Skip to main content

CWE-787

Out-of-bounds Write

8539 CVEs Avg CVSS 8.0 MITRE
1678
CRITICAL
5221
HIGH
1585
MEDIUM
40
LOW
2673
POC
117
KEV

Monthly

CVE-2026-10673 HIGH PATCH This Week

Out-of-bounds write in the Zephyr RTOS ADIN2111/ADIN1110 single-pair Ethernet driver (eth_adin2111.c) lets an attacker on the same 10BASE-T1S/T1L segment corrupt kernel memory by sending an oversized frame in OPEN Alliance SPI mode. Because per-chunk length and chunk count (up to 255) come straight off the wire with no bounds check on the reassembly cursor, the RX offload thread writes attacker-controlled bytes-up to ~14.8 KB-past the fixed 1524-byte static buffer, enabling denial of service and potentially remote code execution. There is no public exploit identified at time of analysis; the flaw was introduced in commit 0ca8b0756b1 and shipped in v3.7.0 through v4.4.0.

Denial Of Service Buffer Overflow Memory Corruption RCE Zephyr
NVD GitHub
CVSS 3.1
8.3
CVE-2026-48337 HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48336 HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48335 HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48343 HIGH This Week

Arbitrary code execution in Adobe Bridge is possible through an out-of-bounds write (CWE-787) triggered when a victim opens a maliciously crafted file, running attacker code in the context of the current user. All versions covered by Adobe advisory APSB26-81 are affected, and while there is no public exploit identified at time of analysis, the local user-interaction attack pattern is consistent with weaponized document/asset lures. The CVSS 7.8 (High) rating reflects full confidentiality, integrity, and availability impact once a victim is socially engineered into opening the file.

Buffer Overflow Memory Corruption RCE Adobe Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48311 HIGH This Week

Arbitrary code execution in Adobe Bridge results from an out-of-bounds write (CWE-787) that a victim triggers by opening a malicious file, running attacker-supplied code with the privileges of the current user. The flaw is local (AV:L) and requires user interaction, so it is a client-side, file-borne bug rather than a remotely reachable service vulnerability. No public exploit identified at time of analysis and it is not listed in CISA KEV; Adobe patched it in advisory APSB26-81.

Buffer Overflow Memory Corruption RCE Adobe Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48341 HIGH This Week

Arbitrary code execution in Adobe Bridge is possible when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) that executes attacker-controlled code in the context of the current user. The flaw affects Adobe Bridge as reported by Adobe (advisory APSB26-81) and is rated CVSS 7.8; no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is local and hinges entirely on user interaction - the victim must open the malicious file.

Buffer Overflow Memory Corruption RCE Adobe Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48367 HIGH This Week

Arbitrary code execution in Adobe After Effects arises from an out-of-bounds write (CWE-787) that runs in the context of the current user when a victim opens a maliciously crafted project or media file. Adobe (via advisory APSB26-78) confirms the flaw; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The 7.8 CVSS reflects high impact tempered by the local vector and required user interaction.

Buffer Overflow Memory Corruption RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48274 HIGH This Week

Arbitrary code execution in Adobe After Effects arises from an out-of-bounds write (CWE-787) triggered when a victim opens a maliciously crafted project or media file, running attacker code with the privileges of the current user. Adobe self-reported the flaw in advisory APSB26-78; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (High) rating reflects high confidentiality, integrity, and availability impact but is gated by required user interaction and local file delivery.

Buffer Overflow Memory Corruption RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48369 HIGH This Week

Arbitrary code execution in Adobe Premiere Pro via an out-of-bounds write (CWE-787) that lets an attacker run code in the context of the current user when a victim opens a maliciously crafted project or media file. The flaw is memory-corruption based and file-driven, requiring user interaction rather than network exposure; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS data was not provided, but the local, user-interaction-gated vector places this in the file-format/client-side attack category typical of Adobe desktop products.

Buffer Overflow Memory Corruption RCE Premiere
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVSS 8.3
HIGH PATCH This Week

Out-of-bounds write in the Zephyr RTOS ADIN2111/ADIN1110 single-pair Ethernet driver (eth_adin2111.c) lets an attacker on the same 10BASE-T1S/T1L segment corrupt kernel memory by sending an oversized frame in OPEN Alliance SPI mode. Because per-chunk length and chunk count (up to 255) come straight off the wire with no bounds check on the reassembly cursor, the RX offload thread writes attacker-controlled bytes-up to ~14.8 KB-past the fixed 1524-byte static buffer, enabling denial of service and potentially remote code execution. There is no public exploit identified at time of analysis; the flaw was introduced in commit 0ca8b0756b1 and shipped in v3.7.0 through v4.4.0.

Denial Of Service Buffer Overflow Memory Corruption +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge is possible through an out-of-bounds write (CWE-787) triggered when a victim opens a maliciously crafted file, running attacker code in the context of the current user. All versions covered by Adobe advisory APSB26-81 are affected, and while there is no public exploit identified at time of analysis, the local user-interaction attack pattern is consistent with weaponized document/asset lures. The CVSS 7.8 (High) rating reflects full confidentiality, integrity, and availability impact once a victim is socially engineered into opening the file.

Buffer Overflow Memory Corruption RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge results from an out-of-bounds write (CWE-787) that a victim triggers by opening a malicious file, running attacker-supplied code with the privileges of the current user. The flaw is local (AV:L) and requires user interaction, so it is a client-side, file-borne bug rather than a remotely reachable service vulnerability. No public exploit identified at time of analysis and it is not listed in CISA KEV; Adobe patched it in advisory APSB26-81.

Buffer Overflow Memory Corruption RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge is possible when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) that executes attacker-controlled code in the context of the current user. The flaw affects Adobe Bridge as reported by Adobe (advisory APSB26-81) and is rated CVSS 7.8; no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is local and hinges entirely on user interaction - the victim must open the malicious file.

Buffer Overflow Memory Corruption RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe After Effects arises from an out-of-bounds write (CWE-787) that runs in the context of the current user when a victim opens a maliciously crafted project or media file. Adobe (via advisory APSB26-78) confirms the flaw; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The 7.8 CVSS reflects high impact tempered by the local vector and required user interaction.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe After Effects arises from an out-of-bounds write (CWE-787) triggered when a victim opens a maliciously crafted project or media file, running attacker code with the privileges of the current user. Adobe self-reported the flaw in advisory APSB26-78; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (High) rating reflects high confidentiality, integrity, and availability impact but is gated by required user interaction and local file delivery.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Premiere Pro via an out-of-bounds write (CWE-787) that lets an attacker run code in the context of the current user when a victim opens a maliciously crafted project or media file. The flaw is memory-corruption based and file-driven, requiring user interaction rather than network exposure; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS data was not provided, but the local, user-interaction-gated vector places this in the file-format/client-side attack category typical of Adobe desktop products.

Buffer Overflow Memory Corruption RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy