Skip to main content

Buffer Overflow

36132 CVEs technique

Monthly

CVE-2026-12328 HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox 151, Firefox ESR 115.36/140.11, and Thunderbird 151/ESR 140.11 allow remote attackers to potentially execute arbitrary code by serving crafted web content that triggers internal memory safety bugs. Mozilla developers observed evidence of memory corruption in several of these bugs and assess that sufficient effort could yield arbitrary code execution in the browser process. No public exploit identified at time of analysis, and SSVC reports no observed exploitation, but the high CVSS (8.1) and total technical impact warrant prompt patching.

RCE Mozilla Buffer Overflow
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-12327 HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Buffer Overflow Mozilla RCE Red Hat Suse
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-12326 HIGH PATCH This Week

Memory corruption in Mozilla Firefox 151 and Thunderbird 151 may allow remote attackers to achieve arbitrary code execution when a victim renders malicious web content, per Mozilla advisory MFSA2026-60. The flaw stems from multiple memory safety bugs that Mozilla assessed as potentially exploitable, though no public exploit identified at time of analysis and EPSS exploitation probability is low (0.22%, 13th percentile). It is fixed in Firefox 152, with no special privileges required but high attack complexity per the CVSS vector.

Mozilla Buffer Overflow RCE
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-12318 HIGH PATCH This Week

Memory corruption in the NSS (Network Security Services) Libraries component shipped with Mozilla Firefox allows remote attackers to trigger out-of-bounds memory access via incorrect boundary condition handling, with low impact across confidentiality, integrity, and availability. Mozilla addressed the issue in Firefox 152, with associated advisories MFSA2026-57 and MFSA2026-60. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-12317 HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 152 allows remote unauthenticated attackers to crash the browser by serving crafted web content, resulting in denial of service. The CVSS 3.1 base score of 7.5 reflects high availability impact without confidentiality or integrity loss, and no public exploit identified at time of analysis. Mozilla disclosed the issue via advisories MFSA2026-57 and MFSA2026-60 with a fix shipped in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12314 HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 allows remote attackers to compromise browser memory integrity through crafted web content, with confidentiality impact rated High per the CVSS vector. The flaw stems from a buffer-handling defect (CWE-119) reported by Mozilla itself and addressed across multiple security advisories (MFSA2026-57, -58, -60, -61). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12312 HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12310 HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12309 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12308 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12307 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12306 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12305 HIGH PATCH This Week

Denial of service in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 stems from a memory safety bug (CWE-119) that remote attackers can trigger via crafted web content. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, consistent with a browser crash rather than reliable code execution. No public exploit identified at time of analysis, and Mozilla has shipped fixes across multiple advisories (MFSA2026-57, -58, -60, -61).

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12303 MEDIUM PATCH This Month

Out-of-bounds read in Firefox's WebGPU graphics component exposes browser memory contents to remote attackers who can lure a user to a malicious webpage. All Firefox versions prior to 152 are affected, with the vulnerability stemming from incorrect boundary conditions during GPU-accelerated rendering operations. No public exploit or active exploitation has been identified at time of analysis; exploitation requires user interaction, limiting opportunistic mass exploitation despite the zero-authentication requirement on the attacker side.

Mozilla Information Disclosure Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12301 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12300 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12298 MEDIUM PATCH This Month

Out-of-bounds read memory safety bug in Mozilla Firefox allows network-based attackers to cause limited confidentiality and integrity impact by luring users to visit crafted web content. All Firefox versions prior to 152 and Firefox ESR versions prior to 140.12 are affected, per Mozilla security advisories mfsa2026-57 and mfsa2026-58. No public exploit identified at time of analysis, and CISA SSVC assessment confirms no known active exploitation with only partial technical impact.

Mozilla Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12297 CRITICAL PATCH Act Now

Sandbox escape in Mozilla Firefox and Firefox ESR allows a remote attacker to break out of the browser's content sandbox by exploiting incorrect boundary conditions in the Networking component, leading to full compromise of confidentiality, integrity, and availability on the host. Exploitation requires user interaction (e.g., visiting a malicious page), but with CVSS 9.6 and a scope change, successful exploitation crosses the renderer/host trust boundary. No public exploit identified at time of analysis, and EPSS is low (0.16%), consistent with the SSVC 'Exploitation: none' signal.

Mozilla Buffer Overflow
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-12292 HIGH PATCH This Week

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-12290 HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 allows remote attackers to compromise confidentiality and integrity via a crafted web page that triggers a buffer-related memory safety flaw. The issue also affects Firefox ESR before 140.12 and 115.37 and requires user interaction (e.g., visiting a malicious site). No public exploit identified at time of analysis and EPSS is low (0.16%), but SSVC rates technical impact as total.

Mozilla Buffer Overflow
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-8484 MEDIUM Monitor

Heap corruption in fusesource Jansi's JNI native layer exposes Java applications to denial-of-service through application crashes. The JNI wrapper around the ioctl() system call omits array-size bounds checking before passing the argument array into native heap memory, enabling a heap buffer overflow condition reachable by any local actor who can influence that code path. No fix will be released - the project is confirmed unmaintained at the time CVE-2026-8484 was assigned, and all known versions carry this defect. No public exploit code or active KEV-confirmed exploitation has been identified at time of analysis.

Heap Overflow Buffer Overflow Jansi
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-10829 HIGH This Week

Remote code execution in Moxa NPort W2150A-W4/W2250A-W4 Series firmware version 1.5 and earlier allows authenticated administrators to corrupt memory by submitting an overlong 'Server location' value on the Basic settings page of the web management interface, yielding root-level command execution on the embedded serial device server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Moxa has issued advisory MPSA-261910 confirming the flaw. The companion CVE-2026-10828 (format string) was disclosed in the same advisory, suggesting the web management stack received broader scrutiny.

RCE Stack Overflow Buffer Overflow Nport W2150A W4 W2250A W4 Series Nport W2150A W2250A Series
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-46331 HIGH POC PATCH This Week

Local privilege escalation potential in the Linux kernel's net/sched traffic-control subsystem arises from a partial copy-on-write (COW) miss in the pedit action (tcf_pedit_act), where skb_ensure_writable() is sized using tcfp_off_max_hint before the per-key loop and fails to account for the runtime header offset added by typed keys, leaving part of the write region un-COW'd and causing page cache corruption. A local low-privileged attacker able to install tc pedit rules (CAP_NET_ADMIN, obtainable in user namespaces on many distros) can corrupt shared page-cache memory, with CVSS 7.8 reflecting high confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS is low at 0.14% (4th percentile) and the issue is not on CISA KEV.

Linux Buffer Overflow Integer Overflow
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-10635 MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS v4.4.0 on Xtensa/MMU targets allows privileged kernel code to corrupt page tables or trigger a fatal MMU exception by destroying a memory domain without unlinking it from the global xtensa_domain_list. The dangling list node persists after arch_mem_domain_deinit() sets domain->arch.ptables to NULL, so any subsequent arch_mem_map() or arch_mem_unmap() call traverses the stale entry and dereferences the freed pointer - producing at minimum a denial-of-service kernel crash (NULL pointer deref) and at worst page-table memory corruption that undermines userspace process isolation. No public exploit code exists and no CISA KEV listing is present; however the integrity and availability impact (I:H, A:H) in a real-time OS kernel elevates practical severity beyond the 6.3 base score for affected embedded deployments.

Denial Of Service Use After Free Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-7273 HIGH This Week

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.

Zyxel Stack Overflow Buffer Overflow Gs1900 48Hpv2 Firmware Gs1900 8 Firmware +8
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-1767 HIGH PATCH This Week

Heap buffer overflow in GNOME localsearch (formerly tracker-miners) tracker-extract-mp3 component on Red Hat Enterprise Linux 8/9/10, Ubuntu, Debian, and SUSE allows remote attackers to trigger an out-of-bounds heap read by delivering a malformed MP3 file with crafted ID3 performer tags, leading to crashes (DoS) or disclosure of process memory contents. No public exploit identified at time of analysis, and the EPSS score of 0.19% (9th percentile) plus CISA SSVC 'Exploitation: none' indicate low real-world exploitation activity despite the 8.1 CVSS rating. Vendor patches are available across Red Hat (RHSA), Ubuntu USN-8019-1, Debian, and SUSE-SU-2026:0780/21854.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-1766 MEDIUM PATCH This Month

Heap buffer overflow in GNOME localsearch's tracker-extract-mp3 component enables a local attacker to crash the metadata extraction daemon and potentially disclose heap memory contents by supplying a specially crafted MP3 file with malformed ID3v2.3 COMM tags. Affected platforms confirmed by Red Hat include RHEL 8, 9, and 10, where GNOME localsearch (formerly tracker-miners) runs as a background desktop search indexing service. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; exploitation is further constrained by the requirement for local access, low privileges, and user interaction.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-1765 MEDIUM PATCH This Month

Out-of-bounds read in the tracker-extract-mp3 component of GNOME localsearch (formerly tracker-miners) allows a low-privileged local user to trigger an application crash or leak sensitive process memory when the indexer parses a specially crafted MP3 file. Affected deployments include Red Hat Enterprise Linux 8, 9, and 10 running the GNOME desktop stack. No public exploit or active exploitation has been identified at time of analysis, though the file-based delivery mechanism - providing a malicious MP3 to a system where localsearch auto-indexes media - keeps realistic attacker reach higher than the AV:L vector alone implies.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.6
EPSS
0.2%
CVE-2026-1764 MEDIUM PATCH This Month

Heap out-of-bounds read in GNOME localsearch (formerly tracker-miners) MP3 Extractor affects Red Hat Enterprise Linux 8, 9, and 10, exploitable when a local user triggers indexing of a specially crafted MP3 file containing malformed ID3v2.4 tags. The missing bounds check in the `extract_performers_tags` function can cause a Denial of Service via an unmapped memory read, and in certain heap layout scenarios may also leak fragments of heap memory, resulting in limited information disclosure. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.6
EPSS
0.2%
CVE-2026-12087 CRITICAL PATCH Act Now

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.

Information Disclosure Buffer Overflow Socket Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-54257 npm CRITICAL PATCH GHSA Act Now

Heap buffer under/overflow in Electron's Node.js Buffer API (versions 42.3.1 through 42.3.2) causes most apps to crash and may lead to incorrect buffer allocations resulting in unexpected truncation or memory corruption. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 reflects network-reachable, unauthenticated memory corruption with high impact to confidentiality, integrity, and availability. Affects any Electron-based desktop application shipping the vulnerable runtime.

Node.js Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-52720 HIGH PATCH This Week

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a connecting client, potentially leading to remote code execution or denial of service. The flaw stems from validating rectangle area instead of individual dimensions, letting attacker-controlled rectangles extend beyond the framebuffer. No public exploit identified at time of analysis, though the issue affects GStreamer as shipped across Red Hat Enterprise Linux 6 through 10.

RCE Heap Overflow Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-53704 HIGH This Week

Out-of-bounds read and denial-of-service in GStreamer's RealMedia demuxer (gst-plugins-ugly) allows remote attackers to crash, hang, or potentially leak limited adjacent memory when a victim opens a maliciously crafted RealMedia (.rm) file. The flaw stems from unvalidated offsets in re_skip_pascal_string() and an attacker-controlled loop counter in the FILEINFO metadata parser. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-53703 HIGH This Week

Out-of-bounds read in the GStreamer RealMedia demuxer (gst-plugins-ugly) allows a maliciously crafted .rm file to crash the consuming application and potentially leak small amounts of adjacent heap memory through stream metadata. The flaw affects Red Hat Enterprise Linux 7, 8, 9, and 10 systems shipping the vulnerable demuxer, and exploitation requires a user to open or otherwise process the file (UI:R). There is no public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-52721 MEDIUM This Month

Out-of-bounds read vulnerabilities in GStreamer's pcapparse element expose Red Hat Enterprise Linux 6 through 10 users to potential application crashes or limited memory disclosure when processing malformed PCAP files. The flaws reside in IPv4/TCP header parsing logic, where specially crafted PCAP records trigger reads beyond buffer boundaries across multiple code paths. Real-world exposure is materially constrained by pcapparse's restriction to debugging pipelines, the requirement for local user interaction, and high attack complexity; no public exploit or active exploitation has been identified at time of analysis.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +4
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-53705 HIGH This Week

Heap memory corruption in the WavPack audio decoder of GStreamer's gst-plugins-good package allows remote attackers to crash applications or potentially achieve arbitrary code execution when a victim opens a malicious WavPack (.wv) audio file. The flaw, tracked as CVE-2026-53705 and reported by Red Hat, affects Red Hat Enterprise Linux versions 7, 8, 9, and 10, and stems from an integer overflow during buffer size calculation that produces an undersized heap allocation later overrun by decoded samples. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the multimedia decoder attack surface combined with RCE potential makes it a meaningful patching priority.

Buffer Overflow Integer Overflow RCE Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.6
EPSS
0.2%
CVE-2026-52719 HIGH This Week

Out-of-bounds read in the VA JPEG decoder shipped in GStreamer's gst-plugins-bad allows a remote attacker to crash the decoder or potentially leak adjacent memory contents when a victim opens a maliciously crafted JPEG file. The flaw stems from the JPEG parser trusting a segment-length value from the bitstream without verifying it fits within the buffer, and affects Red Hat Enterprise Linux 6 through 10 where the plugin is consumed. There is no public exploit identified at time of analysis and the issue is not in CISA KEV.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-8358 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's tracked-changes importer allows an attacker who delivers a maliciously crafted spreadsheet to corrupt heap memory, causing high-impact availability loss and potentially enabling arbitrary code execution at the victim's privilege level. The vulnerability is triggered when a document reuses the same change identifier for two structurally different change types, causing the importer to misidentify object size and write past the allocation boundary. A proof-of-concept exists (CVSS 4.0 E:P modifier); no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-8357 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's formula compiler allows an attacker to trigger an out-of-bounds write by crafting a spreadsheet containing a formula with extreme nesting depth composed of many consecutive opening tokens. The vulnerability stems from an off-by-one allocation error in the nesting-depth tracking array, causing a single-element write past the buffer's end during file parsing. The CVSS 4.0 vector carries an E:P modifier indicating a proof-of-concept exists; no public exploit identified at time of analysis beyond the POC, and the vulnerability is not listed in CISA KEV.

Memory Corruption Buffer Overflow Libreoffice
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-8356 MEDIUM PATCH This Month

Stack buffer overflow in LibreOffice's legacy binary PPT importer allows a crafted presentation file to corrupt stack memory, causing application crash or potential arbitrary code execution under the victim's user context. The flaw affects all LibreOffice versions when importing PPT files containing a colour-replacement record whose combined colour counts across two parsing passes exceed the fixed-size stack-allocated colour tables. No public exploit has been confirmed actively exploited (not in CISA KEV), though the CVSS 4.0 supplemental E:P metric indicates proof-of-concept code exists, elevating this above a purely theoretical risk.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6047 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's OOXML (DOCX) import component allows a specially crafted document to corrupt memory when processing text box elements, with high availability impact and limited confidentiality and integrity exposure. The flaw stems from a type confusion during deferred parser event replay: a handler object assumed to be a larger type is written to at that type's field layout, but the actual object may be smaller, causing the write to land past the end of the heap allocation. A proof-of-concept exploit exists (CVSS 4.0 E:P); no confirmed active exploitation is recorded in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6045 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's EMF+ graphics importer enables memory corruption when a user opens a specially crafted document containing a malicious gradient brush. The root cause is an integer overflow in the multiplication used to compute a heap allocation size from an attacker-controlled gradient blend point count - resulting in an undersized buffer that is subsequently written as if it were full-sized. A proof of concept exists (CVSS 4.0 E:P supplemental metric), no confirmed active exploitation is recorded, and impact spans process crash to potential arbitrary code execution within the LibreOffice session.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6039 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's DXF import engine allows a crafted CAD file to corrupt process memory when a polyline with more than 65,535 points is parsed. The root cause is an integer truncation defect: the point count read from the DXF file is narrowed to a 16-bit value when sizing the heap allocation, but the original, un-truncated count drives the subsequent write loop - any polyline exceeding 65,535 points overflows the undersized buffer. A proof-of-concept exists (CVSS 4.0 E:P), exploitation requires passive user interaction (opening a malicious DXF file), and no active exploitation has been confirmed in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-12222 HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows authenticated adjacent-network attackers to corrupt memory via the BlueToothTest handler exposed by the Web FastCGI service. Supplying crafted btMac, pin, or reserved parameters to /api/inner/bttest triggers the overflow inside mod_webd.BlueToothTest, with publicly available exploit code exists demonstrating an off-by-one write. The flaw is reachable from the LAN rather than the public internet, but the vendor has not responded to disclosure and no patched firmware has been published.

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2026-12221 HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows adjacent-network attackers with low privileges to corrupt memory via crafted uid or start_offset parameters sent to the /api/upgrade/upgrade firmware chunk upload endpoint. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving deployed devices without an official patch. CVSS 4.0 rates this 8.6 (High) with proof-of-concept maturity (E:P).

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2026-12220 HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows adjacent-network attackers with low-privilege credentials to corrupt memory via the uid parameter of the /api/upgrade/accupgradebychunk firmware chunk upload endpoint. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, raising the practical risk despite the adjacent-only attack vector. No public exploit identified as actively exploited in the wild (not on CISA KEV).

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2026-12216 LOW Monitor

Memory corruption in Duktape's bytecode API (duk_api_bytecode.c) allows local low-privilege attackers to corrupt process memory by supplying a crafted count_instr argument during bytecode processing. All Duktape versions up to 2.99.99 are affected. A public proof-of-concept exploit exists, though the CVSS 4.0 score of 1.9 reflects constrained real-world impact - local access and low privileges are required, and confidentiality, integrity, and availability impact is rated low. No patch is available; the vendor did not respond to coordinated disclosure.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-12218 HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.87.50.1) allows adjacent-network attackers with low-privileged access to corrupt memory via the port argument processed by the StartReportInformation function in the /api/inner/beforewifitest endpoint of the Web FastCGI Service. Publicly available exploit code exists, and the vendor was notified without response, leaving deployed devices unmitigated. No public exploit identified as active in-the-wild campaigns, but exploitation is feasible given the released PoC.

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
CVSS 4.0
7.3
EPSS
0.4%
CVE-2026-12200 MEDIUM POC This Month

Stack-based buffer overflow in Ritlabs TinyWeb Server 1.94 and earlier on Win32 allows remote unauthenticated attackers to crash the server or potentially execute arbitrary code by sending a specially crafted HTTP Authorization header, triggering a memory corruption condition in the libeay32.dll component's Header Handler. A public proof-of-concept exploit has been disclosed at nathan2.com/posts/tinyweb/, and the vendor has not responded to responsible disclosure notifications, leaving all known versions unpatched. No active exploitation has been confirmed in CISA KEV, though the combination of a public POC, network-reachable attack surface, and no patch represents a meaningful risk for any deployment of this software.

Stack Overflow Buffer Overflow Tinyweb Server
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-55652 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file containing an invalid VP codec configuration. The vulnerable function, gf_isom_vp_config_new in isomedia/avc_ext.c, fails to safely handle attacker-controlled input during ISO Base Media File Format parsing, resulting in a Denial of Service condition. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, placing this in a low-urgency remediation tier per SSVC signals.

Denial Of Service Heap Overflow Buffer Overflow N A
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-55645 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when processing a maliciously crafted MP4 file, triggering a DoS condition in the CENC DRM sample handler. The vulnerable code path resides in gf_cenc_set_pssh (isomedia/drm_sample.c), which processes Protection System Specific Header data embedded in MP4 containers. SSVC confirms no active exploitation, no public exploit exists, and the CVSS local-vector/user-interaction requirement significantly constrains real-world attack surface.

Denial Of Service Heap Overflow Buffer Overflow N A
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-12193 HIGH POC PATCH This Week

Local privilege escalation in VS Revo RevoUninstaller versions 2.5.x and 2.6.x is possible through a heap-based buffer overflow in the IOCtl_Handler function within the RevoDetector.sys kernel driver. Authenticated local users sending crafted IOCTL requests can corrupt kernel pool memory, potentially achieving SYSTEM-level code execution. Publicly available exploit code exists, and a detailed write-up plus PoC repository have been published, raising the practical risk despite no active exploitation listing.

Heap Overflow Buffer Overflow Revouninstaller
NVD VulDB GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-12192 HIGH This Week

Buffer overflow in the web server component of GALAYOU Y4 version 1.0.0 allows adjacent-network attackers to compromise the device's confidentiality, integrity, and availability without authentication. Publicly available exploit code exists per VulDB disclosure, though the vendor was contacted and did not respond, leaving the issue unpatched. EPSS data was not provided and the flaw is not listed in CISA KEV, but the public PoC combined with vendor silence elevates practical risk for any deployment exposed on shared LAN/Wi-Fi segments.

Buffer Overflow Y4
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2026-54413 HIGH This Week

Integer underflow and out-of-bounds read in driftregion iso14229 through version 0.9.0 allows remote unauthenticated attackers to crash a UDS server or read up to 65535 bytes of memory past the 4KB receive buffer by sending a single-byte 0x27 SecurityAccess diagnostic request. The Handle_0x27_SecurityAccess() function in iso14229.c at line 1447 fails to validate that recv_len is at least 2 before computing key-data length via unsigned subtraction, uniquely among all other sub-function handlers in the library. No public exploit identified at time of analysis, though the CVSS 4.0 supplemental metric E:P indicates publicly available exploit code exists, and the vulnerability is exposed across CAN bus, OBD-II, ISO-TP, and DoIP transports in the default diagnostic session on automotive ECUs, industrial controllers, and IoT devices.

Integer Overflow Buffer Overflow Iso14229
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.5%
CVE-2026-54412 HIGH This Week

Heap-based out-of-bounds read and integer underflow in LiamBindle MQTT-C (all versions through 1.1.6) allows a remote attacker who controls an MQTT broker - or who can inject packets into an unencrypted MQTT session - to crash any subscribed MQTT-C client and potentially disclose adjacent heap memory by sending a single specially crafted PUBLISH packet. The flaw resides in mqtt_unpack_publish_response() in src/mqtt.c, where the broker-supplied 16-bit topic_name_size field is used to advance a parse pointer without validating it fits within the packet's remaining_length, and the subsequent unsigned subtraction to derive application_message_size wraps to near 2^32 and is passed directly to memmove(). No patched release has been identified at time of analysis; a proof-of-concept is indicated by the CVSS 4.0 E:P supplemental metric, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Buffer Overflow Mqtt C
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.4%
CVE-2026-54410 HIGH This Week

Off-by-one buffer overflow in nanoMODBUS through v1.23.0 lets remote unauthenticated attackers write one attacker-controlled byte past a 260-byte receive buffer in the Modbus/TCP server's recv_msg_header() function. The corruption of the adjacent buffer-index field can cause denial of service on all targets and, on bare-metal/RTOS deployments without memory protection, leak one byte of memory and trigger unintended writes through the Write Multiple Registers (FC16) handler. No public exploit identified at time of analysis, but the bug is trivially reachable by sending a crafted MBAP frame with Length=255.

Denial Of Service Information Disclosure Buffer Overflow Nanomodbus
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.5%
CVE-2025-55660 MEDIUM This Month

Stack-based buffer overflow in GPAC's MP4Box tool crashes the process when parsing a crafted MP4 file containing a malformed non-self-delimited Opus packet. The function gf_opus_read_length() in media_tools/av_parsers.c performs a 2-byte out-of-bounds write into a stack-allocated pckh structure at offset 568, confirmed by AddressSanitizer at line 11140. No active exploitation is confirmed in CISA KEV, but a public proof-of-concept MP4 file is available from the reporter, and the CVSS vector (PR:N, UI:R) indicates any user or automated pipeline invoking MP4Box on untrusted Opus-bearing MP4 files is at risk of a process crash.

Denial Of Service Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-55661 MEDIUM This Month

Heap-based buffer overflow in GPAC's MP4Box Opus packet parser exposes file-processing pipelines to heap memory disclosure and application crash when handling a crafted MP4 containing a malformed Opus audio track. Processing a specially constructed file via MP4Box's XML dump mode (-dxml) triggers an out-of-bounds READ of 1 byte beyond a 3-byte heap allocation inside gf_opus_parse_packet_header() at av_parsers.c:11326, with adjacent heap memory potentially leaked as a secondary consequence. No public exploitation has been confirmed (not in CISA KEV), but a functional PoC MP4 file is publicly available on GitHub, lowering the barrier for targeted abuse in automated media-ingestion workflows.

Buffer Overflow Denial Of Service Heap Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-55648 MEDIUM This Month

Heap-based buffer overflow in GPAC MP4Box (all versions prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5) allows out-of-bounds heap READ when processing a crafted MP4 file containing corrupted stsz (sample-size box) data for an Opus audio track. When a user runs MP4Box with the -dxml flag against a malicious file, gf_opus_parse_packet_header() in av_parsers.c:11297 reads 1 byte beyond a 32-byte heap allocation, 1242 bytes past the base region allocated by Media_GetSample(), potentially leaking adjacent heap memory contents and crashing the process. A public proof-of-concept MP4 file is available; no active exploitation has been recorded in CISA KEV at time of analysis.

Buffer Overflow Denial Of Service Heap Overflow Gpac
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-6676 HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds prior to 8.3.27.12 on Windows, macOS, and Linux occurs when the scanner parses a malformed POSIX tar archive, triggering a heap out-of-bounds write that can either crash the AV process (DoS) or execute attacker code in the scanner's context. No public exploit identified at time of analysis, but the on-access scanning model means a victim only has to write the malicious tar to disk for the engine to touch it. Reported by GEN (Gen Digital, Avira's parent).

Microsoft Memory Corruption Buffer Overflow Apple Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-14098 HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to trigger a heap buffer out-of-bounds write by having the engine scan a malformed MS-DOS executable. The flaw stems from an integer overflow during parsing and can also crash the antivirus engine process, with no public exploit identified at time of analysis.

Microsoft Memory Corruption Buffer Overflow Apple Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9033 HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when the scanner processes a malformed PDF file, leading to a heap out-of-bounds read that can corrupt the antivirus engine process. CVSS 7.8 reflects the high impact on confidentiality, integrity, and availability, but exploitation requires the victim to expose the engine to the attacker's file. No public exploit identified at time of analysis.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9032 HIGH PATCH This Week

Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70.98) allows a malformed Windows PE file to trigger local code execution or crash the antivirus engine process. Because AV engines typically auto-scan files on access, simply writing or dropping a crafted PE onto disk can reach the vulnerable parser, and no public exploit identified at time of analysis. Exploitation requires the victim's AV to scan the file (UI:R), so realistic delivery is via downloads, email attachments, or removable media rather than fully remote unauthenticated execution.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7019 MEDIUM PATCH This Month

Stack overflow in Gen Digital's shared antivirus scanning engine crashes the AV process when it parses a malformed Office Open XML (OOXML) file, causing a Denial-of-Service condition. The flaw affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux - all products that consume the same Gen Digital VPS (virus definition) update stream. No active exploitation or public exploit code has been identified at time of analysis; the impact is limited to availability (AV process crash) with no confidentiality or integrity consequences.

Microsoft Stack Overflow Buffer Overflow Apple Avast Antivirus +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-7017 HIGH PATCH This Week

Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner parses a malformed Windows MSI installer file, triggering a heap out-of-bounds read. The flaw affects deployments on Windows, macOS, and Linux and requires user interaction to place a crafted MSI where the engine will scan it. No public exploit identified at time of analysis and CVSS scores it 7.8 High.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7011 HIGH PATCH This Week

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Business Antivirus) on Windows, macOS, and Linux stems from a heap out-of-bounds read in the malformed-ZIP/XML scanner across virus definition builds 25020100 through 25021207. An attacker who lures a user into letting the on-access scanner process a crafted archive can crash the antivirus process or potentially execute code in its context. No public exploit identified at time of analysis and the EPSS signal was not provided.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7010 MEDIUM PATCH This Month

Stack overflow via uncontrolled recursion crashes the antivirus scanning process across all Gen Digital consumer and business products when a crafted malformed PDF is scanned. Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux are all affected through a shared Gen Digital virus definition engine (VPS builds before 25021208). An attacker who can place a specially crafted PDF on a target system - or deliver it via email or download - can force a denial-of-service of the antivirus process; no public exploit has been identified at time of analysis.

Microsoft Apple Buffer Overflow Avast Antivirus Avg Antivirus +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-7009 HIGH PATCH This Week

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux) is triggered when the engine parses a malformed Windows PE file and performs a heap out-of-bounds read. Mitigation ships via the VPS 25021310 virus definition update rather than a product installer, so any consumer of the Gen Digital definition stream at or above that build is no longer exposed. No public exploit identified at time of analysis, but the bug sits inside a high-privilege scanner that auto-processes attacker-controlled files.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7008 HIGH PATCH This Week

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) allows a malformed Windows PE file with crafted .NET metadata to crash the AV process or potentially execute code locally on Windows, macOS, and Linux endpoints running virus definitions prior to VPS 25021310. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the bug is reachable via on-access scanning, meaning any user who receives a malicious file may trigger it without explicit action. UI:R in the CVSS vector and the local attack vector temper the urgency relative to the 7.8 base score.

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7004 HIGH PATCH This Week

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of service when the engine parses a malformed Windows PE file, affecting Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux on virus definition builds prior to VPS 25040308. Because the flaw lives in the scanner that typically runs with elevated privileges, successful exploitation can escalate to code execution in a high-privilege security context. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Memory Corruption Buffer Overflow Apple Avast Antivirus +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7003 HIGH PATCH This Week

Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing local code execution or denial-of-service of the antivirus process on Windows, macOS, and Linux engine builds prior to 8.3.70.56. The CVSS 7.8 (High) rating reflects local attack vector with required user interaction (the engine must scan the attacker-supplied file), and no public exploit identified at time of analysis. Because the AV engine typically runs with elevated privileges, successful code execution would inherit those privileges.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7002 HIGH PATCH This Week

Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compromise the scanning engine by placing a malformed PDF where the engine will scan it on Windows, macOS, or Linux. The flaw is a heap out-of-bounds read (CWE-125) triggered during PDF parsing, and no public exploit identified at time of analysis. CVSS is 7.8 (high) driven by full C/I/A impact on the local host, but exploitation requires user/scanner interaction with the malicious file.

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-41157 CRITICAL PATCH Act Now

Out-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim loads a web page containing crafted WebGPU content into the GLES GPU render process, corrupting memory and crashing the browser or GPU process. The flaw stems from an integer overflow in size calculation driven by untrusted input, which produces an undersized allocation that subsequent writes exceed. EPSS exploitation probability is very low at 0.02% (5th percentile) and no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Graphics Ddk
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-34195 HIGH This Week

Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged process to corrupt kernel memory by issuing crafted GPU sparse memory API calls, enabling privilege escalation to kernel context. Affected releases include Graphics DDK 24.2 RTM and the 25.1 RTM through 25.3 RTM line. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 5th percentile).

Memory Corruption Buffer Overflow Graphics Ddk
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-12043 HIGH PATCH This Week

Client-side memory corruption in the AWS Common Runtime aws-c-http library can be triggered by a malicious HTTP/2 server that sends a crafted sequence of HEADERS frames manipulating the HPACK dynamic table size, potentially leading to arbitrary code execution in applications that use the library as an HTTP/2 client. The CVSS 4.0 score of 8.7 (High) reflects network reachability with low complexity but requires user/client interaction (initiating a connection to the attacker server). There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow RCE Aws C Http
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49854 PyPI MEDIUM PATCH GHSA This Month

Out-of-bounds memory read in Tornado's optional C extension `tornado.speedups` exposes up to 3 bytes of uninitialized memory via a missing length validation in the `websocket_mask` function. Applications running Tornado versions prior to 6.5.6 with the native extension active and `xsrf_cookies=True` are reachable from the network without authentication (CVSS AV:N/PR:N), though high attack complexity (AC:H) is indicated by the dual configuration prerequisite. No public exploit code or CISA KEV listing exists at time of analysis, and EPSS stands at 0.04% (11th percentile), consistent with the low exploitation probability for a constrained information-disclosure primitive. Vendor-released patch is Tornado 6.5.6.

Python Buffer Overflow
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-47965 HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs through an out-of-bounds write triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker code in the context of the current user, making this a classic client-side attack suitable for phishing campaigns. No public exploit identified at time of analysis, but Adobe Reader memory corruption flaws have a long history of being weaponized in targeted attacks.

RCE Memory Corruption Adobe Buffer Overflow Acrobat Reader
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47223 MEDIUM PATCH This Month

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser allows unauthenticated remote attackers to read up to approximately 4 GiB of heap memory or crash the application by delivering a crafted archive to a Windows user who opens it. Affected versions span 3.0.1000.0 through all releases before 6.0.1698.0, with the vulnerability rooted in an inherited integer overflow flaw in 7-Zip's upstream AvbHandler. No public exploit code or active exploitation has been identified; an EPSS score of 0.05% (15th percentile) confirms negligible current threat activity, and this CVE does not appear in the CISA KEV catalog.

Microsoft Google Information Disclosure Buffer Overflow Nanazip
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-47224 MEDIUM PATCH This Month

Heap out-of-bounds read in NanaZip's inherited 7-Zip LvmHandler component allows an unauthenticated remote attacker to crash the application or potentially expose heap memory by tricking a user into opening a maliciously crafted LVM2 disk image. All NanaZip installations from version 3.0.1000.0 up to (but not including) 6.0.1698.0 on Windows are vulnerable. No public exploit code or active exploitation has been identified; an EPSS score of 0.04% at the 11th percentile reflects very low real-world exploitation probability.

Microsoft Information Disclosure Buffer Overflow Nanazip
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-47222 MEDIUM PATCH This Month

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser crashes the application and may leak heap memory contents when a victim opens a crafted .avb or .img file. Affected versions span 3.0.1000.0 through any release before 6.0.1698.0, covering a wide install base of Windows users. No public exploit code exists and EPSS sits at 0.05% (15th percentile), indicating low current exploitation interest, though the deterministic crash behavior lowers the bar for denial-of-service abuse.

Microsoft Information Disclosure Denial Of Service Google Buffer Overflow +1
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-43671 HIGH GHSA This Week

Out-of-bounds write in Apple's SwiftNIO ByteBuffer affects all releases from 1.0.0 through 2.99.0 and is fixed in 2.100.0. The flaw stems from UInt32 truncation in internal index/capacity converters, so when an attacker can influence an index, offset, or length passed to specific ByteBuffer write methods with a value above UInt32.max (~4 GiB), safety preconditions silently pass and subsequent writes can corrupt heap memory outside the buffer. No public exploit identified at time of analysis, and the high data-size threshold makes practical exploitation narrow but severe where applicable.

Memory Corruption Buffer Overflow
NVD GitHub
EPSS
0.0%
CVE-2026-47729 MEDIUM POC PATCH This Month

Squid proxy server is affected by CVE-2026-47729, disclosed alongside CVE-2026-50012 in a single oss-security post dated 2026-06-12 by Amos Jeffries. This is a pre-NVD disclosure, meaning technical details, affected versions, CVSS scores, and patch information have not yet been published to the NVD. No exploit code has been identified at time of analysis, and CISA KEV status is not confirmed.

Information Disclosure Buffer Overflow
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2026-48914 MEDIUM This Month

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The flaw exists because the virtio-blk device omits validation of input descriptor sizes prior to writing data, enabling a malicious guest operator to submit a crafted virtio-blk SCSI request that writes beyond the allocated host heap buffer. The primary confirmed impact is a denial of service (DoS) of the QEMU process on the host; no public exploit code has been identified at time of analysis and it is not listed in the CISA KEV catalog.

Denial Of Service Heap Overflow Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +5
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-11933 HIGH PATCH This Week

Memory disclosure and denial of service in MongoDB Server's server-side JavaScript engine allow an authenticated user with read privileges and JavaScript execution rights to read freed heap memory or crash the mongod process. The flaw is triggered during BSON-to-JavaScript array conversion when operators such as $where or $function are evaluated. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was self-reported by MongoDB.

Denial Of Service Memory Corruption Buffer Overflow MongoDB
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-12033 MEDIUM PATCH This Month

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-12030 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox through a heap-based out-of-bounds write in the GPU process triggered by a crafted HTML page. Chromium rates the severity High and a vendor patch is available, but no public exploit has been identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack (compromised renderer required) combined with full impact across confidentiality, integrity, and availability.

Heap Overflow Google Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12026 MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome's Video component on ChromeOS exposes process memory to attackers who have already established renderer process compromise. Specifically, an attacker with an existing foothold in the renderer can serve a crafted HTML page to a ChromeOS user and extract potentially sensitive data from memory. No public exploit or CISA KEV listing exists at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), indicating low real-world exploitation activity despite the High CVSS confidentiality impact.

Google Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-12019 HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. Exploitation is conditional on chaining with a prior renderer compromise, which raises real-world complexity.

Google Memory Corruption Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12010 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in the GPU process. Chromium rates this severity Critical, and while no public exploit identified at time of analysis, the bug is part of a classic two-stage exploitation chain typically used in browser zero-day exploits. Patch is available from vendor in Chrome 149.0.7827.115 and later.

Heap Overflow Google Buffer Overflow Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-52859 MEDIUM PATCH This Month

Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program running inside a `:terminal` window to crash Vim by outputting crafted Unicode combining characters that exhaust all six libvterm cell slots, causing the unguarded loop in `update_snapshot()` to walk past the fixed-size array and append out-of-bounds memory into the scrollback buffer. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog and no public exploit code has been identified, placing this in the lower-urgency tier despite the CVSS 4.0 score of 6.9. Real-world exploitation is constrained by the requirement that a victim be actively using Vim's `:terminal` feature to render attacker-influenced program output.

Information Disclosure Buffer Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox 151, Firefox ESR 115.36/140.11, and Thunderbird 151/ESR 140.11 allow remote attackers to potentially execute arbitrary code by serving crafted web content that triggers internal memory safety bugs. Mozilla developers observed evidence of memory corruption in several of these bugs and assess that sufficient effort could yield arbitrary code execution in the browser process. No public exploit identified at time of analysis, and SSVC reports no observed exploitation, but the high CVSS (8.1) and total technical impact warrant prompt patching.

RCE Mozilla Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Buffer Overflow Mozilla RCE +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Memory corruption in Mozilla Firefox 151 and Thunderbird 151 may allow remote attackers to achieve arbitrary code execution when a victim renders malicious web content, per Mozilla advisory MFSA2026-60. The flaw stems from multiple memory safety bugs that Mozilla assessed as potentially exploitable, though no public exploit identified at time of analysis and EPSS exploitation probability is low (0.22%, 13th percentile). It is fixed in Firefox 152, with no special privileges required but high attack complexity per the CVSS vector.

Mozilla Buffer Overflow RCE
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory corruption in the NSS (Network Security Services) Libraries component shipped with Mozilla Firefox allows remote attackers to trigger out-of-bounds memory access via incorrect boundary condition handling, with low impact across confidentiality, integrity, and availability. Mozilla addressed the issue in Firefox 152, with associated advisories MFSA2026-57 and MFSA2026-60. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 152 allows remote unauthenticated attackers to crash the browser by serving crafted web content, resulting in denial of service. The CVSS 3.1 base score of 7.5 reflects high availability impact without confidentiality or integrity loss, and no public exploit identified at time of analysis. Mozilla disclosed the issue via advisories MFSA2026-57 and MFSA2026-60 with a fix shipped in Firefox 152.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 allows remote attackers to compromise browser memory integrity through crafted web content, with confidentiality impact rated High per the CVSS vector. The flaw stems from a buffer-handling defect (CWE-119) reported by Mozilla itself and addressed across multiple security advisories (MFSA2026-57, -58, -60, -61). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 stems from a memory safety bug (CWE-119) that remote attackers can trigger via crafted web content. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, consistent with a browser crash rather than reliable code execution. No public exploit identified at time of analysis, and Mozilla has shipped fixes across multiple advisories (MFSA2026-57, -58, -60, -61).

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds read in Firefox's WebGPU graphics component exposes browser memory contents to remote attackers who can lure a user to a malicious webpage. All Firefox versions prior to 152 are affected, with the vulnerability stemming from incorrect boundary conditions during GPU-accelerated rendering operations. No public exploit or active exploitation has been identified at time of analysis; exploitation requires user interaction, limiting opportunistic mass exploitation despite the zero-authentication requirement on the attacker side.

Mozilla Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds read memory safety bug in Mozilla Firefox allows network-based attackers to cause limited confidentiality and integrity impact by luring users to visit crafted web content. All Firefox versions prior to 152 and Firefox ESR versions prior to 140.12 are affected, per Mozilla security advisories mfsa2026-57 and mfsa2026-58. No public exploit identified at time of analysis, and CISA SSVC assessment confirms no known active exploitation with only partial technical impact.

Mozilla Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Mozilla Firefox and Firefox ESR allows a remote attacker to break out of the browser's content sandbox by exploiting incorrect boundary conditions in the Networking component, leading to full compromise of confidentiality, integrity, and availability on the host. Exploitation requires user interaction (e.g., visiting a malicious page), but with CVSS 9.6 and a scope change, successful exploitation crosses the renderer/host trust boundary. No public exploit identified at time of analysis, and EPSS is low (0.16%), consistent with the SSVC 'Exploitation: none' signal.

Mozilla Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 allows remote attackers to compromise confidentiality and integrity via a crafted web page that triggers a buffer-related memory safety flaw. The issue also affects Firefox ESR before 140.12 and 115.37 and requires user interaction (e.g., visiting a malicious site). No public exploit identified at time of analysis and EPSS is low (0.16%), but SSVC rates technical impact as total.

Mozilla Buffer Overflow
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM Monitor

Heap corruption in fusesource Jansi's JNI native layer exposes Java applications to denial-of-service through application crashes. The JNI wrapper around the ioctl() system call omits array-size bounds checking before passing the argument array into native heap memory, enabling a heap buffer overflow condition reachable by any local actor who can influence that code path. No fix will be released - the project is confirmed unmaintained at the time CVE-2026-8484 was assigned, and all known versions carry this defect. No public exploit code or active KEV-confirmed exploitation has been identified at time of analysis.

Heap Overflow Buffer Overflow Jansi
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Remote code execution in Moxa NPort W2150A-W4/W2250A-W4 Series firmware version 1.5 and earlier allows authenticated administrators to corrupt memory by submitting an overlong 'Server location' value on the Basic settings page of the web management interface, yielding root-level command execution on the embedded serial device server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Moxa has issued advisory MPSA-261910 confirming the flaw. The companion CVE-2026-10828 (format string) was disclosed in the same advisory, suggesting the web management stack received broader scrutiny.

RCE Stack Overflow Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Local privilege escalation potential in the Linux kernel's net/sched traffic-control subsystem arises from a partial copy-on-write (COW) miss in the pedit action (tcf_pedit_act), where skb_ensure_writable() is sized using tcfp_off_max_hint before the per-key loop and fails to account for the runtime header offset added by typed keys, leaving part of the write region un-COW'd and causing page cache corruption. A local low-privileged attacker able to install tc pedit rules (CAP_NET_ADMIN, obtainable in user namespaces on many distros) can corrupt shared page-cache memory, with CVSS 7.8 reflecting high confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS is low at 0.14% (4th percentile) and the issue is not on CISA KEV.

Linux Buffer Overflow Integer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS v4.4.0 on Xtensa/MMU targets allows privileged kernel code to corrupt page tables or trigger a fatal MMU exception by destroying a memory domain without unlinking it from the global xtensa_domain_list. The dangling list node persists after arch_mem_domain_deinit() sets domain->arch.ptables to NULL, so any subsequent arch_mem_map() or arch_mem_unmap() call traverses the stale entry and dereferences the freed pointer - producing at minimum a denial-of-service kernel crash (NULL pointer deref) and at worst page-table memory corruption that undermines userspace process isolation. No public exploit code exists and no CISA KEV listing is present; however the integrity and availability impact (I:H, A:H) in a real-time OS kernel elevates practical severity beyond the 6.3 base score for affected embedded deployments.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.

Zyxel Stack Overflow Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Heap buffer overflow in GNOME localsearch (formerly tracker-miners) tracker-extract-mp3 component on Red Hat Enterprise Linux 8/9/10, Ubuntu, Debian, and SUSE allows remote attackers to trigger an out-of-bounds heap read by delivering a malformed MP3 file with crafted ID3 performer tags, leading to crashes (DoS) or disclosure of process memory contents. No public exploit identified at time of analysis, and the EPSS score of 0.19% (9th percentile) plus CISA SSVC 'Exploitation: none' indicate low real-world exploitation activity despite the 8.1 CVSS rating. Vendor patches are available across Red Hat (RHSA), Ubuntu USN-8019-1, Debian, and SUSE-SU-2026:0780/21854.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Heap buffer overflow in GNOME localsearch's tracker-extract-mp3 component enables a local attacker to crash the metadata extraction daemon and potentially disclose heap memory contents by supplying a specially crafted MP3 file with malformed ID3v2.3 COMM tags. Affected platforms confirmed by Red Hat include RHEL 8, 9, and 10, where GNOME localsearch (formerly tracker-miners) runs as a background desktop search indexing service. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; exploitation is further constrained by the requirement for local access, low privileges, and user interaction.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 +2
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Out-of-bounds read in the tracker-extract-mp3 component of GNOME localsearch (formerly tracker-miners) allows a low-privileged local user to trigger an application crash or leak sensitive process memory when the indexer parses a specially crafted MP3 file. Affected deployments include Red Hat Enterprise Linux 8, 9, and 10 running the GNOME desktop stack. No public exploit or active exploitation has been identified at time of analysis, though the file-based delivery mechanism - providing a malicious MP3 to a system where localsearch auto-indexes media - keeps realistic attacker reach higher than the AV:L vector alone implies.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Heap out-of-bounds read in GNOME localsearch (formerly tracker-miners) MP3 Extractor affects Red Hat Enterprise Linux 8, 9, and 10, exploitable when a local user triggers indexing of a specially crafted MP3 file containing malformed ID3v2.4 tags. The missing bounds check in the `extract_performers_tags` function can cause a Denial of Service via an unmapped memory read, and in certain heap layout scenarios may also leak fragments of heap memory, resulting in limited information disclosure. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.

Information Disclosure Buffer Overflow Socket +2
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Heap buffer under/overflow in Electron's Node.js Buffer API (versions 42.3.1 through 42.3.2) causes most apps to crash and may lead to incorrect buffer allocations resulting in unexpected truncation or memory corruption. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 reflects network-reachable, unauthenticated memory corruption with high impact to confidentiality, integrity, and availability. Affects any Electron-based desktop application shipping the vulnerable runtime.

Node.js Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a connecting client, potentially leading to remote code execution or denial of service. The flaw stems from validating rectangle area instead of individual dimensions, letting attacker-controlled rectangles extend beyond the framebuffer. No public exploit identified at time of analysis, though the issue affects GStreamer as shipped across Red Hat Enterprise Linux 6 through 10.

RCE Heap Overflow Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds read and denial-of-service in GStreamer's RealMedia demuxer (gst-plugins-ugly) allows remote attackers to crash, hang, or potentially leak limited adjacent memory when a victim opens a maliciously crafted RealMedia (.rm) file. The flaw stems from unvalidated offsets in re_skip_pascal_string() and an attacker-controlled loop counter in the FILEINFO metadata parser. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Denial Of Service Information Disclosure Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds read in the GStreamer RealMedia demuxer (gst-plugins-ugly) allows a maliciously crafted .rm file to crash the consuming application and potentially leak small amounts of adjacent heap memory through stream metadata. The flaw affects Red Hat Enterprise Linux 7, 8, 9, and 10 systems shipping the vulnerable demuxer, and exploitation requires a user to open or otherwise process the file (UI:R). There is no public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Out-of-bounds read vulnerabilities in GStreamer's pcapparse element expose Red Hat Enterprise Linux 6 through 10 users to potential application crashes or limited memory disclosure when processing malformed PCAP files. The flaws reside in IPv4/TCP header parsing logic, where specially crafted PCAP records trigger reads beyond buffer boundaries across multiple code paths. Real-world exposure is materially constrained by pcapparse's restriction to debugging pipelines, the requirement for local user interaction, and high attack complexity; no public exploit or active exploitation has been identified at time of analysis.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 +6
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Heap memory corruption in the WavPack audio decoder of GStreamer's gst-plugins-good package allows remote attackers to crash applications or potentially achieve arbitrary code execution when a victim opens a malicious WavPack (.wv) audio file. The flaw, tracked as CVE-2026-53705 and reported by Red Hat, affects Red Hat Enterprise Linux versions 7, 8, 9, and 10, and stems from an integer overflow during buffer size calculation that produces an undersized heap allocation later overrun by decoded samples. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the multimedia decoder attack surface combined with RCE potential makes it a meaningful patching priority.

Buffer Overflow Integer Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds read in the VA JPEG decoder shipped in GStreamer's gst-plugins-bad allows a remote attacker to crash the decoder or potentially leak adjacent memory contents when a victim opens a maliciously crafted JPEG file. The flaw stems from the JPEG parser trusting a segment-length value from the bitstream without verifying it fits within the buffer, and affects Red Hat Enterprise Linux 6 through 10 where the plugin is consumed. There is no public exploit identified at time of analysis and the issue is not in CISA KEV.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 +4
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's tracked-changes importer allows an attacker who delivers a maliciously crafted spreadsheet to corrupt heap memory, causing high-impact availability loss and potentially enabling arbitrary code execution at the victim's privilege level. The vulnerability is triggered when a document reuses the same change identifier for two structurally different change types, causing the importer to misidentify object size and write past the allocation boundary. A proof-of-concept exists (CVSS 4.0 E:P modifier); no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's formula compiler allows an attacker to trigger an out-of-bounds write by crafting a spreadsheet containing a formula with extreme nesting depth composed of many consecutive opening tokens. The vulnerability stems from an off-by-one allocation error in the nesting-depth tracking array, causing a single-element write past the buffer's end during file parsing. The CVSS 4.0 vector carries an E:P modifier indicating a proof-of-concept exists; no public exploit identified at time of analysis beyond the POC, and the vulnerability is not listed in CISA KEV.

Memory Corruption Buffer Overflow Libreoffice
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stack buffer overflow in LibreOffice's legacy binary PPT importer allows a crafted presentation file to corrupt stack memory, causing application crash or potential arbitrary code execution under the victim's user context. The flaw affects all LibreOffice versions when importing PPT files containing a colour-replacement record whose combined colour counts across two parsing passes exceed the fixed-size stack-allocated colour tables. No public exploit has been confirmed actively exploited (not in CISA KEV), though the CVSS 4.0 supplemental E:P metric indicates proof-of-concept code exists, elevating this above a purely theoretical risk.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's OOXML (DOCX) import component allows a specially crafted document to corrupt memory when processing text box elements, with high availability impact and limited confidentiality and integrity exposure. The flaw stems from a type confusion during deferred parser event replay: a handler object assumed to be a larger type is written to at that type's field layout, but the actual object may be smaller, causing the write to land past the end of the heap allocation. A proof-of-concept exploit exists (CVSS 4.0 E:P); no confirmed active exploitation is recorded in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's EMF+ graphics importer enables memory corruption when a user opens a specially crafted document containing a malicious gradient brush. The root cause is an integer overflow in the multiplication used to compute a heap allocation size from an attacker-controlled gradient blend point count - resulting in an undersized buffer that is subsequently written as if it were full-sized. A proof of concept exists (CVSS 4.0 E:P supplemental metric), no confirmed active exploitation is recorded, and impact spans process crash to potential arbitrary code execution within the LibreOffice session.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's DXF import engine allows a crafted CAD file to corrupt process memory when a polyline with more than 65,535 points is parsed. The root cause is an integer truncation defect: the point count read from the DXF file is narrowed to a 16-bit value when sizing the heap allocation, but the original, un-truncated count drives the subsequent write loop - any polyline exceeding 65,535 points overflows the undersized buffer. A proof-of-concept exists (CVSS 4.0 E:P), exploitation requires passive user interaction (opening a malicious DXF file), and no active exploitation has been confirmed in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows authenticated adjacent-network attackers to corrupt memory via the BlueToothTest handler exposed by the Web FastCGI service. Supplying crafted btMac, pin, or reserved parameters to /api/inner/bttest triggers the overflow inside mod_webd.BlueToothTest, with publicly available exploit code exists demonstrating an off-by-one write. The flaw is reachable from the LAN rather than the public internet, but the vendor has not responded to disclosure and no patched firmware has been published.

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows adjacent-network attackers with low privileges to corrupt memory via crafted uid or start_offset parameters sent to the /api/upgrade/upgrade firmware chunk upload endpoint. Publicly available exploit code exists, and the vendor did not respond to coordinated disclosure, leaving deployed devices without an official patch. CVSS 4.0 rates this 8.6 (High) with proof-of-concept maturity (E:P).

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.86.0.118) allows adjacent-network attackers with low-privilege credentials to corrupt memory via the uid parameter of the /api/upgrade/accupgradebychunk firmware chunk upload endpoint. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, raising the practical risk despite the adjacent-only attack vector. No public exploit identified as actively exploited in the wild (not on CISA KEV).

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Memory corruption in Duktape's bytecode API (duk_api_bytecode.c) allows local low-privilege attackers to corrupt process memory by supplying a crafted count_instr argument during bytecode processing. All Duktape versions up to 2.99.99 are affected. A public proof-of-concept exploit exists, though the CVSS 4.0 score of 1.9 reflects constrained real-world impact - local access and low privileges are required, and confidentiality, integrity, and availability impact is rated low. No patch is available; the vendor did not respond to coordinated disclosure.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Stack-based buffer overflow in the Yealink SIP-T46U IP phone (firmware 108.87.50.1) allows adjacent-network attackers with low-privileged access to corrupt memory via the port argument processed by the StartReportInformation function in the /api/inner/beforewifitest endpoint of the Web FastCGI Service. Publicly available exploit code exists, and the vendor was notified without response, leaving deployed devices unmitigated. No public exploit identified as active in-the-wild campaigns, but exploitation is feasible given the released PoC.

Stack Overflow Buffer Overflow Sip T46U
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Stack-based buffer overflow in Ritlabs TinyWeb Server 1.94 and earlier on Win32 allows remote unauthenticated attackers to crash the server or potentially execute arbitrary code by sending a specially crafted HTTP Authorization header, triggering a memory corruption condition in the libeay32.dll component's Header Handler. A public proof-of-concept exploit has been disclosed at nathan2.com/posts/tinyweb/, and the vendor has not responded to responsible disclosure notifications, leaving all known versions unpatched. No active exploitation has been confirmed in CISA KEV, though the combination of a public POC, network-reachable attack surface, and no patch represents a meaningful risk for any deployment of this software.

Stack Overflow Buffer Overflow Tinyweb Server
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file containing an invalid VP codec configuration. The vulnerable function, gf_isom_vp_config_new in isomedia/avc_ext.c, fails to safely handle attacker-controlled input during ISO Base Media File Format parsing, resulting in a Denial of Service condition. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, placing this in a low-urgency remediation tier per SSVC signals.

Denial Of Service Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when processing a maliciously crafted MP4 file, triggering a DoS condition in the CENC DRM sample handler. The vulnerable code path resides in gf_cenc_set_pssh (isomedia/drm_sample.c), which processes Protection System Specific Header data embedded in MP4 containers. SSVC confirms no active exploitation, no public exploit exists, and the CVSS local-vector/user-interaction requirement significantly constrains real-world attack surface.

Denial Of Service Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Local privilege escalation in VS Revo RevoUninstaller versions 2.5.x and 2.6.x is possible through a heap-based buffer overflow in the IOCtl_Handler function within the RevoDetector.sys kernel driver. Authenticated local users sending crafted IOCTL requests can corrupt kernel pool memory, potentially achieving SYSTEM-level code execution. Publicly available exploit code exists, and a detailed write-up plus PoC repository have been published, raising the practical risk despite no active exploitation listing.

Heap Overflow Buffer Overflow Revouninstaller
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Buffer overflow in the web server component of GALAYOU Y4 version 1.0.0 allows adjacent-network attackers to compromise the device's confidentiality, integrity, and availability without authentication. Publicly available exploit code exists per VulDB disclosure, though the vendor was contacted and did not respond, leaving the issue unpatched. EPSS data was not provided and the flaw is not listed in CISA KEV, but the public PoC combined with vendor silence elevates practical risk for any deployment exposed on shared LAN/Wi-Fi segments.

Buffer Overflow Y4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Integer underflow and out-of-bounds read in driftregion iso14229 through version 0.9.0 allows remote unauthenticated attackers to crash a UDS server or read up to 65535 bytes of memory past the 4KB receive buffer by sending a single-byte 0x27 SecurityAccess diagnostic request. The Handle_0x27_SecurityAccess() function in iso14229.c at line 1447 fails to validate that recv_len is at least 2 before computing key-data length via unsigned subtraction, uniquely among all other sub-function handlers in the library. No public exploit identified at time of analysis, though the CVSS 4.0 supplemental metric E:P indicates publicly available exploit code exists, and the vulnerability is exposed across CAN bus, OBD-II, ISO-TP, and DoIP transports in the default diagnostic session on automotive ECUs, industrial controllers, and IoT devices.

Integer Overflow Buffer Overflow Iso14229
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based out-of-bounds read and integer underflow in LiamBindle MQTT-C (all versions through 1.1.6) allows a remote attacker who controls an MQTT broker - or who can inject packets into an unencrypted MQTT session - to crash any subscribed MQTT-C client and potentially disclose adjacent heap memory by sending a single specially crafted PUBLISH packet. The flaw resides in mqtt_unpack_publish_response() in src/mqtt.c, where the broker-supplied 16-bit topic_name_size field is used to advance a parse pointer without validating it fits within the packet's remaining_length, and the subsequent unsigned subtraction to derive application_message_size wraps to near 2^32 and is passed directly to memmove(). No patched release has been identified at time of analysis; a proof-of-concept is indicated by the CVSS 4.0 E:P supplemental metric, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Buffer Overflow Mqtt C
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Off-by-one buffer overflow in nanoMODBUS through v1.23.0 lets remote unauthenticated attackers write one attacker-controlled byte past a 260-byte receive buffer in the Modbus/TCP server's recv_msg_header() function. The corruption of the adjacent buffer-index field can cause denial of service on all targets and, on bare-metal/RTOS deployments without memory protection, leak one byte of memory and trigger unintended writes through the Write Multiple Registers (FC16) handler. No public exploit identified at time of analysis, but the bug is trivially reachable by sending a crafted MBAP frame with Length=255.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Stack-based buffer overflow in GPAC's MP4Box tool crashes the process when parsing a crafted MP4 file containing a malformed non-self-delimited Opus packet. The function gf_opus_read_length() in media_tools/av_parsers.c performs a 2-byte out-of-bounds write into a stack-allocated pckh structure at offset 568, confirmed by AddressSanitizer at line 11140. No active exploitation is confirmed in CISA KEV, but a public proof-of-concept MP4 file is available from the reporter, and the CVSS vector (PR:N, UI:R) indicates any user or automated pipeline invoking MP4Box on untrusted Opus-bearing MP4 files is at risk of a process crash.

Denial Of Service Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in GPAC's MP4Box Opus packet parser exposes file-processing pipelines to heap memory disclosure and application crash when handling a crafted MP4 containing a malformed Opus audio track. Processing a specially constructed file via MP4Box's XML dump mode (-dxml) triggers an out-of-bounds READ of 1 byte beyond a 3-byte heap allocation inside gf_opus_parse_packet_header() at av_parsers.c:11326, with adjacent heap memory potentially leaked as a secondary consequence. No public exploitation has been confirmed (not in CISA KEV), but a functional PoC MP4 file is publicly available on GitHub, lowering the barrier for targeted abuse in automated media-ingestion workflows.

Buffer Overflow Denial Of Service Heap Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in GPAC MP4Box (all versions prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5) allows out-of-bounds heap READ when processing a crafted MP4 file containing corrupted stsz (sample-size box) data for an Opus audio track. When a user runs MP4Box with the -dxml flag against a malicious file, gf_opus_parse_packet_header() in av_parsers.c:11297 reads 1 byte beyond a 32-byte heap allocation, 1242 bytes past the base region allocated by Media_GetSample(), potentially leaking adjacent heap memory contents and crashing the process. A public proof-of-concept MP4 file is available; no active exploitation has been recorded in CISA KEV at time of analysis.

Buffer Overflow Denial Of Service Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds prior to 8.3.27.12 on Windows, macOS, and Linux occurs when the scanner parses a malformed POSIX tar archive, triggering a heap out-of-bounds write that can either crash the AV process (DoS) or execute attacker code in the scanner's context. No public exploit identified at time of analysis, but the on-access scanning model means a victim only has to write the malicious tar to disk for the engine to touch it. Reported by GEN (Gen Digital, Avira's parent).

Microsoft Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to trigger a heap buffer out-of-bounds write by having the engine scan a malformed MS-DOS executable. The flaw stems from an integer overflow during parsing and can also crash the antivirus engine process, with no public exploit identified at time of analysis.

Microsoft Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when the scanner processes a malformed PDF file, leading to a heap out-of-bounds read that can corrupt the antivirus engine process. CVSS 7.8 reflects the high impact on confidentiality, integrity, and availability, but exploitation requires the victim to expose the engine to the attacker's file. No public exploit identified at time of analysis.

Microsoft Apple Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70.98) allows a malformed Windows PE file to trigger local code execution or crash the antivirus engine process. Because AV engines typically auto-scan files on access, simply writing or dropping a crafted PE onto disk can reach the vulnerable parser, and no public exploit identified at time of analysis. Exploitation requires the victim's AV to scan the file (UI:R), so realistic delivery is via downloads, email attachments, or removable media rather than fully remote unauthenticated execution.

Microsoft Apple Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Stack overflow in Gen Digital's shared antivirus scanning engine crashes the AV process when it parses a malformed Office Open XML (OOXML) file, causing a Denial-of-Service condition. The flaw affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux - all products that consume the same Gen Digital VPS (virus definition) update stream. No active exploitation or public exploit code has been identified at time of analysis; the impact is limited to availability (AV process crash) with no confidentiality or integrity consequences.

Microsoft Stack Overflow Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner parses a malformed Windows MSI installer file, triggering a heap out-of-bounds read. The flaw affects deployments on Windows, macOS, and Linux and requires user interaction to place a crafted MSI where the engine will scan it. No public exploit identified at time of analysis and CVSS scores it 7.8 High.

Microsoft Apple Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Business Antivirus) on Windows, macOS, and Linux stems from a heap out-of-bounds read in the malformed-ZIP/XML scanner across virus definition builds 25020100 through 25021207. An attacker who lures a user into letting the on-access scanner process a crafted archive can crash the antivirus process or potentially execute code in its context. No public exploit identified at time of analysis and the EPSS signal was not provided.

Microsoft Apple Information Disclosure +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Stack overflow via uncontrolled recursion crashes the antivirus scanning process across all Gen Digital consumer and business products when a crafted malformed PDF is scanned. Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux are all affected through a shared Gen Digital virus definition engine (VPS builds before 25021208). An attacker who can place a specially crafted PDF on a target system - or deliver it via email or download - can force a denial-of-service of the antivirus process; no public exploit has been identified at time of analysis.

Microsoft Apple Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux) is triggered when the engine parses a malformed Windows PE file and performs a heap out-of-bounds read. Mitigation ships via the VPS 25021310 virus definition update rather than a product installer, so any consumer of the Gen Digital definition stream at or above that build is no longer exposed. No public exploit identified at time of analysis, but the bug sits inside a high-privilege scanner that auto-processes attacker-controlled files.

Microsoft Apple Information Disclosure +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) allows a malformed Windows PE file with crafted .NET metadata to crash the AV process or potentially execute code locally on Windows, macOS, and Linux endpoints running virus definitions prior to VPS 25021310. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the bug is reachable via on-access scanning, meaning any user who receives a malicious file may trigger it without explicit action. UI:R in the CVSS vector and the local attack vector temper the urgency relative to the 7.8 base score.

Microsoft Apple Information Disclosure +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of service when the engine parses a malformed Windows PE file, affecting Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux on virus definition builds prior to VPS 25040308. Because the flaw lives in the scanner that typically runs with elevated privileges, successful exploitation can escalate to code execution in a high-privilege security context. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Memory Corruption Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing local code execution or denial-of-service of the antivirus process on Windows, macOS, and Linux engine builds prior to 8.3.70.56. The CVSS 7.8 (High) rating reflects local attack vector with required user interaction (the engine must scan the attacker-supplied file), and no public exploit identified at time of analysis. Because the AV engine typically runs with elevated privileges, successful code execution would inherit those privileges.

Microsoft Apple Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compromise the scanning engine by placing a malformed PDF where the engine will scan it on Windows, macOS, or Linux. The flaw is a heap out-of-bounds read (CWE-125) triggered during PDF parsing, and no public exploit identified at time of analysis. CVSS is 7.8 (high) driven by full C/I/A impact on the local host, but exploitation requires user/scanner interaction with the malicious file.

Microsoft Apple Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Out-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim loads a web page containing crafted WebGPU content into the GLES GPU render process, corrupting memory and crashing the browser or GPU process. The flaw stems from an integer overflow in size calculation driven by untrusted input, which produces an undersized allocation that subsequent writes exceed. EPSS exploitation probability is very low at 0.02% (5th percentile) and no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Graphics Ddk
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged process to corrupt kernel memory by issuing crafted GPU sparse memory API calls, enabling privilege escalation to kernel context. Affected releases include Graphics DDK 24.2 RTM and the 25.1 RTM through 25.3 RTM line. No public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 5th percentile).

Memory Corruption Buffer Overflow Graphics Ddk
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Client-side memory corruption in the AWS Common Runtime aws-c-http library can be triggered by a malicious HTTP/2 server that sends a crafted sequence of HEADERS frames manipulating the HPACK dynamic table size, potentially leading to arbitrary code execution in applications that use the library as an HTTP/2 client. The CVSS 4.0 score of 8.7 (High) reflects network reachability with low complexity but requires user/client interaction (initiating a connection to the attacker server). There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow RCE Aws C Http
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds memory read in Tornado's optional C extension `tornado.speedups` exposes up to 3 bytes of uninitialized memory via a missing length validation in the `websocket_mask` function. Applications running Tornado versions prior to 6.5.6 with the native extension active and `xsrf_cookies=True` are reachable from the network without authentication (CVSS AV:N/PR:N), though high attack complexity (AC:H) is indicated by the dual configuration prerequisite. No public exploit code or CISA KEV listing exists at time of analysis, and EPSS stands at 0.04% (11th percentile), consistent with the low exploitation probability for a constrained information-disclosure primitive. Vendor-released patch is Tornado 6.5.6.

Python Buffer Overflow
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs through an out-of-bounds write triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker code in the context of the current user, making this a classic client-side attack suitable for phishing campaigns. No public exploit identified at time of analysis, but Adobe Reader memory corruption flaws have a long history of being weaponized in targeted attacks.

RCE Memory Corruption Adobe +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser allows unauthenticated remote attackers to read up to approximately 4 GiB of heap memory or crash the application by delivering a crafted archive to a Windows user who opens it. Affected versions span 3.0.1000.0 through all releases before 6.0.1698.0, with the vulnerability rooted in an inherited integer overflow flaw in 7-Zip's upstream AvbHandler. No public exploit code or active exploitation has been identified; an EPSS score of 0.05% (15th percentile) confirms negligible current threat activity, and this CVE does not appear in the CISA KEV catalog.

Microsoft Google Information Disclosure +2
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Heap out-of-bounds read in NanaZip's inherited 7-Zip LvmHandler component allows an unauthenticated remote attacker to crash the application or potentially expose heap memory by tricking a user into opening a maliciously crafted LVM2 disk image. All NanaZip installations from version 3.0.1000.0 up to (but not including) 6.0.1698.0 on Windows are vulnerable. No public exploit code or active exploitation has been identified; an EPSS score of 0.04% at the 11th percentile reflects very low real-world exploitation probability.

Microsoft Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser crashes the application and may leak heap memory contents when a victim opens a crafted .avb or .img file. Affected versions span 3.0.1000.0 through any release before 6.0.1698.0, covering a wide install base of Windows users. No public exploit code exists and EPSS sits at 0.05% (15th percentile), indicating low current exploitation interest, though the deterministic crash behavior lowers the bar for denial-of-service abuse.

Microsoft Information Disclosure Denial Of Service +3
NVD GitHub
EPSS 0%
HIGH This Week

Out-of-bounds write in Apple's SwiftNIO ByteBuffer affects all releases from 1.0.0 through 2.99.0 and is fixed in 2.100.0. The flaw stems from UInt32 truncation in internal index/capacity converters, so when an attacker can influence an index, offset, or length passed to specific ByteBuffer write methods with a value above UInt32.max (~4 GiB), safety preconditions silently pass and subsequent writes can corrupt heap memory outside the buffer. No public exploit identified at time of analysis, and the high data-size threshold makes practical exploitation narrow but severe where applicable.

Memory Corruption Buffer Overflow
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

Squid proxy server is affected by CVE-2026-47729, disclosed alongside CVE-2026-50012 in a single oss-security post dated 2026-06-12 by Amos Jeffries. This is a pre-NVD disclosure, meaning technical details, affected versions, CVSS scores, and patch information have not yet been published to the NVD. No exploit code has been identified at time of analysis, and CISA KEV status is not confirmed.

Information Disclosure Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The flaw exists because the virtio-blk device omits validation of input descriptor sizes prior to writing data, enabling a malicious guest operator to submit a crafted virtio-blk SCSI request that writes beyond the allocated host heap buffer. The primary confirmed impact is a denial of service (DoS) of the QEMU process on the host; no public exploit code has been identified at time of analysis and it is not listed in the CISA KEV catalog.

Denial Of Service Heap Overflow Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Memory disclosure and denial of service in MongoDB Server's server-side JavaScript engine allow an authenticated user with read privileges and JavaScript execution rights to read freed heap memory or crash the mongod process. The flaw is triggered during BSON-to-JavaScript array conversion when operators such as $where or $function are evaluated. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was self-reported by MongoDB.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox through a heap-based out-of-bounds write in the GPU process triggered by a crafted HTML page. Chromium rates the severity High and a vendor patch is available, but no public exploit has been identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack (compromised renderer required) combined with full impact across confidentiality, integrity, and availability.

Heap Overflow Google Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome's Video component on ChromeOS exposes process memory to attackers who have already established renderer process compromise. Specifically, an attacker with an existing foothold in the renderer can serve a crafted HTML page to a ChromeOS user and extract potentially sensitive data from memory. No public exploit or CISA KEV listing exists at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), indicating low real-world exploitation activity despite the High CVSS confidentiality impact.

Google Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. Exploitation is conditional on chaining with a prior renderer compromise, which raises real-world complexity.

Google Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in the GPU process. Chromium rates this severity Critical, and while no public exploit identified at time of analysis, the bug is part of a classic two-stage exploitation chain typically used in browser zero-day exploits. Patch is available from vendor in Chrome 149.0.7827.115 and later.

Heap Overflow Google Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program running inside a `:terminal` window to crash Vim by outputting crafted Unicode combining characters that exhaust all six libvterm cell slots, causing the unguarded loop in `update_snapshot()` to walk past the fixed-size array and append out-of-bounds memory into the scrollback buffer. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog and no public exploit code has been identified, placing this in the lower-urgency tier despite the CVSS 4.0 score of 6.9. Real-world exploitation is constrained by the requirement that a victim be actively using Vim's `:terminal` feature to render attacker-influenced program output.

Information Disclosure Buffer Overflow Vim +2
NVD GitHub VulDB
Prev Page 11 of 402 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy