Skip to main content

CWE-120

Classic Buffer Overflow

2749 CVEs Avg CVSS 7.8 MITRE
675
CRITICAL
1433
HIGH
604
MEDIUM
28
LOW
1059
POC
17
KEV

Monthly

CVE-2026-44436 HIGH This Week

Denial of service in Quicly, the QUIC protocol library embedded in the H2O HTTP server, allows remote attackers to corrupt connection state and crash the process prior to commit 8b178e6. Quicly's packet decoder accepts Connection IDs up to 255 bytes (permitted for unknown QUIC versions) but its version-1 CID buffers are only 20 bytes, and the library - unlike its bundled CLI - never rejected over-length CIDs, letting an oversized CID overrun the buffer within its allocated chunk and trigger assertion failures. No public exploit is identified at time of analysis, and the flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Quicly
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-58553 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module allows a local attacker to cause service availability disruption, with the vendor description also noting potential confidentiality impact - a discrepancy with the CVSS C:N metric that warrants attention. All versions of Huawei HarmonyOS across consumer devices, vision products, wearables, and laptops are identified as affected per the July 2026 Huawei Security Bulletin. No public exploit code has been identified at time of analysis, and the medium CVSS score of 4.0 with a local attack vector limits real-world exploitation to scenarios with physical or local access to the target device.

Buffer Overflow Harmonyos
NVD VulDB
CVSS 3.1
4.0
EPSS
0.1%
CVE-2026-58552 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes partial memory contents to local attackers, affecting service confidentiality with a secondary availability impact. The CVSS vector (AV:L/PR:N) scopes exploitation to the local device - reachable by any installed application capable of submitting image data to the vulnerable codec - without requiring elevated privileges. No confirmed active exploitation (not listed in CISA KEV) and no public exploit code have been identified at time of analysis; Huawei has published remediation bulletins across four device categories in July 2026.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2026-58551 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes limited memory content and may cause service instability, affecting confidentiality and availability at a low severity level. The flaw resides in image processing logic and is reachable by a local, unprivileged actor who can trigger image decoding - such as by supplying a crafted image file. No public exploit has been identified at time of analysis, and Huawei has disclosed patches via July 2026 security bulletins covering consumer devices, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2026-58550 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module can be triggered locally, with potential impact to service confidentiality and availability. Huawei disclosed this via its July 2026 security bulletin family covering consumer devices, vision products, wearables, and laptops - indicating broad exposure across the HarmonyOS device ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA's KEV catalog.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2026-58549 MEDIUM This Month

Out-of-bounds read in the HarmonyOS image codec module allows a local unprivileged user to disrupt service availability on affected Huawei devices. Huawei's own bulletin language references potential confidentiality impact, but the NVD CVSS vector assigns C:N and A:L only - a discrepancy that warrants attention. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk low despite the wide device footprint across Huawei phones, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2026-51380 CRITICAL Act Now

Remote code execution or permanent denial of service in the Tenda AC10 v3 SOHO router (firmware V03.03.16.09) stems from a classic buffer overflow reachable through the /cgi-bin/UploadCfg web endpoint. Attackers who can reach the router's management interface can send oversized crafted input to crash the device permanently or potentially run arbitrary code on it. Proof-of-concept material appears to be published on GitHub, though this is not listed in CISA KEV and carries a low EPSS score of 0.17% (7th percentile), indicating no confirmed widespread exploitation yet.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-51808 CRITICAL Act Now

Heap out-of-bounds read/write in OpenHTJ2K (High-Throughput JPEG 2000 reference codec) v0.18.4 and earlier lets an attacker corrupt heap memory by supplying a crafted J2K/JP2 codestream, with a confirmed heap information-leak primitive and vendor-claimed arbitrary code execution. The flaw is reached through every decoder entry point (invoke, invoke_line_based, invoke_line_based_stream, invoke_line_based_predecoded) and, notably, through a JPIP server's startup codestream load, making it network-reachable without user interaction. There is no public exploit identified at time of analysis, though the vendor changelog references non-public PoC files, and the issue is not listed in CISA KEV.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-11698 CRITICAL CISA Act Now

Denial-of-service in Rockwell Automation CompactLogix/GuardLogix 5380, CompactLogix 5480, and ControlLogix/GuardLogix 5580 controllers running boot firmware below version 1.072 lets a remote unauthenticated attacker write malformed file data that forces the device into a major non-recoverable fault (MNRF), halting the controlled process until manual recovery. The flaw carries a CVSS 4.0 base of 9.2 driven purely by availability impact (no data confidentiality or integrity loss) and requires no authentication or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Compactlogix 5380 Recovery Image Compact Guardlogix 5380 Recovery Image Compactlogix 5480 Recovery Image Controllogix 5580 Recovery Image Guardlogix 5580 Recovery Image
NVD VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2025-12012 CRITICAL CISA Act Now

Denial-of-service in Rockwell Automation Logix programmable controllers allows a remote unauthenticated attacker to write invalid file data that forces the device into a Major Non-Recoverable Fault (MNRF), halting the industrial process it controls. Rated CVSS 4.0 9.2 (Critical) with availability as the sole impact, the flaw is a CWE-120 buffer overflow reachable over the network with no privileges or user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low attack complexity makes it a high-priority patch for OT environments.

Buffer Overflow Compactlogix 5370 Compact Guardlogix 5370 Controllogix 5570 Guardlogix 5570
NVD VulDB
CVSS 4.0
9.2
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Quicly, the QUIC protocol library embedded in the H2O HTTP server, allows remote attackers to corrupt connection state and crash the process prior to commit 8b178e6. Quicly's packet decoder accepts Connection IDs up to 255 bytes (permitted for unknown QUIC versions) but its version-1 CID buffers are only 20 bytes, and the library - unlike its bundled CLI - never rejected over-length CIDs, letting an oversized CID overrun the buffer within its allocated chunk and trigger assertion failures. No public exploit is identified at time of analysis, and the flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Quicly
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module allows a local attacker to cause service availability disruption, with the vendor description also noting potential confidentiality impact - a discrepancy with the CVSS C:N metric that warrants attention. All versions of Huawei HarmonyOS across consumer devices, vision products, wearables, and laptops are identified as affected per the July 2026 Huawei Security Bulletin. No public exploit code has been identified at time of analysis, and the medium CVSS score of 4.0 with a local attack vector limits real-world exploitation to scenarios with physical or local access to the target device.

Buffer Overflow Harmonyos
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes partial memory contents to local attackers, affecting service confidentiality with a secondary availability impact. The CVSS vector (AV:L/PR:N) scopes exploitation to the local device - reachable by any installed application capable of submitting image data to the vulnerable codec - without requiring elevated privileges. No confirmed active exploitation (not listed in CISA KEV) and no public exploit code have been identified at time of analysis; Huawei has published remediation bulletins across four device categories in July 2026.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes limited memory content and may cause service instability, affecting confidentiality and availability at a low severity level. The flaw resides in image processing logic and is reachable by a local, unprivileged actor who can trigger image decoding - such as by supplying a crafted image file. No public exploit has been identified at time of analysis, and Huawei has disclosed patches via July 2026 security bulletins covering consumer devices, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module can be triggered locally, with potential impact to service confidentiality and availability. Huawei disclosed this via its July 2026 security bulletin family covering consumer devices, vision products, wearables, and laptops - indicating broad exposure across the HarmonyOS device ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA's KEV catalog.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Out-of-bounds read in the HarmonyOS image codec module allows a local unprivileged user to disrupt service availability on affected Huawei devices. Huawei's own bulletin language references potential confidentiality impact, but the NVD CVSS vector assigns C:N and A:L only - a discrepancy that warrants attention. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk low despite the wide device footprint across Huawei phones, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution or permanent denial of service in the Tenda AC10 v3 SOHO router (firmware V03.03.16.09) stems from a classic buffer overflow reachable through the /cgi-bin/UploadCfg web endpoint. Attackers who can reach the router's management interface can send oversized crafted input to crash the device permanently or potentially run arbitrary code on it. Proof-of-concept material appears to be published on GitHub, though this is not listed in CISA KEV and carries a low EPSS score of 0.17% (7th percentile), indicating no confirmed widespread exploitation yet.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap out-of-bounds read/write in OpenHTJ2K (High-Throughput JPEG 2000 reference codec) v0.18.4 and earlier lets an attacker corrupt heap memory by supplying a crafted J2K/JP2 codestream, with a confirmed heap information-leak primitive and vendor-claimed arbitrary code execution. The flaw is reached through every decoder entry point (invoke, invoke_line_based, invoke_line_based_stream, invoke_line_based_predecoded) and, notably, through a JPIP server's startup codestream load, making it network-reachable without user interaction. There is no public exploit identified at time of analysis, though the vendor changelog references non-public PoC files, and the issue is not listed in CISA KEV.

Buffer Overflow RCE
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL Act Now

Denial-of-service in Rockwell Automation CompactLogix/GuardLogix 5380, CompactLogix 5480, and ControlLogix/GuardLogix 5580 controllers running boot firmware below version 1.072 lets a remote unauthenticated attacker write malformed file data that forces the device into a major non-recoverable fault (MNRF), halting the controlled process until manual recovery. The flaw carries a CVSS 4.0 base of 9.2 driven purely by availability impact (no data confidentiality or integrity loss) and requires no authentication or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Compactlogix 5380 Recovery Image Compact Guardlogix 5380 Recovery Image Compactlogix 5480 Recovery Image Controllogix 5580 Recovery Image Guardlogix 5580 Recovery Image
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL Act Now

Denial-of-service in Rockwell Automation Logix programmable controllers allows a remote unauthenticated attacker to write invalid file data that forces the device into a Major Non-Recoverable Fault (MNRF), halting the industrial process it controls. Rated CVSS 4.0 9.2 (Critical) with availability as the sole impact, the flaw is a CWE-120 buffer overflow reachable over the network with no privileges or user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low attack complexity makes it a high-priority patch for OT environments.

Buffer Overflow Compactlogix 5370 Compact Guardlogix 5370 Controllogix 5570 Guardlogix 5570
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy