Skip to main content

Buffer Overflow

36133 CVEs technique

Monthly

CVE-2025-55664 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4's MPEG-2 TS demuxer crashes the application when processing a specially crafted MP4 file, resulting in a Denial of Service. The vulnerable function `m2tsdmx_send_packet` in `filters/dmx_m2ts.c` lacked a minimum packet-length guard before performing heap operations on M2TS packet data. No active exploitation has been identified (not in CISA KEV), and impact is limited to availability - no code execution or data exposure is achievable via this path.

Heap Overflow Denial Of Service Buffer Overflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-10268 LOW POC PATCH Monitor

Integer overflow in the Janet scripting language's fiber unmarshaling routine (versions up to 1.41.0) allows a local authenticated attacker to cause a denial-of-service condition. The vulnerable function `unmarshal_one_fiber` in `src/core/marsh.c` performs an unchecked addition when computing fiber stack capacity - if `fiber_stacktop` is near INT32_MAX, adding 10 wraps the value, resulting in a dangerously small capacity allocation that crashes the interpreter. No public exploitation in production environments has been confirmed (not listed in CISA KEV), but a public proof-of-concept exploit exists, and the upstream patch has been released as commit d9b1d711.

Buffer Overflow Integer Overflow Janet
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10233 LOW POC Monitor

Out-of-bounds read in Assimp's Half-Life 1 MDL Loader affects all versions up to 6.0.4, enabling a local low-privileged attacker to leak memory contents by supplying a crafted MDL file that triggers faulty bounds handling in the `read_sequence_infos` function of `HL1MDLLoader.cpp`. Impact is confined to partial confidentiality loss (C:L) with no integrity or availability consequences per the CVSS vector. A publicly available proof-of-concept exploit exists (POC disclosed via GitHub), though no active exploitation has been confirmed and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10231 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader allows a local authenticated attacker to corrupt memory via a crafted MDL file, potentially achieving limited confidentiality, integrity, and availability impact. Affected versions span all releases up to and including 6.0.4 of the open-source asset import library. No public exploit identified at time of analysis as active exploitation, but a proof-of-concept has been publicly released, and the CVSS temporal vector confirms exploit code existence (E:P).

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10230 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (versions up to 6.0.4) allows a locally authenticated attacker with low privileges to corrupt heap memory via a crafted MDL animation file, producing low-severity but confirmed confidentiality, integrity, and availability impact. The vulnerability resides in the read_animations function of HL1MDLLoader.cpp and is reproducible with publicly available exploit code (POC). This is not confirmed in CISA KEV, and the Assimp project has tagged the report as a bug rather than a security defect, which may slow patch prioritization.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10229 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (HL1MDLLoader::read_meshes, versions through 6.0.4) allows local attackers with low privileges to trigger memory corruption when a crafted MDL file is processed, yielding partial confidentiality, integrity, and availability impact on the host process. A publicly available proof-of-concept exploit (poc.zip) has been disclosed, raising the urgency for affected deployments that ingest untrusted HL1 model files. No actively exploited status from CISA KEV has been confirmed; the Assimp project has tagged the report as a bug rather than a formal security advisory, and no patched release version has been identified at time of analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-35563 Maven HIGH PATCH GHSA This Week

Improper certificate hostname validation in the Apache Directory LDAP API client allows network-positioned attackers to impersonate LDAP servers and intercept authenticated directory traffic. The flaw was disclosed via the oss-security mailing list on 2026-06-01 and is tracked under CWE-297; no public exploit identified at time of analysis. With a CVSS 4.0 score of 8.8 and high confidentiality/integrity impact, the issue is significant for applications that rely on this library to connect to LDAP/LDAPS endpoints.

Apache Buffer Overflow
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-20456 MEDIUM This Month

Out-of-bounds write in the MediaTek WLAN STA (Station mode) driver enables local denial of service across six MediaTek Wi-Fi chipset families, confirmed by MediaTek in their June 2026 Product Security Bulletin. A low-privileged local user can crash the system without any user interaction by triggering the missing bounds check in the driver, exploiting CWE-787 memory corruption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Memory Corruption Denial Of Service Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20455 HIGH This Week

Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gained System-level privileges on an affected device to write out-of-bounds memory and escalate further on the chipset. The flaw affects a broad range of MediaTek chipsets used in mobile and embedded devices, with no public exploit identified at time of analysis. CVSS is 7.8 (High) reflecting the high integrity, confidentiality, and availability impact despite the local attack vector.

Privilege Escalation Memory Corruption Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20454 MEDIUM This Month

Local privilege escalation in MediaTek's GenieZone hypervisor component affects 36 distinct chipsets via a race condition-induced out-of-bounds write. An attacker who has already obtained System-level privilege on an affected Android device can exploit the TOCTOU flaw to escalate further - likely to kernel or hypervisor-level execution - achieving full confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and no KEV listing exists; however, the wide chipset footprint spanning flagship to budget SoCs significantly broadens the potential attack surface.

Privilege Escalation Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-20453 MEDIUM This Month

Local privilege escalation in MediaTek's geniezone hypervisor component affects 36 distinct chipsets spanning budget to flagship tiers. An attacker who has already achieved System-level privilege can trigger an out-of-bounds write caused by a missing bounds check, escalating further - likely into kernel or hypervisor trust boundaries - with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and this is not listed in the CISA KEV catalog; however, the post-compromise escalation path makes this relevant to threat actors performing multi-stage device compromise on Android-based MediaTek hardware.

Privilege Escalation Memory Corruption Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20452 HIGH This Week

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user execution to corrupt memory and achieve remote code execution without user interaction. The flaw affects multiple MediaTek Wi-Fi chipsets commonly embedded in routers and access points (MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993, MT6890). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-10206 HIGH POC This Week

Stack-based buffer overflow in D-Link DI-8400 routers through firmware 16.07.26A1 allows authenticated remote attackers to corrupt memory by manipulating the 'str' parameter in /dbsrv.asp, potentially achieving code execution on the device. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges per the CVSS 4.0 vector. The original researcher advisory notes contradictory parameter names, introducing some uncertainty about the exact trigger field.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-37228 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated attackers to crash near-RT RIC, iApp, E2 Agent, or xApp processes by sending a single oversized SCTP message (>=32,768 bytes) to ports 36421 or 36422. The flaw is a reachable assertion in e2ap_recv_sctp_msg() that triggers SIGABRT in debug builds, while NDEBUG release builds face a signed-to-unsigned integer overflow leading to potential out-of-bounds reads. No public exploit identified at time of analysis and EPSS probability is very low (0.04%), but the trivial preconditions make this a meaningful availability risk for O-RAN deployments.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-10200 LOW POC Monitor

Heap-based buffer overflow in Assimp's glTF 4x4 Matrix Parser (versions up to 6.0.4) can be triggered by a local, low-privileged attacker supplying crafted input to the `glTFCommon::CopyValue` function in `glTFCommon.h`, resulting in partial confidentiality, integrity, and availability impact. A public proof-of-concept exploit archive has been published on GitHub, confirmed by the CVSS temporal modifier E:P (proof-of-concept). No active exploitation has been confirmed (not in CISA KEV), and the CVSS remediation level RL:X indicates no official patch has been defined as of this analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-8796 HIGH PATCH This Week

Heap out-of-bounds read in Sereal::Decoder for Perl before version 5.005 allows remote attackers to leak up to 31 bytes of adjacent heap memory when a victim application decodes attacker-controlled Sereal-encoded data. The flaw lives in COPY tag handling within srl_read_object() and srl_read_hash(), where a crafted COPY offset can redirect the decoder to mid-value bytes that are then re-interpreted as a SHORT_BINARY tag without bounds checking against the COPY tag's own offset. No public exploit identified at time of analysis, and EPSS is 0.01%, but a vendor patch is available in Sereal-Decoder 5.005.

Information Disclosure Buffer Overflow Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-10194 MEDIUM PATCH This Month

Heap-based buffer overflow in OFFIS DCMTK 3.7.0's dcmqrscp component allows remote low-privileged attackers to trigger memory corruption via the deleteOldestImages function in the DICOM Query/Retrieve database backend. Exploitation requires authenticated network access with low complexity and results in partial confidentiality, integrity, and availability impact without crossing privilege boundaries. No public exploit identified at time of analysis; an upstream git commit patch is confirmed available, though a formally tagged release version incorporating the fix has not been independently verified.

Heap Overflow Buffer Overflow Suse
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-10192 HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers to corrupt memory in the embedded HTTP daemon by supplying a crafted Time argument to the set_local_time_0 function in /bin/httpd. Publicly available exploit code exists, and the CVSS 4.0 base score of 7.4 reflects high impact to confidentiality, integrity, and availability with low-privilege network access. No CISA KEV listing or EPSS score is provided, so widespread opportunistic exploitation is not confirmed at this time.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10191 HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote authenticated attackers to corrupt memory in the embedded HTTP daemon by supplying an oversized wifiMacFilterSet.macList.mac parameter to the cgiWifiMacFilterSet handler in /bin/httpd. Publicly available exploit code exists, raising the practical risk of device compromise, denial of service, or potential code execution on affected access points, though no CISA KEV listing or active exploitation has been confirmed.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10189 HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows authenticated remote attackers to corrupt memory in the embedded HTTP daemon via the 'sec' parameter of the cgiSysTimeInfoSet handler. Publicly available exploit code exists for this issue, raising the practical risk for exposed management interfaces despite no public exploit identified at time of analysis in the CISA KEV catalog.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10188 HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers with low privileges to corrupt memory via the staMac parameter processed by the cgistaKickOff function in /bin/httpd. Publicly available exploit code exists (hosted at cdn2.v50to.cc), elevating practical risk despite no current CISA KEV listing. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact achievable over the network against this enterprise wireless access point.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2026-10187 HIGH POC This Week

Stack-based buffer overflow in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote attackers to corrupt memory via the KeyStr argument processed by the setWiFiBasicConfig function in wireless.so, reachable through the Web Management Interface. Publicly available exploit code exists, and the CVSS 4.0 vector indicates network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability. No CISA KEV listing has been published, so exploitation is not confirmed in the wild despite the public PoC.

Buffer Overflow Stack Overflow N300Rh
NVD VulDB
CVSS 4.0
8.9
EPSS
0.1%
CVE-2026-10183 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router allows remote attackers with low privileges to corrupt memory via the enrollee parameter in the formWlanSetup handler at /goform/formWlanSetup. Publicly available exploit code exists, and the vendor has explicitly declined to patch because the device reached end-of-life in 2009. No CISA KEV listing is present, but the combination of public PoC, network-reachable attack surface, and permanent unpatched status makes any internet-exposed unit a standing risk.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10181 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows remote authenticated attackers to corrupt memory via a crafted submit-url argument to the formSysCmd handler at /goform/formSysCmd. Publicly available exploit code exists per VulDB submission and a GitHub PoC, while the device has been end-of-life since 2009 and the vendor has explicitly stated they will not issue a fix. No CISA KEV listing or EPSS score was provided, but the combination of public PoC and abandoned product status makes any exposed device a concrete target.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10179 HIGH This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory and likely achieve code execution by manipulating the 'webpage' argument in the formSetWlanEncrypt handler at /goform/formSetWlanEncrypt. Publicly available exploit code exists per the VulDB submission, and the vendor has explicitly refused to patch because the device has been end-of-life since 2009, making any deployed units permanently vulnerable.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10165 HIGH POC This Week

Stack-based buffer overflow in the Edimax BR-6478AC 1.23 wireless router enables authenticated remote attackers to corrupt memory by sending a crafted pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists (published via VulDB and a Notion writeup), elevating this from a theoretical issue to a practical threat, though no CISA KEV listing or active exploitation has been confirmed. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device itself, with exploitation requiring only low-level authentication.

Buffer Overflow Stack Overflow Br 6478Ac
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10164 HIGH POC This Week

Remote buffer overflow in the Edimax BR-6478AC 1.23 wireless router allows authenticated attackers to corrupt memory via the formUSBFolder POST handler by supplying oversized ShareName or SelectName arguments. Publicly available exploit code exists (hosted on a Notion page referenced by VulDB), and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device with low privileges required. No CISA KEV listing, so this is best treated as a publicly weaponizable bug awaiting a vendor response.

Buffer Overflow Br 6478Ac
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10163 HIGH POC This Week

Buffer overflow in the Edimax BR-6478AC v1.23 wireless router allows authenticated remote attackers to corrupt memory by sending oversized UserName or Password values to the /goform/formUSBAccount endpoint. Publicly available exploit code exists for this issue, raising the practical risk despite the requirement for low-level credentials, though no active exploitation has been confirmed via CISA KEV.

Buffer Overflow Br 6478Ac
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10162 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the webpage parameter in the formSetPassword handler at /goform/formSetPassword, with publicly available exploit code increasing risk. The vendor has formally declined to patch this end-of-life device (EOL since 2009), making any deployment permanently vulnerable. CVSS 4.0 rates this 7.4 (High) with proven exploit maturity, though no CISA KEV listing exists at this time.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10161 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the status_statistic parameter in the /goform/formResetStatistic endpoint, potentially leading to code execution or device compromise. Publicly available exploit code exists on GitHub, and the vendor has confirmed the product is end-of-life (EOL since 2009) and will not be patched. No CISA KEV listing or EPSS data is provided in the input, so widespread exploitation status is unconfirmed.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10160 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory via the start_wizard parameter in the /goform/formSetEnableWizard endpoint. Publicly available exploit code exists, and the vendor has confirmed they will not issue a fix because the device has been end-of-life since 2009. EPSS data was not provided, and the CVE is not listed in CISA KEV, but the combination of trivial exploitability and no forthcoming patch makes this a permanent risk for any still-deployed units.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10159 HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the current_page parameter handled by the formSysLog function at /goform/formSysLog, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix because the product has been end-of-life since 2009. Affected deployments are unsupported legacy hardware with no remediation path other than replacement.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10158 HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP 3.10B20 wireless router's web interface allows authenticated remote attackers to corrupt memory by sending a crafted server_name parameter to the formPortFw handler at /goform/formPortFw, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly refused to issue a fix because the product has been end-of-life since 2009.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10125 HIGH This Week

Stack-based buffer overflow in the Edimax BR-6478AC wireless router (firmware 1.23) allows remote attackers with low-privilege access to corrupt memory via a crafted pppUserName parameter sent to the formPPPoESetup handler at /goform/formPPPoESetup. Publicly available exploit code exists per VulDB, and the CVSS 4.0 vector (AV:N/AC:L/PR:L) indicates network-reachable exploitation with authentication, yielding high impact to confidentiality, integrity, and availability of the device. No active in-the-wild exploitation has been confirmed in CISA KEV at time of analysis.

Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10126 HIGH POC This Week

Buffer overflow in the Edimax BR-6478AC 1.23 router's web management interface allows remote attackers with low-level credentials to corrupt memory by sending an oversized selSSID parameter to the /goform/formQoS endpoint. Publicly available exploit code exists per VulDB, raising the practical risk despite the CVSS 4.0 base score of 7.4, though there is no public exploit identified at time of analysis in CISA KEV. The flaw threatens the confidentiality, integrity, and availability of affected SOHO routers and could lead to arbitrary code execution or device takeover.

Buffer Overflow Br 6478Ac
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10124 HIGH POC This Week

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt memory in the ripd daemon via the rip_zebra_read_ipv4 function in the Zserv Handler component. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - so no vendor patch will be released. CVSS 4.0 score of 7.4 reflects network attack vector with low complexity but requires low-privilege access (PR:L) per the vector.

Buffer Overflow Stack Overflow Tomato
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10123 HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the formSetDomainFilter handler at /goform/formSetDomainFilter by manipulating the blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list parameters. Publicly available exploit code exists, and the vendor has stated the device has been end-of-life since 2009 and will not receive a fix, leaving any internet-exposed unit permanently vulnerable. No CISA KEV listing or EPSS data was provided, but the combination of public PoC and abandoned hardware materially elevates real-world risk.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10122 HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 routers allows authenticated remote attackers to corrupt memory and likely execute arbitrary code by sending a crafted protocol_name argument to the formSetProtocolFilter handler at /goform/formSetProtocolFilter. Publicly available exploit code exists on GitHub, and the vendor has confirmed the device has been end-of-life since 2009 and will not receive a fix, leaving deployed units permanently vulnerable.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10121 HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows remote authenticated attackers to corrupt memory and likely execute arbitrary code by sending crafted keyword_list or keyword parameters to the /goform/formSetUrlFilter endpoint. Publicly available exploit code exists on GitHub, and the vendor has explicitly refused to issue a fix because the device has been end-of-life since 2009. No CISA KEV listing at this time, but the combination of public PoC, network reachability, and unpatched status makes any internet-exposed device a standing target.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2018-25426 HIGH POC This Week

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Winmtr
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25423 MEDIUM POC This Month

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Arm Whois
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-10120 HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows remote authenticated attackers to corrupt memory by manipulating the firewall_name parameter sent to /goform/formSetFirewallRule, potentially leading to arbitrary code execution on the device. Publicly available exploit code exists for this issue, and because the product has been end-of-life since 2009 the vendor has explicitly refused to release a fix, leaving any still-deployed devices permanently vulnerable.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10119 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the filter_name parameter of the formSetMACFilter handler at /goform/formSetMACFilter, potentially leading to arbitrary code execution or device compromise. Publicly available exploit code exists (published via GitHub), and the vendor has explicitly stated they will not patch because the device reached end-of-life in 2009. Despite a CVSS 4.0 score of 7.4, no CISA KEV listing or EPSS data is provided in the source intelligence.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10114 LOW POC Monitor

Out-of-bounds write in Open5GS versions up to 2.7.7 allows a remote, low-privileged attacker to crash the NRF (Network Repository Function) component by sending a malformed SCP info payload, resulting in a denial-of-service condition. The vulnerability resides in the handle_scp_info function within the Shared NF-profile Parser (lib/sbi/nnrf-handler.c), a critical parsing path for 5G service-based interface communication. A public proof-of-concept exploit has been disclosed via the project's GitHub issue tracker, materially lowering the bar for exploitation against unpatched deployments.

Memory Corruption Buffer Overflow Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-5071 HIGH This Week

Out-of-bounds read in the Zephyr RTOS SocketCAN implementation lets a local userspace application leak adjacent memory or crash the system by submitting a truncated CAN frame through the sendto syscall. The zcan_sendto_ctx() path guards the user-supplied buffer length only with a NET_ASSERT, which is compiled out of production builds, so socketcan_to_can_frame() then dereferences fields past the end of the buffer. All Zephyr versions up to and including 4.3 are affected; there is no public exploit identified at time of analysis and EPSS is negligible (0.01%, 2nd percentile).

Information Disclosure Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45700 HIGH PATCH This Week

Out-of-bounds heap write in FreeRDP versions prior to 3.26.0 allows remote attackers to corrupt memory in the planar bitmap decoder when an RDP client connects to a malicious or compromised server. The flaw lives in freerdp_bitmap_decompress_planar() in libfreerdp/codec/planar.c, where attacker-controlled stride and X-destination values bypass bounds checks against the internal pTempData buffer. No public exploit identified at time of analysis, but the issue is fixed upstream in 3.26.0.

Memory Corruption Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-44420 HIGH PATCH This Week

Heap buffer overflow write in FreeRDP's server-side clipboard (cliprdr) channel allows a malicious RDP client to crash server processes and potentially achieve remote code execution against FreeRDP versions prior to 3.26.0. The flaw is triggered by a malformed CB_CLIP_CAPS PDU with an undersized capabilitySetLength field, corrupting heap memory after authentication. No public exploit identified at time of analysis, but the CVSS 8.8 rating and heap corruption nature make this a high-priority patch for any RDP server deployment using FreeRDP.

Heap Overflow RCE Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44421 HIGH PATCH This Week

Heap buffer overflow write in FreeRDP client versions prior to 3.26.0 allows a malicious RDP server to corrupt client memory and potentially achieve code execution when the victim connects with RDPGFX enabled. The flaw resides in gdi_CacheToSurface, where validation uses a clamped destination rectangle while the actual copy uses unclamped cacheEntry width/height values, enabling a large out-of-bounds heap write. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-45613 LOW Monitor

Heap out-of-bounds read in Rizin's OMF binary parser exposes heap memory contents when a user opens a maliciously crafted Object Module Format file. An off-by-one bounds check error in the `rz_bin_omf_get_entry` function within `librz/bin/format/omf/omf.c` allows array access one element past the end of the allocated sections array, resulting in limited confidentiality impact (heap data disclosure). No public exploit exists and this is not listed in CISA KEV; the CVSS score of 3.3 accurately reflects constrained real-world risk due to local-only access and mandatory user interaction.

Information Disclosure Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-46690 Cargo MEDIUM GHSA This Month

Memory unsafety in unbounded-spsc 0.2.0 (Rust crate) allows a local attacker with low privileges to cause out-of-bounds reads, allocator corruption, and process crashes by winning a TOCTOU race between Sender::send and Receiver::drop. The root defect is a pointer-as-value transmute in the DISCONNECTED arm of Sender::send (src/lib.rs:384-401): the code transmutes an 8-byte raw pointer (*mut Producer<T>) directly into Consumer<T>, meaning the fake Consumer's internal Arc::ptr points at the Sender struct itself rather than the real ArcInner<Buffer<T>>. No public exploit identified at time of analysis, but a proof-of-concept reproducing SIGSEGV is included in the advisory and reproduces approximately 3 out of 10 trials under heavy contention in release mode.

Information Disclosure Canonical Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-46344 MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Denial Of Service Information Disclosure Oracle Buffer Overflow Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44518 MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Denial Of Service Oracle Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-10067 HIGH This Week

Stack-based buffer overflow in Shibby Tomato 1.28 router firmware allows authenticated remote attackers to corrupt memory in the multimon.cgi handler (function sub_90F0), with high impact to confidentiality, integrity, and availability per CVSS 4.0 (8.7). The affected project is end-of-life and superseded by FreshTomato, meaning no vendor patch will be issued. No public exploit identified at time of analysis and no CISA KEV listing, but the low attack complexity and network reachability make this a meaningful risk for any still-deployed devices.

Buffer Overflow
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-10066 HIGH This Week

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows authenticated remote attackers to corrupt memory in the UPS Service CGI handler, potentially leading to code execution or device compromise. The flaw resides in function sub_9068 of tomatoups.cgi and carries a CVSS 4.0 score of 8.7, but no public exploit identified at time of analysis. Critically, this project is end-of-life - superseded by FreshTomato - so no vendor patch will be issued.

Buffer Overflow
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-10065 HIGH This Week

Stack-based buffer overflow in Shibby Tomato 1.28 router firmware allows authenticated remote attackers to corrupt memory and likely execute code by submitting a crafted Date argument to the get_ups_field function in tomatodata.cgi. The project is end-of-life and superseded by FreshTomato, so no fix will be issued by the original maintainer. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the CVSS 4.0 score of 8.7 reflects high confidentiality, integrity, and availability impact over the network with low complexity.

Buffer Overflow
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-10064 LOW Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP firmware 3.10B20 allows a low-privileged remote attacker to corrupt memory via a manipulated `special_name` argument submitted to the `/goform/formSetPortTr` endpoint. The affected device reached end-of-life in 2009, and the vendor has explicitly declined to issue a patch, meaning no fix will ever be released. Publicly available exploit code exists (E:P per CVSS 4.0 vector), raising the practical risk for any deployment where this device remains internet-accessible or reachable by untrusted users.

Buffer Overflow Tew 432Brp Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2018-25383 HIGH POC This Week

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-10063 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows authenticated remote attackers to corrupt memory via the peerPin parameter handled by the formWPS function in /goform/formWPS, potentially leading to arbitrary code execution or device crash. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix as the device has been end-of-life since 2009. No CISA KEV listing or EPSS score is provided, but the combination of public POC and unpatchable status materially elevates real-world risk for any device still deployed.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-10062 HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP router firmware 3.10B20 allows authenticated remote attackers to corrupt memory by sending crafted ip, mask, or gateway parameters to the formSetRoute handler at /goform/formSetRoute, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), and because the product has been end-of-life since 2009 the vendor has explicitly declined to issue a fix. No active exploitation has been confirmed via CISA KEV at time of analysis.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-40528 LOW PATCH Monitor

Stack and heap buffer overruns in OpenSC's pkcs15-init tooling corrupt memory when processing a maliciously crafted PKCS#15 profile configuration file. Affected versions prior to 0.27.0 contain no length validation in the do_key_value() function before a memcpy into the fixed-size keybuf buffer, allowing overflow when a key value entry begins with '=' and exceeds sizeof(keybuf) bytes. Exploitation is severely constrained by a CVSS 4.0 score of 1.0 - physical access, high attack complexity, and user interaction are all required - and no public exploit or CISA KEV listing exists at time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
CVSS 4.0
1.0
EPSS
0.0%
CVE-2026-40510 LOW PATCH Monitor

Stack buffer overflow in OpenSC's PIV card handler allows a physically present attacker to corrupt memory by presenting a crafted PIV smart card or USB device that returns a URL field exceeding 118 bytes in the Key History Object ASN.1 response, triggering the overflow in `piv_process_history()` within `src/libopensc/card-piv.c`. All OpenSC versions prior to 0.27.0-rc1 are affected; the vulnerability is confirmed by the vendor fix in commit 3f24f0b and PR #3558. With a CVSS 4.0 score of 1.0 (AV:P/AC:H/UI:P), exploitation is severely constrained by mandatory physical access and high attack complexity, with no CISA KEV listing and no public exploit identified at time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
CVSS 4.0
1.0
EPSS
0.0%
CVE-2025-41278 HIGH This Week

Out-of-bounds read in the Waterfall WF-500 RX Host (firmware 7.10.0.0 R2601141040) enables an attacker who already controls the TX Host to execute code on the receiving (RX) side, bypassing the unidirectional security guarantee the data diode is designed to enforce. Discovered by Nozomi Networks Labs with no public exploit identified at time of analysis and an EPSS score of 0.02%, the issue is significant because it undermines the OT/IT segmentation use case the product exists to provide. The vulnerability is not listed in CISA KEV and there is no evidence of active exploitation.

Information Disclosure Buffer Overflow Wf 500
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-10017 HIGH PATCH This Week

Sandbox escape in Google Chrome's Headless component prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is an out-of-bounds read (CWE-125) reported by the Chrome team itself; no public exploit is identified at the time of analysis and EPSS is very low (0.03%), but the high CVSS (8.3) reflects scope-changed sandbox escape impact.

Google Information Disclosure Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9998 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers who have already compromised the renderer process to break out of the browser sandbox via an integer overflow in the Skia graphics library. Exploitation requires a crafted HTML page and user interaction, and while a patch is available from Google, there is no public exploit identified at time of analysis and EPSS scoring (0.03%) indicates low near-term exploitation probability.

Google Buffer Overflow Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9996 MEDIUM PATCH This Month

Out-of-bounds read in the WebRTC subsystem of Google Chrome on macOS (versions prior to 148.0.7778.216) enables remote attackers to exfiltrate potentially sensitive data from browser process memory by luring a user to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H/I:N/A:N) confirms network-reachable, unauthenticated exploitation with confidentiality-only impact, but mandates user interaction, limiting fully passive attack scenarios. No active exploitation has been confirmed in CISA KEV, and an EPSS score of 0.03% at the 10th percentile reflects low observed exploitation probability at time of analysis; no public exploit code has been identified.

Google Information Disclosure Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9975 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 is possible through an out-of-bounds read and write vulnerability in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break out of Chrome's sandbox and potentially execute code at a higher privilege level. No public exploit identified at time of analysis, and EPSS is very low at 0.03%, but Google rates the underlying Chromium severity as High.

Google Buffer Overflow Information Disclosure Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9974 HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU process prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium with CVSS 8.3, and while a vendor patch is available, no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Google Memory Corruption Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9973 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows attackers to execute arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium and CVSS 8.8, requires user interaction to load attacker-controlled content, and no public exploit has been identified at time of analysis.

Google Memory Corruption RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9967 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to trigger an out-of-bounds write in the GPU process via a crafted HTML page, potentially breaking out of Chrome's renderer sandbox. The flaw carries a CVSS 9.6 due to scope change (S:C) and high impact across confidentiality, integrity, and availability, but requires user interaction (UI:R) such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS is very low at 0.03% (11th percentile), suggesting limited near-term mass exploitation despite the severe potential impact.

Google Memory Corruption Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-9966 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers an integer overflow in XML handling. The flaw is rated Chromium High severity with CVSS 8.3 and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Google Microsoft Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9965 HIGH PATCH This Week

Out-of-bounds write in the ANGLE graphics translation layer of Google Chrome before 148.0.7778.216 allows a remote attacker to trigger heap corruption by luring a user to a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates the severity as High and CVSS scores it 8.8, but EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit identified at time of analysis. The flaw was reported through Chrome's internal disclosure process and a fixed build is already available from the vendor.

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9953 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's ANGLE graphics layer exposes process memory to remote attackers who can deliver a crafted HTML page to a victim. Unauthenticated (PR:N) remote exploitation is confirmed by the CVSS vector, though user interaction is required - the victim must open a malicious page. Confidentiality impact is rated High (C:H) with no integrity or availability consequence, making this a targeted information-disclosure primitive rather than a code-execution path. No public exploit or CISA KEV listing exists at time of analysis, and the EPSS score of 0.03% (11th percentile) reflects low observed exploitation pressure.

Google Information Disclosure Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9943 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's WebGL implementation on Android affects all Chrome versions prior to 148.0.7778.216. The WebGL graphics subsystem performs an out-of-bounds read (CWE-125) when processing attacker-controlled content, exposing adjacent memory contents across origin boundaries to the initiating page. Remote unauthenticated attackers can trigger this condition by serving a crafted HTML page, but victim interaction is required - the user must visit the malicious page. No active exploitation is confirmed (not listed in CISA KEV), and EPSS of 0.03% (10th percentile) indicates low exploitation probability at time of analysis.

Google Information Disclosure Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-9940 HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows remote attackers to potentially achieve code execution within the renderer process when a victim visits a crafted HTML page. Google rated the issue High severity and has shipped a stable-channel fix; no public exploit identified at time of analysis and EPSS is currently 0.03% (10th percentile), indicating low observed exploitation interest despite the strong technical impact.

Google Heap Overflow Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9939 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by tricking a user into visiting a crafted HTML page that triggers a heap buffer overflow in the WebCodecs component. Chromium rates this severity High and a vendor patch is available, though EPSS exploitation probability is currently very low (0.03%, 9th percentile) and there is no public exploit identified at time of analysis.

Google Heap Overflow RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9930 MEDIUM PATCH This Month

Out-of-bounds memory write in Dawn, Chrome's WebGPU implementation, affects Google Chrome on macOS prior to version 148.0.7778.216. Remote unauthenticated attackers (per CVSS PR:N) can trigger the write via a crafted HTML page requiring only a single user interaction - visiting a malicious site. The CVSS-scored impact is constrained to low integrity (I:L), with no confidentiality or availability impact confirmed, suggesting the write primitive is limited or difficult to weaponize for full code execution without chaining additional exploits. No public exploit identified at time of analysis and EPSS at 0.03% (11th percentile) indicates very low exploitation probability.

Google Memory Corruption Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-9928 HIGH PATCH This Week

Remote code execution in Google Chrome for Windows prior to 148.0.7778.216 stems from an out-of-bounds read in the ANGLE graphics abstraction layer, enabling attackers who lure a user to a malicious page to execute arbitrary code in the renderer context. Chromium rates the severity High and CVSS scores it 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though successful exploitation requires user interaction (visiting the crafted page). No public exploit has been identified at time of analysis, but ANGLE bugs have historically been chained into browser sandbox escapes.

Information Disclosure RCE Buffer Overflow Google Microsoft +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9926 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 leverages a heap buffer overflow in the ANGLE graphics translation layer, enabling attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Chromium rates the severity as High and CVSS scores it at 8.3, though EPSS remains very low at 0.03% and no public exploit has been identified at time of analysis.

Google Heap Overflow Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9924 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 148.0.7778.216 lets a remote attacker who has already compromised the renderer process break out of the Chrome sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. The flaw carries CVSS 8.3 (High) and is rated Chromium-severity High, but EPSS is only 0.03% and there is no public exploit identified at time of analysis. Patched in the Stable channel update announced by Google on the Chrome Releases blog.

Google Heap Overflow Microsoft Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9919 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on Android (prior to 148.0.7778.216) via an out-of-bounds read in the WebGL rendering engine allows remote attackers to exfiltrate memory contents when a victim visits a crafted HTML page. The CVSS score of 4.3 (Medium) reflects a network-reachable, low-complexity attack requiring no privileges but dependent on user interaction, with confidentiality impact limited to partial disclosure. No public exploit code or CISA KEV listing has been identified at time of analysis, and an EPSS score of 0.03% (10th percentile) corroborates low active exploitation likelihood; however, the platform-specific scope (Android Chrome) and cross-origin data exposure potential make this relevant for organizations with mobile browser threat models.

Google Information Disclosure Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-9916 HIGH PATCH This Week

Out-of-bounds write in the ANGLE graphics translation layer in Google Chrome before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and chained exploitation could lead to code execution outside the renderer sandbox, though no public exploit identified at time of analysis and EPSS estimates only a 0.03% near-term exploitation probability.

Google Memory Corruption Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9915 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium with CVSS 8.3 (scope-changed) and CWE-122 heap buffer overflow; no public exploit identified at time of analysis and EPSS is very low (0.03%), but the vulnerability is in the second-stage chain typically combined with a renderer RCE.

Google Heap Overflow Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9913 MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome's ANGLE graphics abstraction layer (versions prior to 148.0.7778.216) allows remote unauthenticated attackers to potentially read limited memory contents from within the browser's process space when a user visits a crafted HTML page. The flaw originates from an inappropriate implementation within ANGLE's rendering pipeline - Chrome's cross-platform graphics engine - resulting in a CWE-125 out-of-bounds read condition with limited confidentiality impact (C:L) and no integrity or availability consequences. No public exploit code has been identified at time of analysis, and EPSS scores this at 0.03% (11th percentile), indicating very low real-world exploitation probability.

Google Information Disclosure Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-9911 MEDIUM PATCH This Month

Out-of-bounds memory read via integer overflow in Chrome's ANGLE graphics layer exposes limited memory contents to remote attackers who can lure victims to a malicious page. Affected are all Google Chrome versions prior to 148.0.7778.216 on desktop platforms. The vulnerability carries a CVSS score of 4.3 (Medium) with a confidentiality-only impact; no public exploit code exists and no active exploitation has been confirmed, with EPSS at 0.03% (11th percentile), placing real-world risk at low-to-moderate despite the network-accessible attack vector.

Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-9910 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds memory access in the ANGLE graphics translation layer that lets a remote attacker run arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the issue High severity and a vendor patch is available, though no public exploit identified at time of analysis and the EPSS score of 0.04% (12th percentile) indicates very low observed exploitation likelihood at this time.

Google Information Disclosure RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9908 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's ANGLE graphics layer exposes process memory contents to unauthenticated remote attackers who can lure a user to a crafted HTML page. All Google Chrome desktop versions prior to 148.0.7778.216 are affected, with the vulnerability carrying a CVSS 6.5 and exclusively a confidentiality impact - no integrity or availability loss. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) reflects low current exploitation activity, consistent with a typical Chrome graphics-component disclosure ahead of a stable channel patch.

Google Information Disclosure Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9907 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation on Windows affects all versions prior to 148.0.7778.216. The out-of-bounds read (CWE-125) in the Dawn graphics layer allows remote unauthenticated attackers to exfiltrate cross-origin data by enticing a user to visit a crafted HTML page, exploiting improper buffer boundary enforcement during GPU operations. No public exploit code or CISA KEV listing exists at time of analysis; EPSS at 0.03% (11th percentile) indicates very low automated exploitation likelihood, consistent with the moderate CVSS 4.3 score and required user interaction.

Google Microsoft Information Disclosure Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-9906 HIGH PATCH This Week

Sandbox escape in Google Chrome before 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox through an out-of-bounds write in the GPU process triggered by a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, but no public exploit has been identified at time of analysis and EPSS exploitation probability is low at 0.03% (11th percentile).

Google Memory Corruption Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9900 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Rated High severity by Chromium with a CVSS of 8.3, the issue is patched but no public exploit has been identified at time of analysis, and EPSS exploitation probability is low (0.03%, 11th percentile).

Google Memory Corruption Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9896 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows remote attackers to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a CWE-787 out-of-bounds write in V8 carrying a CVSS 8.8 (High) with Chromium severity rated High; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Google Memory Corruption RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4's MPEG-2 TS demuxer crashes the application when processing a specially crafted MP4 file, resulting in a Denial of Service. The vulnerable function `m2tsdmx_send_packet` in `filters/dmx_m2ts.c` lacked a minimum packet-length guard before performing heap operations on M2TS packet data. No active exploitation has been identified (not in CISA KEV), and impact is limited to availability - no code execution or data exposure is achievable via this path.

Heap Overflow Denial Of Service Buffer Overflow
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Integer overflow in the Janet scripting language's fiber unmarshaling routine (versions up to 1.41.0) allows a local authenticated attacker to cause a denial-of-service condition. The vulnerable function `unmarshal_one_fiber` in `src/core/marsh.c` performs an unchecked addition when computing fiber stack capacity - if `fiber_stacktop` is near INT32_MAX, adding 10 wraps the value, resulting in a dangerously small capacity allocation that crashes the interpreter. No public exploitation in production environments has been confirmed (not listed in CISA KEV), but a public proof-of-concept exploit exists, and the upstream patch has been released as commit d9b1d711.

Buffer Overflow Integer Overflow Janet
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Out-of-bounds read in Assimp's Half-Life 1 MDL Loader affects all versions up to 6.0.4, enabling a local low-privileged attacker to leak memory contents by supplying a crafted MDL file that triggers faulty bounds handling in the `read_sequence_infos` function of `HL1MDLLoader.cpp`. Impact is confined to partial confidentiality loss (C:L) with no integrity or availability consequences per the CVSS vector. A publicly available proof-of-concept exploit exists (POC disclosed via GitHub), though no active exploitation has been confirmed and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader allows a local authenticated attacker to corrupt memory via a crafted MDL file, potentially achieving limited confidentiality, integrity, and availability impact. Affected versions span all releases up to and including 6.0.4 of the open-source asset import library. No public exploit identified at time of analysis as active exploitation, but a proof-of-concept has been publicly released, and the CVSS temporal vector confirms exploit code existence (E:P).

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (versions up to 6.0.4) allows a locally authenticated attacker with low privileges to corrupt heap memory via a crafted MDL animation file, producing low-severity but confirmed confidentiality, integrity, and availability impact. The vulnerability resides in the read_animations function of HL1MDLLoader.cpp and is reproducible with publicly available exploit code (POC). This is not confirmed in CISA KEV, and the Assimp project has tagged the report as a bug rather than a security defect, which may slow patch prioritization.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (HL1MDLLoader::read_meshes, versions through 6.0.4) allows local attackers with low privileges to trigger memory corruption when a crafted MDL file is processed, yielding partial confidentiality, integrity, and availability impact on the host process. A publicly available proof-of-concept exploit (poc.zip) has been disclosed, raising the urgency for affected deployments that ingest untrusted HL1 model files. No actively exploited status from CISA KEV has been confirmed; the Assimp project has tagged the report as a bug rather than a formal security advisory, and no patched release version has been identified at time of analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Improper certificate hostname validation in the Apache Directory LDAP API client allows network-positioned attackers to impersonate LDAP servers and intercept authenticated directory traffic. The flaw was disclosed via the oss-security mailing list on 2026-06-01 and is tracked under CWE-297; no public exploit identified at time of analysis. With a CVSS 4.0 score of 8.8 and high confidentiality/integrity impact, the issue is significant for applications that rely on this library to connect to LDAP/LDAPS endpoints.

Apache Buffer Overflow
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds write in the MediaTek WLAN STA (Station mode) driver enables local denial of service across six MediaTek Wi-Fi chipset families, confirmed by MediaTek in their June 2026 Product Security Bulletin. A low-privileged local user can crash the system without any user interaction by triggering the missing bounds check in the driver, exploiting CWE-787 memory corruption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gained System-level privileges on an affected device to write out-of-bounds memory and escalate further on the chipset. The flaw affects a broad range of MediaTek chipsets used in mobile and embedded devices, with no public exploit identified at time of analysis. CVSS is 7.8 (High) reflecting the high integrity, confidentiality, and availability impact despite the local attack vector.

Privilege Escalation Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Local privilege escalation in MediaTek's GenieZone hypervisor component affects 36 distinct chipsets via a race condition-induced out-of-bounds write. An attacker who has already obtained System-level privilege on an affected Android device can exploit the TOCTOU flaw to escalate further - likely to kernel or hypervisor-level execution - achieving full confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and no KEV listing exists; however, the wide chipset footprint spanning flagship to budget SoCs significantly broadens the potential attack surface.

Privilege Escalation Buffer Overflow Mediatek Chipset
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in MediaTek's geniezone hypervisor component affects 36 distinct chipsets spanning budget to flagship tiers. An attacker who has already achieved System-level privilege can trigger an out-of-bounds write caused by a missing bounds check, escalating further - likely into kernel or hypervisor trust boundaries - with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and this is not listed in the CISA KEV catalog; however, the post-compromise escalation path makes this relevant to threat actors performing multi-stage device compromise on Android-based MediaTek hardware.

Privilege Escalation Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user execution to corrupt memory and achieve remote code execution without user interaction. The flaw affects multiple MediaTek Wi-Fi chipsets commonly embedded in routers and access points (MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993, MT6890). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in D-Link DI-8400 routers through firmware 16.07.26A1 allows authenticated remote attackers to corrupt memory by manipulating the 'str' parameter in /dbsrv.asp, potentially achieving code execution on the device. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges per the CVSS 4.0 vector. The original researcher advisory notes contradictory parameter names, introducing some uncertainty about the exact trigger field.

Buffer Overflow D-Link Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated attackers to crash near-RT RIC, iApp, E2 Agent, or xApp processes by sending a single oversized SCTP message (>=32,768 bytes) to ports 36421 or 36422. The flaw is a reachable assertion in e2ap_recv_sctp_msg() that triggers SIGABRT in debug builds, while NDEBUG release builds face a signed-to-unsigned integer overflow leading to potential out-of-bounds reads. No public exploit identified at time of analysis and EPSS probability is very low (0.04%), but the trivial preconditions make this a meaningful availability risk for O-RAN deployments.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's glTF 4x4 Matrix Parser (versions up to 6.0.4) can be triggered by a local, low-privileged attacker supplying crafted input to the `glTFCommon::CopyValue` function in `glTFCommon.h`, resulting in partial confidentiality, integrity, and availability impact. A public proof-of-concept exploit archive has been published on GitHub, confirmed by the CVSS temporal modifier E:P (proof-of-concept). No active exploitation has been confirmed (not in CISA KEV), and the CVSS remediation level RL:X indicates no official patch has been defined as of this analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Heap out-of-bounds read in Sereal::Decoder for Perl before version 5.005 allows remote attackers to leak up to 31 bytes of adjacent heap memory when a victim application decodes attacker-controlled Sereal-encoded data. The flaw lives in COPY tag handling within srl_read_object() and srl_read_hash(), where a crafted COPY offset can redirect the decoder to mid-value bytes that are then re-interpreted as a SHORT_BINARY tag without bounds checking against the COPY tag's own offset. No public exploit identified at time of analysis, and EPSS is 0.01%, but a vendor patch is available in Sereal-Decoder 5.005.

Information Disclosure Buffer Overflow Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap-based buffer overflow in OFFIS DCMTK 3.7.0's dcmqrscp component allows remote low-privileged attackers to trigger memory corruption via the deleteOldestImages function in the DICOM Query/Retrieve database backend. Exploitation requires authenticated network access with low complexity and results in partial confidentiality, integrity, and availability impact without crossing privilege boundaries. No public exploit identified at time of analysis; an upstream git commit patch is confirmed available, though a formally tagged release version incorporating the fix has not been independently verified.

Heap Overflow Buffer Overflow Suse
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers to corrupt memory in the embedded HTTP daemon by supplying a crafted Time argument to the set_local_time_0 function in /bin/httpd. Publicly available exploit code exists, and the CVSS 4.0 base score of 7.4 reflects high impact to confidentiality, integrity, and availability with low-privilege network access. No CISA KEV listing or EPSS score is provided, so widespread opportunistic exploitation is not confirmed at this time.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote authenticated attackers to corrupt memory in the embedded HTTP daemon by supplying an oversized wifiMacFilterSet.macList.mac parameter to the cgiWifiMacFilterSet handler in /bin/httpd. Publicly available exploit code exists, raising the practical risk of device compromise, denial of service, or potential code execution on affected access points, though no CISA KEV listing or active exploitation has been confirmed.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows authenticated remote attackers to corrupt memory in the embedded HTTP daemon via the 'sec' parameter of the cgiSysTimeInfoSet handler. Publicly available exploit code exists for this issue, raising the practical risk for exposed management interfaces despite no public exploit identified at time of analysis in the CISA KEV catalog.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers with low privileges to corrupt memory via the staMac parameter processed by the cgistaKickOff function in /bin/httpd. Publicly available exploit code exists (hosted at cdn2.v50to.cc), elevating practical risk despite no current CISA KEV listing. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact achievable over the network against this enterprise wireless access point.

Buffer Overflow Tenda Stack Overflow
NVD VulDB
EPSS 0% CVSS 8.9
HIGH POC This Week

Stack-based buffer overflow in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote attackers to corrupt memory via the KeyStr argument processed by the setWiFiBasicConfig function in wireless.so, reachable through the Web Management Interface. Publicly available exploit code exists, and the CVSS 4.0 vector indicates network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability. No CISA KEV listing has been published, so exploitation is not confirmed in the wild despite the public PoC.

Buffer Overflow Stack Overflow N300Rh
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router allows remote attackers with low privileges to corrupt memory via the enrollee parameter in the formWlanSetup handler at /goform/formWlanSetup. Publicly available exploit code exists, and the vendor has explicitly declined to patch because the device reached end-of-life in 2009. No CISA KEV listing is present, but the combination of public PoC, network-reachable attack surface, and permanent unpatched status makes any internet-exposed unit a standing risk.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows remote authenticated attackers to corrupt memory via a crafted submit-url argument to the formSysCmd handler at /goform/formSysCmd. Publicly available exploit code exists per VulDB submission and a GitHub PoC, while the device has been end-of-life since 2009 and the vendor has explicitly stated they will not issue a fix. No CISA KEV listing or EPSS score was provided, but the combination of public PoC and abandoned product status makes any exposed device a concrete target.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory and likely achieve code execution by manipulating the 'webpage' argument in the formSetWlanEncrypt handler at /goform/formSetWlanEncrypt. Publicly available exploit code exists per the VulDB submission, and the vendor has explicitly refused to patch because the device has been end-of-life since 2009, making any deployed units permanently vulnerable.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Edimax BR-6478AC 1.23 wireless router enables authenticated remote attackers to corrupt memory by sending a crafted pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists (published via VulDB and a Notion writeup), elevating this from a theoretical issue to a practical threat, though no CISA KEV listing or active exploitation has been confirmed. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device itself, with exploitation requiring only low-level authentication.

Buffer Overflow Stack Overflow Br 6478Ac
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote buffer overflow in the Edimax BR-6478AC 1.23 wireless router allows authenticated attackers to corrupt memory via the formUSBFolder POST handler by supplying oversized ShareName or SelectName arguments. Publicly available exploit code exists (hosted on a Notion page referenced by VulDB), and the CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the device with low privileges required. No CISA KEV listing, so this is best treated as a publicly weaponizable bug awaiting a vendor response.

Buffer Overflow Br 6478Ac
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in the Edimax BR-6478AC v1.23 wireless router allows authenticated remote attackers to corrupt memory by sending oversized UserName or Password values to the /goform/formUSBAccount endpoint. Publicly available exploit code exists for this issue, raising the practical risk despite the requirement for low-level credentials, though no active exploitation has been confirmed via CISA KEV.

Buffer Overflow Br 6478Ac
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the webpage parameter in the formSetPassword handler at /goform/formSetPassword, with publicly available exploit code increasing risk. The vendor has formally declined to patch this end-of-life device (EOL since 2009), making any deployment permanently vulnerable. CVSS 4.0 rates this 7.4 (High) with proven exploit maturity, though no CISA KEV listing exists at this time.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the status_statistic parameter in the /goform/formResetStatistic endpoint, potentially leading to code execution or device compromise. Publicly available exploit code exists on GitHub, and the vendor has confirmed the product is end-of-life (EOL since 2009) and will not be patched. No CISA KEV listing or EPSS data is provided in the input, so widespread exploitation status is unconfirmed.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory via the start_wizard parameter in the /goform/formSetEnableWizard endpoint. Publicly available exploit code exists, and the vendor has confirmed they will not issue a fix because the device has been end-of-life since 2009. EPSS data was not provided, and the CVE is not listed in CISA KEV, but the combination of trivial exploitability and no forthcoming patch makes this a permanent risk for any still-deployed units.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the current_page parameter handled by the formSysLog function at /goform/formSysLog, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix because the product has been end-of-life since 2009. Affected deployments are unsupported legacy hardware with no remediation path other than replacement.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP 3.10B20 wireless router's web interface allows authenticated remote attackers to corrupt memory by sending a crafted server_name parameter to the formPortFw handler at /goform/formPortFw, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly refused to issue a fix because the product has been end-of-life since 2009.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Stack-based buffer overflow in the Edimax BR-6478AC wireless router (firmware 1.23) allows remote attackers with low-privilege access to corrupt memory via a crafted pppUserName parameter sent to the formPPPoESetup handler at /goform/formPPPoESetup. Publicly available exploit code exists per VulDB, and the CVSS 4.0 vector (AV:N/AC:L/PR:L) indicates network-reachable exploitation with authentication, yielding high impact to confidentiality, integrity, and availability of the device. No active in-the-wild exploitation has been confirmed in CISA KEV at time of analysis.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in the Edimax BR-6478AC 1.23 router's web management interface allows remote attackers with low-level credentials to corrupt memory by sending an oversized selSSID parameter to the /goform/formQoS endpoint. Publicly available exploit code exists per VulDB, raising the practical risk despite the CVSS 4.0 base score of 7.4, though there is no public exploit identified at time of analysis in CISA KEV. The flaw threatens the confidentiality, integrity, and availability of affected SOHO routers and could lead to arbitrary code execution or device takeover.

Buffer Overflow Br 6478Ac
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows remote attackers to corrupt memory in the ripd daemon via the rip_zebra_read_ipv4 function in the Zserv Handler component. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - so no vendor patch will be released. CVSS 4.0 score of 7.4 reflects network attack vector with low complexity but requires low-privilege access (PR:L) per the vector.

Buffer Overflow Stack Overflow Tomato
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the formSetDomainFilter handler at /goform/formSetDomainFilter by manipulating the blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list parameters. Publicly available exploit code exists, and the vendor has stated the device has been end-of-life since 2009 and will not receive a fix, leaving any internet-exposed unit permanently vulnerable. No CISA KEV listing or EPSS data was provided, but the combination of public PoC and abandoned hardware materially elevates real-world risk.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 routers allows authenticated remote attackers to corrupt memory and likely execute arbitrary code by sending a crafted protocol_name argument to the formSetProtocolFilter handler at /goform/formSetProtocolFilter. Publicly available exploit code exists on GitHub, and the vendor has confirmed the device has been end-of-life since 2009 and will not receive a fix, leaving deployed units permanently vulnerable.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows remote authenticated attackers to corrupt memory and likely execute arbitrary code by sending crafted keyword_list or keyword parameters to the /goform/formSetUrlFilter endpoint. Publicly available exploit code exists on GitHub, and the vendor has explicitly refused to issue a fix because the device has been end-of-life since 2009. No CISA KEV listing at this time, but the combination of public PoC, network reachability, and unpatched status makes any internet-exposed device a standing target.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH POC This Week

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Winmtr
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Arm Whois
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows remote authenticated attackers to corrupt memory by manipulating the firewall_name parameter sent to /goform/formSetFirewallRule, potentially leading to arbitrary code execution on the device. Publicly available exploit code exists for this issue, and because the product has been end-of-life since 2009 the vendor has explicitly refused to release a fix, leaving any still-deployed devices permanently vulnerable.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the filter_name parameter of the formSetMACFilter handler at /goform/formSetMACFilter, potentially leading to arbitrary code execution or device compromise. Publicly available exploit code exists (published via GitHub), and the vendor has explicitly stated they will not patch because the device reached end-of-life in 2009. Despite a CVSS 4.0 score of 7.4, no CISA KEV listing or EPSS data is provided in the source intelligence.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Out-of-bounds write in Open5GS versions up to 2.7.7 allows a remote, low-privileged attacker to crash the NRF (Network Repository Function) component by sending a malformed SCP info payload, resulting in a denial-of-service condition. The vulnerability resides in the handle_scp_info function within the Shared NF-profile Parser (lib/sbi/nnrf-handler.c), a critical parsing path for 5G service-based interface communication. A public proof-of-concept exploit has been disclosed via the project's GitHub issue tracker, materially lowering the bar for exploitation against unpatched deployments.

Memory Corruption Buffer Overflow Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds read in the Zephyr RTOS SocketCAN implementation lets a local userspace application leak adjacent memory or crash the system by submitting a truncated CAN frame through the sendto syscall. The zcan_sendto_ctx() path guards the user-supplied buffer length only with a NET_ASSERT, which is compiled out of production builds, so socketcan_to_can_frame() then dereferences fields past the end of the buffer. All Zephyr versions up to and including 4.3 are affected; there is no public exploit identified at time of analysis and EPSS is negligible (0.01%, 2nd percentile).

Information Disclosure Buffer Overflow Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Out-of-bounds heap write in FreeRDP versions prior to 3.26.0 allows remote attackers to corrupt memory in the planar bitmap decoder when an RDP client connects to a malicious or compromised server. The flaw lives in freerdp_bitmap_decompress_planar() in libfreerdp/codec/planar.c, where attacker-controlled stride and X-destination values bypass bounds checks against the internal pTempData buffer. No public exploit identified at time of analysis, but the issue is fixed upstream in 3.26.0.

Memory Corruption Buffer Overflow Freerdp
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow write in FreeRDP's server-side clipboard (cliprdr) channel allows a malicious RDP client to crash server processes and potentially achieve remote code execution against FreeRDP versions prior to 3.26.0. The flaw is triggered by a malformed CB_CLIP_CAPS PDU with an undersized capabilitySetLength field, corrupting heap memory after authentication. No public exploit identified at time of analysis, but the CVSS 8.8 rating and heap corruption nature make this a high-priority patch for any RDP server deployment using FreeRDP.

Heap Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow write in FreeRDP client versions prior to 3.26.0 allows a malicious RDP server to corrupt client memory and potentially achieve code execution when the victim connects with RDPGFX enabled. The flaw resides in gdi_CacheToSurface, where validation uses a clamped destination rectangle while the actual copy uses unclamped cacheEntry width/height values, enabling a large out-of-bounds heap write. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 3.3
LOW Monitor

Heap out-of-bounds read in Rizin's OMF binary parser exposes heap memory contents when a user opens a maliciously crafted Object Module Format file. An off-by-one bounds check error in the `rz_bin_omf_get_entry` function within `librz/bin/format/omf/omf.c` allows array access one element past the end of the allocated sections array, resulting in limited confidentiality impact (heap data disclosure). No public exploit exists and this is not listed in CISA KEV; the CVSS score of 3.3 accurately reflects constrained real-world risk due to local-only access and mandatory user interaction.

Information Disclosure Buffer Overflow Rizin
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM This Month

Memory unsafety in unbounded-spsc 0.2.0 (Rust crate) allows a local attacker with low privileges to cause out-of-bounds reads, allocator corruption, and process crashes by winning a TOCTOU race between Sender::send and Receiver::drop. The root defect is a pointer-as-value transmute in the DISCONNECTED arm of Sender::send (src/lib.rs:384-401): the code transmutes an 8-byte raw pointer (*mut Producer<T>) directly into Consumer<T>, meaning the fake Consumer's internal Arc::ptr points at the Sender struct itself rather than the real ArcInner<Buffer<T>>. No public exploit identified at time of analysis, but a proof-of-concept reproducing SIGSEGV is included in the advisory and reproduces approximately 3 out of 10 trials under heavy contention in release mode.

Information Disclosure Canonical Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Denial Of Service Information Disclosure Oracle +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Denial Of Service Oracle Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflow in Shibby Tomato 1.28 router firmware allows authenticated remote attackers to corrupt memory in the multimon.cgi handler (function sub_90F0), with high impact to confidentiality, integrity, and availability per CVSS 4.0 (8.7). The affected project is end-of-life and superseded by FreshTomato, meaning no vendor patch will be issued. No public exploit identified at time of analysis and no CISA KEV listing, but the low attack complexity and network reachability make this a meaningful risk for any still-deployed devices.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflow in Shibby Tomato router firmware (versions up to 1.28) allows authenticated remote attackers to corrupt memory in the UPS Service CGI handler, potentially leading to code execution or device compromise. The flaw resides in function sub_9068 of tomatoups.cgi and carries a CVSS 4.0 score of 8.7, but no public exploit identified at time of analysis. Critically, this project is end-of-life - superseded by FreshTomato - so no vendor patch will be issued.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflow in Shibby Tomato 1.28 router firmware allows authenticated remote attackers to corrupt memory and likely execute code by submitting a crafted Date argument to the get_ups_field function in tomatodata.cgi. The project is end-of-life and superseded by FreshTomato, so no fix will be issued by the original maintainer. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the CVSS 4.0 score of 8.7 reflects high confidentiality, integrity, and availability impact over the network with low complexity.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP firmware 3.10B20 allows a low-privileged remote attacker to corrupt memory via a manipulated `special_name` argument submitted to the `/goform/formSetPortTr` endpoint. The affected device reached end-of-life in 2009, and the vendor has explicitly declined to issue a patch, meaning no fix will ever be released. Publicly available exploit code exists (E:P per CVSS 4.0 vector), raising the practical risk for any deployment where this device remains internet-accessible or reachable by untrusted users.

Buffer Overflow Tew 432Brp Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD Exploit-DB
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows authenticated remote attackers to corrupt memory via the peerPin parameter handled by the formWPS function in /goform/formWPS, potentially leading to arbitrary code execution or device crash. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix as the device has been end-of-life since 2009. No CISA KEV listing or EPSS score is provided, but the combination of public POC and unpatchable status materially elevates real-world risk for any device still deployed.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in TRENDnet TEW-432BRP router firmware 3.10B20 allows authenticated remote attackers to corrupt memory by sending crafted ip, mask, or gateway parameters to the formSetRoute handler at /goform/formSetRoute, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), and because the product has been end-of-life since 2009 the vendor has explicitly declined to issue a fix. No active exploitation has been confirmed via CISA KEV at time of analysis.

Buffer Overflow Stack Overflow Tew 432Brp
NVD VulDB GitHub
EPSS 0% CVSS 1.0
LOW PATCH Monitor

Stack and heap buffer overruns in OpenSC's pkcs15-init tooling corrupt memory when processing a maliciously crafted PKCS#15 profile configuration file. Affected versions prior to 0.27.0 contain no length validation in the do_key_value() function before a memcpy into the fixed-size keybuf buffer, allowing overflow when a key value entry begins with '=' and exceeds sizeof(keybuf) bytes. Exploitation is severely constrained by a CVSS 4.0 score of 1.0 - physical access, high attack complexity, and user interaction are all required - and no public exploit or CISA KEV listing exists at time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
EPSS 0% CVSS 1.0
LOW PATCH Monitor

Stack buffer overflow in OpenSC's PIV card handler allows a physically present attacker to corrupt memory by presenting a crafted PIV smart card or USB device that returns a URL field exceeding 118 bytes in the Key History Object ASN.1 response, triggering the overflow in `piv_process_history()` within `src/libopensc/card-piv.c`. All OpenSC versions prior to 0.27.0-rc1 are affected; the vulnerability is confirmed by the vendor fix in commit 3f24f0b and PR #3558. With a CVSS 4.0 score of 1.0 (AV:P/AC:H/UI:P), exploitation is severely constrained by mandatory physical access and high attack complexity, with no CISA KEV listing and no public exploit identified at time of analysis.

Buffer Overflow Stack Overflow Opensc
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-bounds read in the Waterfall WF-500 RX Host (firmware 7.10.0.0 R2601141040) enables an attacker who already controls the TX Host to execute code on the receiving (RX) side, bypassing the unidirectional security guarantee the data diode is designed to enforce. Discovered by Nozomi Networks Labs with no public exploit identified at time of analysis and an EPSS score of 0.02%, the issue is significant because it undermines the OT/IT segmentation use case the product exists to provide. The vulnerability is not listed in CISA KEV and there is no evidence of active exploitation.

Information Disclosure Buffer Overflow Wf 500
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's Headless component prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is an out-of-bounds read (CWE-125) reported by the Chrome team itself; no public exploit is identified at the time of analysis and EPSS is very low (0.03%), but the high CVSS (8.3) reflects scope-changed sandbox escape impact.

Google Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers who have already compromised the renderer process to break out of the browser sandbox via an integer overflow in the Skia graphics library. Exploitation requires a crafted HTML page and user interaction, and while a patch is available from Google, there is no public exploit identified at time of analysis and EPSS scoring (0.03%) indicates low near-term exploitation probability.

Google Buffer Overflow Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in the WebRTC subsystem of Google Chrome on macOS (versions prior to 148.0.7778.216) enables remote attackers to exfiltrate potentially sensitive data from browser process memory by luring a user to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H/I:N/A:N) confirms network-reachable, unauthenticated exploitation with confidentiality-only impact, but mandates user interaction, limiting fully passive attack scenarios. No active exploitation has been confirmed in CISA KEV, and an EPSS score of 0.03% at the 10th percentile reflects low observed exploitation probability at time of analysis; no public exploit code has been identified.

Google Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 is possible through an out-of-bounds read and write vulnerability in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break out of Chrome's sandbox and potentially execute code at a higher privilege level. No public exploit identified at time of analysis, and EPSS is very low at 0.03%, but Google rates the underlying Chromium severity as High.

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU process prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium with CVSS 8.3, and while a vendor patch is available, no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Google Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows attackers to execute arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium and CVSS 8.8, requires user interaction to load attacker-controlled content, and no public exploit has been identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to trigger an out-of-bounds write in the GPU process via a crafted HTML page, potentially breaking out of Chrome's renderer sandbox. The flaw carries a CVSS 9.6 due to scope change (S:C) and high impact across confidentiality, integrity, and availability, but requires user interaction (UI:R) such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS is very low at 0.03% (11th percentile), suggesting limited near-term mass exploitation despite the severe potential impact.

Google Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers an integer overflow in XML handling. The flaw is rated Chromium High severity with CVSS 8.3 and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Google Microsoft Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds write in the ANGLE graphics translation layer of Google Chrome before 148.0.7778.216 allows a remote attacker to trigger heap corruption by luring a user to a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates the severity as High and CVSS scores it 8.8, but EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit identified at time of analysis. The flaw was reported through Chrome's internal disclosure process and a fixed build is already available from the vendor.

Google Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Chrome's ANGLE graphics layer exposes process memory to remote attackers who can deliver a crafted HTML page to a victim. Unauthenticated (PR:N) remote exploitation is confirmed by the CVSS vector, though user interaction is required - the victim must open a malicious page. Confidentiality impact is rated High (C:H) with no integrity or availability consequence, making this a targeted information-disclosure primitive rather than a code-execution path. No public exploit or CISA KEV listing exists at time of analysis, and the EPSS score of 0.03% (11th percentile) reflects low observed exploitation pressure.

Google Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's WebGL implementation on Android affects all Chrome versions prior to 148.0.7778.216. The WebGL graphics subsystem performs an out-of-bounds read (CWE-125) when processing attacker-controlled content, exposing adjacent memory contents across origin boundaries to the initiating page. Remote unauthenticated attackers can trigger this condition by serving a crafted HTML page, but victim interaction is required - the user must visit the malicious page. No active exploitation is confirmed (not listed in CISA KEV), and EPSS of 0.03% (10th percentile) indicates low exploitation probability at time of analysis.

Google Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows remote attackers to potentially achieve code execution within the renderer process when a victim visits a crafted HTML page. Google rated the issue High severity and has shipped a stable-channel fix; no public exploit identified at time of analysis and EPSS is currently 0.03% (10th percentile), indicating low observed exploitation interest despite the strong technical impact.

Google Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by tricking a user into visiting a crafted HTML page that triggers a heap buffer overflow in the WebCodecs component. Chromium rates this severity High and a vendor patch is available, though EPSS exploitation probability is currently very low (0.03%, 9th percentile) and there is no public exploit identified at time of analysis.

Google Heap Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds memory write in Dawn, Chrome's WebGPU implementation, affects Google Chrome on macOS prior to version 148.0.7778.216. Remote unauthenticated attackers (per CVSS PR:N) can trigger the write via a crafted HTML page requiring only a single user interaction - visiting a malicious site. The CVSS-scored impact is constrained to low integrity (I:L), with no confidentiality or availability impact confirmed, suggesting the write primitive is limited or difficult to weaponize for full code execution without chaining additional exploits. No public exploit identified at time of analysis and EPSS at 0.03% (11th percentile) indicates very low exploitation probability.

Google Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome for Windows prior to 148.0.7778.216 stems from an out-of-bounds read in the ANGLE graphics abstraction layer, enabling attackers who lure a user to a malicious page to execute arbitrary code in the renderer context. Chromium rates the severity High and CVSS scores it 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though successful exploitation requires user interaction (visiting the crafted page). No public exploit has been identified at time of analysis, but ANGLE bugs have historically been chained into browser sandbox escapes.

Information Disclosure RCE Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 leverages a heap buffer overflow in the ANGLE graphics translation layer, enabling attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Chromium rates the severity as High and CVSS scores it at 8.3, though EPSS remains very low at 0.03% and no public exploit has been identified at time of analysis.

Google Heap Overflow Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 148.0.7778.216 lets a remote attacker who has already compromised the renderer process break out of the Chrome sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. The flaw carries CVSS 8.3 (High) and is rated Chromium-severity High, but EPSS is only 0.03% and there is no public exploit identified at time of analysis. Patched in the Stable channel update announced by Google on the Chrome Releases blog.

Google Heap Overflow Microsoft +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on Android (prior to 148.0.7778.216) via an out-of-bounds read in the WebGL rendering engine allows remote attackers to exfiltrate memory contents when a victim visits a crafted HTML page. The CVSS score of 4.3 (Medium) reflects a network-reachable, low-complexity attack requiring no privileges but dependent on user interaction, with confidentiality impact limited to partial disclosure. No public exploit code or CISA KEV listing has been identified at time of analysis, and an EPSS score of 0.03% (10th percentile) corroborates low active exploitation likelihood; however, the platform-specific scope (Android Chrome) and cross-origin data exposure potential make this relevant for organizations with mobile browser threat models.

Google Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out-of-bounds write in the ANGLE graphics translation layer in Google Chrome before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and chained exploitation could lead to code execution outside the renderer sandbox, though no public exploit identified at time of analysis and EPSS estimates only a 0.03% near-term exploitation probability.

Google Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium with CVSS 8.3 (scope-changed) and CWE-122 heap buffer overflow; no public exploit identified at time of analysis and EPSS is very low (0.03%), but the vulnerability is in the second-stage chain typically combined with a renderer RCE.

Google Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome's ANGLE graphics abstraction layer (versions prior to 148.0.7778.216) allows remote unauthenticated attackers to potentially read limited memory contents from within the browser's process space when a user visits a crafted HTML page. The flaw originates from an inappropriate implementation within ANGLE's rendering pipeline - Chrome's cross-platform graphics engine - resulting in a CWE-125 out-of-bounds read condition with limited confidentiality impact (C:L) and no integrity or availability consequences. No public exploit code has been identified at time of analysis, and EPSS scores this at 0.03% (11th percentile), indicating very low real-world exploitation probability.

Google Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds memory read via integer overflow in Chrome's ANGLE graphics layer exposes limited memory contents to remote attackers who can lure victims to a malicious page. Affected are all Google Chrome versions prior to 148.0.7778.216 on desktop platforms. The vulnerability carries a CVSS score of 4.3 (Medium) with a confidentiality-only impact; no public exploit code exists and no active exploitation has been confirmed, with EPSS at 0.03% (11th percentile), placing real-world risk at low-to-moderate despite the network-accessible attack vector.

Google Buffer Overflow Chrome
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds memory access in the ANGLE graphics translation layer that lets a remote attacker run arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the issue High severity and a vendor patch is available, though no public exploit identified at time of analysis and the EPSS score of 0.04% (12th percentile) indicates very low observed exploitation likelihood at this time.

Google Information Disclosure RCE +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Chrome's ANGLE graphics layer exposes process memory contents to unauthenticated remote attackers who can lure a user to a crafted HTML page. All Google Chrome desktop versions prior to 148.0.7778.216 are affected, with the vulnerability carrying a CVSS 6.5 and exclusively a confidentiality impact - no integrity or availability loss. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) reflects low current exploitation activity, consistent with a typical Chrome graphics-component disclosure ahead of a stable channel patch.

Google Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation on Windows affects all versions prior to 148.0.7778.216. The out-of-bounds read (CWE-125) in the Dawn graphics layer allows remote unauthenticated attackers to exfiltrate cross-origin data by enticing a user to visit a crafted HTML page, exploiting improper buffer boundary enforcement during GPU operations. No public exploit code or CISA KEV listing exists at time of analysis; EPSS at 0.03% (11th percentile) indicates very low automated exploitation likelihood, consistent with the moderate CVSS 4.3 score and required user interaction.

Google Microsoft Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome before 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox through an out-of-bounds write in the GPU process triggered by a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, but no public exploit has been identified at time of analysis and EPSS exploitation probability is low at 0.03% (11th percentile).

Google Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Rated High severity by Chromium with a CVSS of 8.3, the issue is patched but no public exploit has been identified at time of analysis, and EPSS exploitation probability is low (0.03%, 11th percentile).

Google Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows remote attackers to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a CWE-787 out-of-bounds write in V8 carrying a CVSS 8.8 (High) with Chromium severity rated High; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Google Memory Corruption RCE +4
NVD VulDB
Prev Page 16 of 402 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy