Skip to main content

CWE-119

Buffer Overflow

8986 CVEs Avg CVSS 7.8 MITRE
2309
CRITICAL
4368
HIGH
2037
MEDIUM
264
LOW
2506
POC
42
KEV

Monthly

CVE-2026-20156 HIGH This Week

Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector.

Buffer Overflow Cisco Cisco Roomos Software
NVD
CVSS 3.1
8.1
CVE-2026-15194 LOW Monitor

Use-after-free in Open5GS 2.7.7's AMF component allows a local low-privileged user to access freed memory within the `amf_context_final` function in `src/amf/context.c`, producing a low-severity confidentiality exposure. Exploitation is strictly local - no network vector exists - and a public proof-of-concept is confirmed by the CVSS 4.0 E:P supplemental modifier. This vulnerability is not listed in the CISA KEV catalog and carries a CVSS 4.0 base score of 1.9, reflecting its constrained real-world impact on what is a niche, telecom-research-oriented software stack.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2022-46292 PyPI HIGH POC PATCH GHSA This Week

Python Cisco Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2026-14607 MEDIUM POC PATCH This Month

Memory corruption in RT-Thread's Linux-compatible process (lwp) syscall layer allows a local low-privileged user to crash the RTOS kernel by supplying a crafted `ai_addr` argument to the `sys_getaddrinfo` handler in `components/lwp/lwp_syscall.c`. All RT-Thread versions through 5.0.2 are affected, with impact limited to availability (VA:H) - no confidentiality or integrity loss is indicated. A public proof-of-concept exists (GitHub issue #11428), though exploitation is not confirmed in CISA KEV; the upstream fix remains an unmerged pull request, leaving all deployed versions currently unpatched.

Buffer Overflow Rt Thread
NVD VulDB GitHub
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-52188 MEDIUM This Month

Denial-of-service via buffer overflow in UTT nv518G firmware (nv518GV3v3.2.7-210919-161313) allows an adjacent-network attacker to crash the device by sending a crafted request to the GoAhead embedded webserver's sub_497498 handler. The vulnerability is rooted in CWE-119 (improper bounds restriction) and requires no authentication, meaning any host on the same LAN segment can trigger device unavailability. A GitHub-hosted CVE report with technical detail exists, indicating publicly available exploit code, though EPSS at 0.22% (13th percentile) reflects low observed exploitation probability - consistent with the limited geographic and market footprint of UTT devices.

Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14407 HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Buffer Overflow Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-46295 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46294 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46293 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46291 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVSS 8.1
HIGH This Week

Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector.

Buffer Overflow Cisco Cisco Roomos Software
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Use-after-free in Open5GS 2.7.7's AMF component allows a local low-privileged user to access freed memory within the `amf_context_final` function in `src/amf/context.c`, producing a low-severity confidentiality exposure. Exploitation is strictly local - no network vector exists - and a public proof-of-concept is confirmed by the CVSS 4.0 E:P supplemental modifier. This vulnerability is not listed in the CISA KEV catalog and carries a CVSS 4.0 base score of 1.9, reflecting its constrained real-world impact on what is a niche, telecom-research-oriented software stack.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Python Cisco Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Memory corruption in RT-Thread's Linux-compatible process (lwp) syscall layer allows a local low-privileged user to crash the RTOS kernel by supplying a crafted `ai_addr` argument to the `sys_getaddrinfo` handler in `components/lwp/lwp_syscall.c`. All RT-Thread versions through 5.0.2 are affected, with impact limited to availability (VA:H) - no confidentiality or integrity loss is indicated. A public proof-of-concept exists (GitHub issue #11428), though exploitation is not confirmed in CISA KEV; the upstream fix remains an unmerged pull request, leaving all deployed versions currently unpatched.

Buffer Overflow Rt Thread
NVD VulDB GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial-of-service via buffer overflow in UTT nv518G firmware (nv518GV3v3.2.7-210919-161313) allows an adjacent-network attacker to crash the device by sending a crafted request to the GoAhead embedded webserver's sub_497498 handler. The vulnerability is rooted in CWE-119 (improper bounds restriction) and requires no authentication, meaning any host on the same LAN segment can trigger device unavailability. A GitHub-hosted CVE report with technical detail exists, indicating publicly available exploit code, though EPSS at 0.22% (13th percentile) reflects low observed exploitation probability - consistent with the limited geographic and market footprint of UTT devices.

Denial Of Service Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy