' used to dereference internal arrays without bounds checking (CWE-129), yielding high confidentiality, integrity, and availability impact. The CVSS 3.1 vector (AV:N/UI:R/S:C) reflects a cross-origin browser-driven vector where a victim lured to a malicious page has their browser relay commands to the local WebSocket; there is no public exploit identified at time of analysis and no CISA KEV listing.

Information Disclosure Geowebplayer
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) can lead to remote code execution when the addon's localhost WebSocket server processes a saveVideo command with an attacker-controlled index. Because the addon ships with widely-used GeoVision products (GV-VMS, GV-Cloud) and is reachable from a victim's browser via a malicious web page, a lured user visiting attacker-controlled content can trigger an out-of-bounds function-pointer call. This is a Talos-reported (TALOS-2026-2373) issue with no public exploit identified at time of analysis and is not listed in CISA KEV.

RCE Geowebplayer
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer (the 'Web Plugin'/'WS Player' addon bundled with GV-VMS, GV-Cloud and related software) lets an attacker abuse the local WebSocket server's snapshot command by supplying an unchecked 'index' value that indexes arrays beyond their bounds. Because the CVSS vector is AV:N/UI:R with a scope change, a victim who visits a malicious web page can have their browser drive the localhost WebSocket into out-of-bounds reads/writes, yielding information disclosure and potential memory corruption (C:H/I:H/A:H). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Information Disclosure Geowebplayer
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' for VMS-Cloud) lets an attacker corrupt memory or leak sensitive data by sending a 2wayAudio WebSocket command with an unchecked index value. The addon runs a localhost WebSocket server that expands GeoVision web interfaces, and its command handlers use caller-supplied index values to index internal arrays without validating their range. Reported by GeoVision and Talos (TALOS-2026-2373); no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Information Disclosure Geowebplayer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy