Skip to main content

CWE-787

Out-of-bounds Write

8541 CVEs Avg CVSS 8.0 MITRE
1678
CRITICAL
5222
HIGH
1586
MEDIUM
40
LOW
2673
POC
117
KEV

Monthly

CVE-2026-3842 HIGH PATCH This Week

Out-of-bounds heap write in QEMU lets a local attacker operating inside a guest virtual machine corrupt memory in the host emulator process, enabling information disclosure, data-integrity corruption, or denial of service. The flaw stems from cpu_physical_memory_map() returning a shorter buffer length than the caller assumes, so subsequent writes spill past the allocation. Rated CVSS 7.8 (CWE-787); no public exploit identified at time of analysis, but multiple distributions (Red Hat, Ubuntu, SUSE, Debian) have shipped fixes.

Denial Of Service Information Disclosure Buffer Overflow Authentication Bypass Memory Corruption +10
NVD VulDB
CVSS 3.1
7.8
CVE-2026-40953 MEDIUM PATCH This Month

Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions prior to 14.55 are affected. An attacker who already holds local administrator privileges on a managed endpoint can trigger the overflow to crash the Secure Access client, effectively disabling it on that machine. No public exploit code has been identified, and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Secure Access Buffer Overflow Memory Corruption
NVD VulDB
CVSS 4.0
6.7
CVE-2026-10673 HIGH PATCH This Week

Out-of-bounds write in the Zephyr RTOS ADIN2111/ADIN1110 single-pair Ethernet driver (eth_adin2111.c) lets an attacker on the same 10BASE-T1S/T1L segment corrupt kernel memory by sending an oversized frame in OPEN Alliance SPI mode. Because per-chunk length and chunk count (up to 255) come straight off the wire with no bounds check on the reassembly cursor, the RX offload thread writes attacker-controlled bytes-up to ~14.8 KB-past the fixed 1524-byte static buffer, enabling denial of service and potentially remote code execution. There is no public exploit identified at time of analysis; the flaw was introduced in commit 0ca8b0756b1 and shipped in v3.7.0 through v4.4.0.

Denial Of Service Buffer Overflow Memory Corruption RCE Zephyr
NVD GitHub
CVSS 3.1
8.3
CVE-2026-48337 HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48336 HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48335 HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48343 HIGH This Week

Arbitrary code execution in Adobe Bridge is possible through an out-of-bounds write (CWE-787) triggered when a victim opens a maliciously crafted file, running attacker code in the context of the current user. All versions covered by Adobe advisory APSB26-81 are affected, and while there is no public exploit identified at time of analysis, the local user-interaction attack pattern is consistent with weaponized document/asset lures. The CVSS 7.8 (High) rating reflects full confidentiality, integrity, and availability impact once a victim is socially engineered into opening the file.

Buffer Overflow Memory Corruption RCE Adobe Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48311 HIGH This Week

Arbitrary code execution in Adobe Bridge results from an out-of-bounds write (CWE-787) that a victim triggers by opening a malicious file, running attacker-supplied code with the privileges of the current user. The flaw is local (AV:L) and requires user interaction, so it is a client-side, file-borne bug rather than a remotely reachable service vulnerability. No public exploit identified at time of analysis and it is not listed in CISA KEV; Adobe patched it in advisory APSB26-81.

Buffer Overflow Memory Corruption RCE Adobe Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48341 HIGH This Week

Arbitrary code execution in Adobe Bridge is possible when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) that executes attacker-controlled code in the context of the current user. The flaw affects Adobe Bridge as reported by Adobe (advisory APSB26-81) and is rated CVSS 7.8; no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is local and hinges entirely on user interaction - the victim must open the malicious file.

Buffer Overflow Memory Corruption RCE Adobe Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48367 HIGH This Week

Arbitrary code execution in Adobe After Effects arises from an out-of-bounds write (CWE-787) that runs in the context of the current user when a victim opens a maliciously crafted project or media file. Adobe (via advisory APSB26-78) confirms the flaw; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The 7.8 CVSS reflects high impact tempered by the local vector and required user interaction.

Buffer Overflow Memory Corruption RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVSS 7.8
HIGH PATCH This Week

Out-of-bounds heap write in QEMU lets a local attacker operating inside a guest virtual machine corrupt memory in the host emulator process, enabling information disclosure, data-integrity corruption, or denial of service. The flaw stems from cpu_physical_memory_map() returning a shorter buffer length than the caller assumes, so subsequent writes spill past the allocation. Rated CVSS 7.8 (CWE-787); no public exploit identified at time of analysis, but multiple distributions (Red Hat, Ubuntu, SUSE, Debian) have shipped fixes.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD VulDB
CVSS 6.7
MEDIUM PATCH This Month

Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions prior to 14.55 are affected. An attacker who already holds local administrator privileges on a managed endpoint can trigger the overflow to crash the Secure Access client, effectively disabling it on that machine. No public exploit code has been identified, and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Secure Access Buffer Overflow +1
NVD VulDB
CVSS 8.3
HIGH PATCH This Week

Out-of-bounds write in the Zephyr RTOS ADIN2111/ADIN1110 single-pair Ethernet driver (eth_adin2111.c) lets an attacker on the same 10BASE-T1S/T1L segment corrupt kernel memory by sending an oversized frame in OPEN Alliance SPI mode. Because per-chunk length and chunk count (up to 255) come straight off the wire with no bounds check on the reassembly cursor, the RX offload thread writes attacker-controlled bytes-up to ~14.8 KB-past the fixed 1524-byte static buffer, enabling denial of service and potentially remote code execution. There is no public exploit identified at time of analysis; the flaw was introduced in commit 0ca8b0756b1 and shipped in v3.7.0 through v4.4.0.

Denial Of Service Buffer Overflow Memory Corruption +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Memory Corruption RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge is possible through an out-of-bounds write (CWE-787) triggered when a victim opens a maliciously crafted file, running attacker code in the context of the current user. All versions covered by Adobe advisory APSB26-81 are affected, and while there is no public exploit identified at time of analysis, the local user-interaction attack pattern is consistent with weaponized document/asset lures. The CVSS 7.8 (High) rating reflects full confidentiality, integrity, and availability impact once a victim is socially engineered into opening the file.

Buffer Overflow Memory Corruption RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge results from an out-of-bounds write (CWE-787) that a victim triggers by opening a malicious file, running attacker-supplied code with the privileges of the current user. The flaw is local (AV:L) and requires user interaction, so it is a client-side, file-borne bug rather than a remotely reachable service vulnerability. No public exploit identified at time of analysis and it is not listed in CISA KEV; Adobe patched it in advisory APSB26-81.

Buffer Overflow Memory Corruption RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge is possible when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) that executes attacker-controlled code in the context of the current user. The flaw affects Adobe Bridge as reported by Adobe (advisory APSB26-81) and is rated CVSS 7.8; no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is local and hinges entirely on user interaction - the victim must open the malicious file.

Buffer Overflow Memory Corruption RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe After Effects arises from an out-of-bounds write (CWE-787) that runs in the context of the current user when a victim opens a maliciously crafted project or media file. Adobe (via advisory APSB26-78) confirms the flaw; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The 7.8 CVSS reflects high impact tempered by the local vector and required user interaction.

Buffer Overflow Memory Corruption RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy