Skip to main content

Buffer Overflow

36137 CVEs technique

Monthly

CVE-2026-40341 LOW Monitor

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical USB access to crash the library via malformed PTP protocol data from untrusted camera devices, affecting applications using libgphoto2 for camera enumeration and control on desktop systems.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-40340 MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical access to a USB-connected camera to trigger information disclosure or denial of service via malformed PTP protocol data during Samsung Galaxy device enumeration. The vulnerability exists in `ptp_unpack_OI()` which validates buffer boundaries at 48 bytes but subsequently reads up to 56 bytes, exceeding the boundary by 9 bytes. A fix is available in commit 7c7f515bc88c3d0c4098ac965d313518e0ccbe33.

Samsung Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-40339 MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical access to a connected camera to read sensitive memory and potentially cause denial of service via a specially crafted Sony camera device. The vulnerability exists in the Sony-specific PTP packet unpacking function which omits bounds validation present in the standard variant, enabling attackers with direct camera access to trigger information disclosure and minor availability impact.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-40338 MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows physical attackers to disclose sensitive memory and cause denial of service via a malicious PTP (Picture Transfer Protocol) device. The vulnerability exists in the Sony-specific DPD unpacking function, which fails to validate buffer boundaries before reading an enumeration count, enabling attackers with direct device access to craft responses that trigger the out-of-bounds read. Patch is available via upstream commit 3b9f9696be76ae51dca983d9dd8ce586a2561845.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-40335 MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 in the PTP protocol parser allows information disclosure and potential denial of service when processing specially crafted camera responses. The vulnerability exists in ptp_unpack_DPV() where UINT128 and INT128 cases advance the buffer offset by 16 bytes without verifying sufficient buffer remains available, potentially exposing adjacent memory. Exploitation requires physical access to connect a malicious camera device (AV:P), but no special authentication or user interaction is needed once connected. No public exploit code identified at time of analysis.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-40334 LOW Monitor

Missing null terminator in libgphoto2's ptp_unpack_Canon_FE() function allows out-of-bounds memory reads when processing Canon camera filenames. Versions up to 2.5.33 are vulnerable when a 13-byte filename without null termination is supplied, causing subsequent string operations to read beyond buffer boundaries. The vulnerability requires physical camera access and results in information disclosure or denial of service, not remote code execution.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-40333 MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical access to a connected camera to read sensitive information from process memory or cause denial of service via malformed EOS event data. Two functions in ptp-pack.c lack length validation, enabling unbounded buffer reads when processing camera events. The vulnerability requires physical device access and is not remotely exploitable, with no public exploit code identified at time of analysis.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-29013 HIGH PATCH This Week

Out-of-bounds read in libcoap's OSCORE CBOR parsing can escalate to heap buffer overflow, enabling remote unauthenticated attackers to trigger memory corruption via malformed CoAP packets. Affects libcoap versions prior to v4.3.5b. The vulnerability stems from release builds removing assert() bounds checks in get_byte_inc(), allowing integer wraparound during allocation size computation. No public exploit identified at time of analysis, but proof-of-concept is straightforward given the specific code path and commit fix available.

Information Disclosure Buffer Overflow Libcoap
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-35512 HIGH PATCH This Week

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows remote code execution after authentication via malicious EGFX graphics channel PDUs. Authenticated attackers can exploit insufficient validation of client-controlled size parameters to write beyond allocated heap buffers. Unauthenticated attackers can only trigger denial-of-service crashes. Vendor-released patch available in version 0.10.6. No active exploitation confirmed (not in CISA KEV), but heap overflows in remote services are high-value targets. Default non-privileged execution since 0.10.2 limits post-compromise impact.

Heap Overflow Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2026-33689 HIGH PATCH This Week

Out-of-bounds read in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to crash the RDP service or disclose memory contents during pre-authentication message parsing. The vulnerability (CWE-125) exploits insufficient buffer length validation in dynamic channel communication handling, affecting default installations exposed to network access. Fixed in version 0.10.6 per vendor advisory GHSA-92mr-6wpp-27jj. CVSS 8.7 reflects high availability impact; no active exploitation confirmed in CISA KEV at time of analysis, though public disclosure increases risk for internet-facing xrdp deployments.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-32624 MEDIUM PATCH This Month

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to cause denial of service or memory corruption when the domain_user_separator configuration directive is explicitly enabled in xrdp.ini. An attacker sends a crafted RDP logon request with an excessively long username and domain name combination that overflows an internal buffer, corrupting adjacent memory regions. The vulnerability requires non-default configuration (domain_user_separator must be uncommented) and affects only systems with this setting enabled. Vendor-released patch: version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-33516 HIGH PATCH This Week

Out-of-bounds read in xrdp RDP server versions ≤0.10.5 allows remote unauthenticated attackers to crash the service or disclose process memory by sending a malformed Confirm Active PDU during RDP capability negotiation. Attack complexity is low but requires user interaction. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis. Vendor-released patch available in version 0.10.6 per GitHub security advisory GHSA-rvh9-9wm3-28c7.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-32623 HIGH PATCH This Week

Heap-based buffer overflow in xrdp's NeutrinoRDP module (versions ≤0.10.5) enables malicious downstream RDP servers or MitM attackers to achieve remote code execution or denial of service when proxying RDP sessions. Exploitation requires the victim xrdp server to have the non-default NeutrinoRDP module compiled and enabled (--enable-neutrinordp), and a user must initiate an RDP session through the affected proxy to a malicious server. EPSS data unavailable; no CISA KEV listing indicates targeted rather than widespread exploitation. Fixed in version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-33337 HIGH PATCH This Week

Buffer overflow in Firebird RDBMS allows remote unauthenticated attackers to crash database servers via malformed slice packets. Affects Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 across all three maintained major release branches. The xdr_datum() deserialization function fails to validate cstring lengths against slice descriptor bounds during packet processing, enabling heap buffer overflow. CVSS 7.5 (High) with network attack vector and no authentication required. EPSS data not available, no KEV listing identified, but public vendor advisory and tagged releases confirm the issue and provide specific fix versions.

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27890 HIGH PATCH This Week

Remote denial-of-service in Firebird database server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via malformed authentication packets. Exploitable by sending out-of-order CNCT_specific_data segments during connection setup, triggering a negative size calculation and segmentation fault. No authentication, credentials, or special configuration required - only knowledge of server IP and port. CVSS 8.2 (High) with network vector, low complexity, and no privileges required. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the attack surface is maximally exposed given the unauthenticated network vector and low complexity (AV:N/AC:L/PR:N).

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-6491 LOW POC Monitor

Heap-based buffer overflow in libvips up to version 8.18.2 via the deprecated im_minpos_vec function in libvips/deprecated/vips7compat.c allows authenticated local attackers to trigger memory corruption through manipulation of the argument n, with publicly available exploit code confirmed and vendor commitment to remove the deprecated code in libvips 8.19.

Heap Overflow Buffer Overflow Libvips
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-6507 HIGH PATCH This Week

Out-of-bounds write in dnsmasq's DHCP split-relay handler allows remote unauthenticated denial of service via crafted BOOTREPLY packets. Affects Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 when dnsmasq runs with the --dhcp-split-relay option enabled. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial network exploitation, but real-world risk is mitigated by the non-default configuration requirement. No public exploit or active exploitation (CISA KEV) confirmed at time of analysis, though CWE-787 (out-of-bounds write) primitives are well-understood by attackers.

Denial Of Service Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +6
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-40253 MEDIUM PATCH This Month

openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them against actual buffer boundaries. All primitive decoders are affected: ber_decode_INTEGER, ber_decode_SEQUENCE, ber_decode_OCTET_STRING, ber_decode_BIT_STRING, and ber_decode_CHOICE. Additionally, ber_decode_INTEGER can produce integer underflows when the encoded length is zero. An attacker supplying a malformed BER-encoded cryptographic object through PKCS#11 operations such as C_CreateObject or C_UnwrapKey, token loading from disk, or remote backend communication can trigger out-of-bounds reads. This affects all token backends (Soft, ICA, CCA, TPM, EP11, ICSF) since the vulnerable code is in the shared common library. A patch is available thorugh commit ed378f463ef73364c89feb0fc923f4dc867332a3.

Information Disclosure Buffer Overflow Opencryptoki
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-40170 HIGH PATCH This Week

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.

Stack Overflow Buffer Overflow Ngtcp2
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27820 Ruby LOW PATCH GHSA Monitor

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Buffer Overflow Zlib
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.0%
CVE-2026-41034 MEDIUM PATCH This Month

ONLYOFFICE DocumentServer before 9.3.0 contains an untrusted pointer dereference vulnerability in XLS file processing that enables authenticated remote attackers to leak sensitive memory and bypass ASLR protections. The vulnerability affects XLS conversion workflows through multiple vectors including pictFmla.cbBufInCtlStm manipulation, allowing information disclosure without requiring user interaction. CVSS 5.0 reflects moderate risk given network accessibility and the authentication barrier, though the scope change to CVSS:C indicates potential cross-boundary impact.

Information Disclosure Buffer Overflow Onlyoffice Documentserver
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-6350 CRITICAL PATCH Act Now

Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.

Stack Overflow Buffer Overflow RCE Mailgates Mailaudit
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-40962 MEDIUM PATCH This Month

Integer overflow in FFmpeg's CENC subsample data parsing (libavformat/mov.c) before version 8.1 enables out-of-bounds memory writes on local systems processing specially crafted MP4 files. The vulnerability requires attacker-controlled media file input and non-default system configuration, limiting exploitation to local contexts; no active exploitation or public exploit code has been identified. With a CVSS score of 4.9 and low attack complexity requirement, this represents a moderate local integrity and confidentiality risk primarily affecting users who process untrusted video files from untrusted sources.

Integer Overflow Buffer Overflow Ffmpeg
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-40504 CRITICAL PATCH Act Now

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications evaluate untrusted scripts containing many string literals at global scope. The vulnerability stems from insufficient bounds checking in gravity_fiber_reassign(), allowing heap metadata corruption. VulnCheck disclosed this issue with a vendor-released patch (commit 18b9195) available. CVSS 9.3 reflects the critical network-accessible, unauthenticated attack vector. No active exploitation (CISA KEV) or public POC identified at time of analysis, but technical details in GitHub issue #437 could facilitate exploit development.

Heap Overflow Buffer Overflow RCE Gravity
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-6385 MEDIUM PATCH This Month

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow RCE Red Hat +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6384 HIGH PATCH This Week

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.

Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-6364 MEDIUM PATCH This Month

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)

Information Disclosure Buffer Overflow Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6361 HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Microsoft Google Heap Overflow Buffer Overflow RCE +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6314 HIGH PATCH This Week

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Buffer Overflow Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6308 HIGH PATCH This Week

Out-of-bounds read in Google Chrome's media component (versions prior to 147.0.7727.101) enables remote code execution when attackers convince users to perform specific UI interactions on a malicious HTML page. Google rated this high severity and released Chrome 147.0.7727.101 as a fix. No active exploitation confirmed via CISA KEV at time of analysis, though CVSS 7.5 reflects significant impact if user interaction prerequisite is met. The UI gesture requirement and high attack complexity (AC:H) reduce automated exploitation risk compared to interaction-free vulnerabilities.

Information Disclosure Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-6306 HIGH PATCH This Week

Heap buffer overflow in Google Chrome's PDFium library (versions prior to 147.0.7727.101) enables remote code execution within the Chrome sandbox when a victim opens a malicious PDF file. Despite CVSS 8.8 severity, exploitation requires user interaction (opening a crafted PDF) and is confined to the sandbox, limiting system-level impact. Vendor patch available in Chrome 147.0.7727.101. No active exploitation confirmed (not in CISA KEV), no public POC identified at time of analysis. EPSS data not provided.

Heap Overflow Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6305 HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Heap Overflow Buffer Overflow RCE Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6298 MEDIUM PATCH This Month

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Heap Overflow Buffer Overflow Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6296 CRITICAL PATCH Act Now

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Heap Overflow Buffer Overflow Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-40919 MEDIUM PATCH This Month

A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.

Denial Of Service Memory Corruption Buffer Overflow Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-40918 MEDIUM PATCH This Month

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40917 MEDIUM PATCH This Month

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process such files.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-40916 MEDIUM PATCH This Month

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array.

Denial Of Service Memory Corruption Buffer Overflow Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-40915 MEDIUM PATCH This Month

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow RCE Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6245 MEDIUM PATCH This Month

A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS).

Denial Of Service Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-4682 HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow Stack Overflow Microsoft
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-30364 HIGH This Week

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.

Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40688 HIGH This Week

Out-of-bounds write in FortiWeb administrative interface enables authenticated remote code execution on web application firewall appliances. Affects FortiWeb 7.4.0-7.4.11, 7.6.0-7.6.6, and 8.0.0-8.0.3. CVSS 7.2 indicates high-privilege authenticated network attack with low complexity. No public exploit identified at time of analysis, though the incomplete advisory description ('<insert attack vector here>') suggests disclosure may be pending or sanitized. Memory corruption class (CWE-787) typically enables arbitrary code execution, confirmed by CVSS impact ratings (High C/I/A). EPSS data not available for risk probability assessment.

Buffer Overflow Memory Corruption Fortinet
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-27301 MEDIUM This Month

Heap-based buffer overflow in Adobe FrameMaker 2022.8 and earlier allows local attackers to disclose sensitive information from process memory without user privileges, requiring only that a victim open a malicious document. CVSS 5.5 reflects confidentiality impact with low attack complexity, though no active exploitation or public proof-of-concept has been confirmed at analysis time.

Heap Overflow Buffer Overflow Adobe
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27295 HIGH This Week

Out-of-bounds write in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution when users open specially crafted malicious files. The vulnerability achieves full confidentiality, integrity, and availability impact (CVSS 7.8 HIGH) but requires local access and user interaction, limiting immediate risk. No public exploit identified at time of analysis, and exploitation requires social engineering to deliver the malicious file to victims.

Buffer Overflow RCE Memory Corruption Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27294 HIGH This Week

Out-of-bounds read in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution when users open malicious crafted files. Exploitation requires local access and user interaction (CVSS 7.8, AV:L/UI:R), allowing attackers to execute code with current user privileges and achieve high confidentiality, integrity, and availability impact. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis. Adobe has released security bulletin APSB26-36 addressing this vulnerability.

Buffer Overflow Information Disclosure Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27293 HIGH This Week

Heap-based buffer overflow in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution with high integrity and confidentiality impact when users open specially crafted malicious files. Attack requires local access and user interaction (CVSS 7.8, AV:L/UI:R), limiting remote exploitation scenarios. No public exploit identified at time of analysis. EPSS data not available, and vulnerability not listed in CISA KEV, suggesting exploitation remains theoretical despite the high CVSS score.

Heap Overflow Buffer Overflow RCE Adobe
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40890 Go HIGH PATCH GHSA This Week

### Summary Processing a malformed input containing a `<` character that is not followed by a `>` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. ### Details The `smartLeftAngle()` function in `html/smartypants.go:367-376` performs an out-of-bounds slice operation when processing a `<` character that is not followed by a `>` character anywhere in the remaining text. https://github.com/gomarkdown/markdown/blob/37c66b85d6ab025ba67a73ba03b7f3ef55859cca/html/smartypants.go#L367-L376 If the length of the slice is lower than its capacity, this leads to an extra byte of data read. If the length equals the capacity, this leads to a panic. ### PoC ```golang package main import ( "bytes" "fmt" "github.com/gomarkdown/markdown/html" ) func main() { src := []byte("<a") fmt.Printf("Input: %q (len=%d, cap=%d)\n", src, len(src), cap(src)) var buf bytes.Buffer sp := html.NewSmartypantsRenderer(html.Smartypants) sp.Process(&buf, src) // panics: slice bounds out of range fmt.Printf("Output: %q\n", buf.String()) } ``` ### Impact This vulnerability will lead to a Denial of Service / panic on the processing service. -- The Datadog Security Team

Denial Of Service Information Disclosure Buffer Overflow Red Hat
NVD GitHub HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34631 HIGH This Week

Arbitrary code execution in Adobe InCopy 20.5.2, 21.2 and earlier allows unauthenticated local attackers to execute malicious code with the victim's privileges through a specially crafted file. The vulnerability stems from an out-of-bounds write (CWE-787) triggering memory corruption. Exploitation requires the victim to open a malicious document, making this a viable social engineering vector. No public exploit identified at time of analysis, though the vulnerability's local attack vector and user interaction requirement moderately constrain immediate risk.

Buffer Overflow RCE Memory Corruption Incopy
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33020 HIGH PATCH This Week

Heap buffer overflow in libsixel 1.8.7 and earlier allows local attackers to achieve arbitrary code execution by providing a maliciously crafted large palettised PNG image that triggers integer overflow in RGB888 conversion routines. The vulnerability requires user interaction to process the malicious image but no authentication. EPSS data not available; no public exploit identified at time of analysis, though the technical details in the advisory provide sufficient information for weaponization. Vendor-released patch: version 1.8.7-r1.

Heap Overflow Buffer Overflow RCE Libsixel
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33019 HIGH PATCH This Week

Out-of-bounds heap read in libsixel img2sixel via integer overflow allows local attackers to crash the application and potentially leak sensitive memory contents when processing malicious --crop arguments with otherwise valid images. Affects libsixel 1.8.7 and earlier; patched in 1.8.7-r1. EPSS data not available, but exploitation requires local access with user interaction (CVSS AV:L/UI:R). No CISA KEV listing; no public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33023 HIGH PATCH This Week

Use-after-free in libsixel's gdk-pixbuf2 loader enables local attackers to achieve code execution via crafted images. Affects libsixel versions through 1.8.7 when compiled with --with-gdk-pixbuf2 option. The vulnerability stems from inconsistent memory management in load_with_gdkpixbuf(), which manually frees reference-counted frame objects, leaving dangling pointers that callbacks can access post-cleanup. CVSS 7.8 (High) with local attack vector requiring user interaction. Fixed in version 1.8.7-r1. No confirmed active exploitation (CISA KEV), though proof-of-concept feasibility is high given the deterministic nature of the memory corruption.

Information Disclosure RCE Memory Corruption Buffer Overflow Use After Free +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27287 HIGH This Week

Out-of-bounds read in Adobe InCopy 20.5.2, 21.2 and earlier allows arbitrary code execution when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction to open a weaponized document, which then triggers memory disclosure leading to code execution in user context. No public exploit identified at time of analysis. EPSS data not available, but the local-only attack vector and mandatory user interaction substantially reduce real-world risk compared to remotely exploitable flaws.

Buffer Overflow Information Disclosure Incopy
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34630 HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier versions enables arbitrary code execution with victim's privileges when processing maliciously crafted files. Attack requires local access and user interaction (opening a weaponized file). CVSS 7.8 (High) reflects significant impact but local-only attack vector. No public exploit identified at time of analysis, and exploitation probability remains moderate given the user interaction requirement and local access constraint.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34618 HIGH This Week

Arbitrary code execution in Adobe Illustrator 30.2, 29.8.5 and earlier versions allows unauthenticated local attackers to execute malicious code with current user privileges via crafted file exploitation. The vulnerability requires user interaction (opening a malicious file) but has low attack complexity once delivered. No public exploit identified at time of analysis, with EPSS data unavailable for risk quantification. The out-of-bounds write flaw affects memory management during file parsing operations.

Buffer Overflow RCE Memory Corruption Illustrator
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27313 HIGH This Week

Arbitrary code execution in Adobe Bridge 16.0.2, 15.1.4 and earlier allows local attackers to execute malicious code with current user privileges through specially crafted files. CVSS 7.8 (High) with EPSS data not available. No public exploit identified at time of analysis. Exploitation requires victim to open a malicious Bridge file, making this a realistic threat for targeted attacks using phishing or social engineering delivery methods.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27312 HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier allows arbitrary code execution with user privileges when processing malicious files. CVSS 7.8 (High) reflects the local attack vector requiring victim interaction to open a crafted file. No public exploit identified at time of analysis, with SSVC framework rating this as non-automatable but capable of total technical impact. Exploitation requires social engineering to deliver the malicious file to the target user.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27311 HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier versions enables arbitrary code execution with user privileges when processing maliciously crafted files. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, requiring local access and user interaction. CISA SSVC framework categorizes this as non-automatable with total technical impact. No public exploit identified at time of analysis, and vendor has released security advisory APSB26-39 addressing the vulnerability.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27310 HIGH This Week

Arbitrary code execution via heap-based buffer overflow in Adobe Bridge (versions 16.0.2, 15.1.4 and earlier) allows local attackers to execute code in the user's security context by tricking victims into opening specially crafted malicious files. No public exploit identified at time of analysis, with SSVC assessment indicating no current exploitation, non-automatable attack requiring user interaction, and total technical impact upon successful compromise.

Heap Overflow Buffer Overflow RCE Bridge
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27289 HIGH This Week

Out-of-bounds read in Adobe Photoshop Desktop 27.4 and earlier enables arbitrary code execution when users open malicious files. Attackers can read beyond allocated memory boundaries during file parsing to execute code with current user privileges. CVSS 7.8 (High) reflects local attack vector requiring user interaction. No public exploit identified at time of analysis, though exploitation requires only low complexity once a victim opens the crafted file.

Buffer Overflow Information Disclosure Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34628 HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high impact to confidentiality, integrity, and availability when users open malicious files. The vulnerability requires local access and user interaction (opening a crafted document), with no authentication barriers (CVSS PR:N). No public exploit identified at time of analysis, and CISA SSVC framework rates this as non-exploited with total technical impact but not automatable, indicating targeted attack potential rather than mass exploitation risk.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34629 HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high integrity and confidentiality impact when users open specially crafted malicious files. No public exploit identified at time of analysis. CVSS 7.8 reflects local attack vector requiring user interaction but no authentication, with complete system compromise potential in user context. EPSS risk data not available; exploitation requires social engineering to deliver malicious InDesign document.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34627 HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact when users open malicious files. No public exploit identified at time of analysis. Attack requires local access and user interaction (opening a crafted file), with low attack complexity and no authentication requirements (CVSS:3.1 AV:L/AC:L/PR:N/UI:R). EPSS risk data not available; vulnerability enables complete system compromise in user context.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27258 MEDIUM This Month

Out-of-bounds write in Adobe DNG SDK 1.7.1 2502 and earlier causes application denial-of-service through memory corruption when processing malicious DNG files. The vulnerability requires user interaction (opening a crafted file) and affects local attackers on systems where DNG SDK is deployed; no public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Memory Corruption Dng Sdk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32203 HIGH PATCH Exploit Unlikely This Week

Denial of service via stack buffer overflow in .NET (versions 8.0, 9.0, 10.0) and Visual Studio 2022 (versions 17.12, 17.14) allows unauthenticated remote attackers to crash affected applications over the network. The vulnerability has a CVSS score of 7.5 (High) with low attack complexity and no privileges required. Vendor-released patches are available from Microsoft (MSRC). No public exploit identified at time of analysis, and the issue is not confirmed actively exploited.

Stack Overflow Buffer Overflow Net 10 0 Net 8 0 Net 9 0 +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32076 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Storage Spaces Controller (Windows 11 22H2-26H1, Server 2022-2025) enables low-privileged authenticated users to gain SYSTEM-level access via out-of-bounds read exploitation. CVSS 7.8 (High). No public exploit identified at time of analysis, but ENISA EUVD tracking indicates European regulatory attention. Vendor-released patches available for all affected versions.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27930 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows GDI allows local unauthenticated attackers to disclose sensitive information with user interaction. The vulnerability affects Windows 10 versions 1607, 1809, 21H2, and 22H2, all Windows 11 versions from 22H3 through 26H1, and Windows Server 2012 through 2025. No public exploit code or active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26184 HIGH PATCH Exploit Unlikely This Week

Windows Projected File System buffer over-read allows authenticated local attackers with low privileges to escalate to high integrity, potentially achieving SYSTEM-level access across Windows 10, Windows 11, and Windows Server platforms. This CWE-126 memory disclosure vulnerability scores 7.8 CVSS with straightforward exploitation (low complexity, no user interaction), affecting extensive Windows infrastructure from legacy 1809 through current 26H1 builds. No public exploit identified at time of

Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26176 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Client Side Caching driver (csc.sys) allows authenticated users with low privileges to gain SYSTEM-level access via heap-based buffer overflow exploitation. Affects all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025). Vendor-released patches are available from Microsoft as of early 2026. No public exploit identified at time of analysis, though the straightforward attack complexity (AC:L) and no user interaction requirement (

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26169 MEDIUM PATCH Exploit Likely This Month

Buffer over-read in Windows Kernel Memory allows authenticated local attackers to disclose sensitive kernel information with high confidence. CVE-2026-26169 affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2016 through 2025. The vulnerability requires local access and low-level user privileges but does not enable privilege escalation or code execution. Microsoft has released vendor patches addressing the issue across all affected versions.

Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-26156 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Hyper-V enables local code execution with high impact across Windows 10, Windows 11, and Windows Server environments. An unauthenticated attacker with local access can trigger the vulnerability through user interaction (CVSS:3.1 AV:L/AC:L/PR:N/UI:R), achieving full system compromise (C:H/I:H/A:H). Microsoft has released patches addressing 17 affected Windows versions ranging from legacy Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. No publ

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26153 HIGH PATCH Exploit Unlikely This Week

Out-of-bounds read in Windows Encrypting File System (EFS) enables low-privileged local attackers to escalate to SYSTEM privileges on Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2019/2022/2025. The vulnerability (CWE-125) requires local access and low-level privileges but no user interaction, yielding complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). Vendor-released patches are available

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33822 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office Word enables local information disclosure when a user opens a malicious document, affecting Microsoft 365 Apps for Enterprise and Office LTSC for Mac 2021/2024. The vulnerability requires user interaction (document opening) but does not require elevated privileges, with a CVSS score of 6.1 reflecting moderate severity. Microsoft has released patches addressing this issue across affected product lines.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33096 HIGH PATCH Exploit Unlikely This Week

Denial of service in Windows HTTP.sys kernel-mode driver allows unauthenticated remote attackers to crash affected systems via malformed HTTP requests. Affects all currently supported Windows 11 versions (22H2 through 26H1) and Windows Server 2022/2025 editions. The vulnerability stems from an out-of-bounds read (CWE-125) triggered when HTTP.sys processes specially crafted network packets without authentication (CVSS AV:N/PR:N). Vendor-released patches available for all affected versions with specific build numbers identified. No public exploit identified at time of analysis, though low attack complexity (AC:L) suggests straightforward exploitation once technical details emerge.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32223 MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows USB Print Driver allows local privilege escalation via physical device access. Affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, with patch available from Microsoft. Attack requires physical USB access and no user interaction; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-32221 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Graphics Component across Windows 11 24H2/25H2/26H1 and Server 2025 enables unauthenticated local attackers to execute arbitrary code with high integrity via heap-based buffer overflow exploitation. CVSS 8.4 (High) reflects low attack complexity and no user interaction requirement, though local access is necessary. EPSS data unavailable; no CISA KEV listing or public exploit identified at time of analysis, but the low complexity (AC:L) and no-auth requirement (PR:N) make this highly attractive for post-compromise escalation.

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-32195 HIGH PATCH Exploit Unlikely This Week

Stack-based buffer overflow in the Windows Kernel enables low-privileged local attackers to escalate to SYSTEM privileges on Windows 11 version 26H1 (build 10.0.28000.0 through 10.0.28000.1835). Despite CVSS 7.0 (High), the attack complexity is high (AC:H) and requires local access with low-level privileges (PR:L). Vendor-released patch available via Microsoft Security Response Center (build 10.0.28000.1836). No public exploit identified at time of analysis, though CWE-121 stack overflows are well-understood vulnerability classes with established exploitation techniques.

Stack Overflow Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32188 HIGH PATCH Exploit Unlikely This Week

Out-of-bounds read vulnerability (CWE-125) in Microsoft Excel allows local attackers to disclose sensitive memory contents and cause denial of service through maliciously crafted spreadsheet files with user interaction. Affects Microsoft Office 2016/2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office Online Server across Windows and macOS platforms. CVSS 7.1 reflects high confidentiality and availability impact with low attack complexity but requires local access and user interaction. No public exploit identified at time of analysis. Vendor-released patches available through Microsoft Security Response Center covering all affected Office product lines.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-32087 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Windows Function Discovery Service (fdwsd.dll) enables low-privileged authenticated local attackers to escalate privileges to SYSTEM across Windows 10, Windows 11, and Windows Server 2012-2025. Vendor-released patch available per Microsoft Security Response Center advisory. No public exploit identified at time of analysis, though the CVSS vector indicates local access with high attack complexity (AC:H), requiring authenticated low-privilege users (PR:L). A

Heap Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-27931 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows GDI (Graphics Device Interface) allows local attackers to disclose sensitive information without authentication. The vulnerability affects Windows 10 versions 21H2 and 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2022/2025, requiring user interaction to trigger. Microsoft has released patches for all affected versions, with specific build numbers provided for remediation.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26180 HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in the Windows Kernel enables local privilege escalation to SYSTEM on Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server (2012 through 2025). Authenticated local attackers with low privileges can exploit this memory corruption vulnerability to gain complete system control. Microsoft has released patches addressing 21 affected product versions. No public exploit identified at time of analysis, though the local attack vec

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26155 MEDIUM PATCH Exploit Unlikely This Month

Microsoft Local Security Authority Subsystem Service (LSASS) information disclosure vulnerability allows authenticated network attackers to read sensitive memory contents via a bounds check bypass in the LSASS process. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, and 2025. No public exploit code or active exploitation has been reported; vendor-released patches are available across all affected versions.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27284 HIGH This Week

Out-of-bounds read in Adobe InDesign Desktop versions 20.5.2, 21.2, and earlier enables arbitrary code execution when users open malicious files. Attack requires local access and user interaction (CVSS AV:L/UI:R) but no authentication (PR:N), allowing attackers with file delivery capability to execute code as the victim user. No public exploit identified at time of analysis, though the vulnerability class (CWE-125 out-of-bounds read) is well-understood and commonly weaponized in document processors.

Buffer Overflow Information Disclosure Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27285 MEDIUM This Month

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier allows local attackers to cause application denial-of-service by crafting malicious files that trigger memory corruption when opened. This vulnerability requires user interaction to exploit and does not enable code execution or data compromise, making it primarily a disruption vector rather than a critical attack surface despite its moderate CVSS score of 5.5.

Buffer Overflow Heap Overflow Indesign Desktop
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27286 MEDIUM This Month

Heap-based buffer overflow in Adobe InDesign Desktop versions 21.2 and earlier allows local attackers to disclose sensitive information from memory without authentication, requiring only user interaction to open a malicious file. The vulnerability has a CVSS score of 5.5 with high confidentiality impact but no integrity or availability impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Heap Overflow Indesign Desktop
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27238 HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact. Attack requires local access and user interaction (victim opens malicious InDesign file), with low attack complexity and no authentication barriers. CVSS 7.8 reflects significant impact once social engineering succeeds. No CISA KEV listing indicates no confirmed active exploitation at time of analysis. Adobe has published security advisory APSB26-32 addressing this vulnerability.

Buffer Overflow RCE Heap Overflow Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27291 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions through 21.2 allows unauthenticated attackers to execute malicious code with full user privileges by exploiting an out-of-bounds write vulnerability via a specially crafted InDesign file. Attack requires local access and user interaction to open the malicious document. No public exploit identified at time of analysis, though CVSS 7.8 reflects high impact if successfully exploited. Adobe has released security bulletin APSB26-32 addressing this memory corruption flaw.

Buffer Overflow RCE Memory Corruption Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22828 HIGH This Week

Remote code execution in Fortinet FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 through 7.6.4 allows unauthenticated remote attackers to execute arbitrary code via crafted network requests exploiting a heap-based buffer overflow (CWE-122). Attack complexity is rated high due to ASLR and network segmentation defenses requiring significant exploitation preparation. CVSS score of 8.1 reflects the critical impact despite defensive barriers. No public exploit identified at time of analysis, though the vulnerability's disclosure by Fortinet suggests patch availability through their security advisory FG-IR-26-121.

Buffer Overflow Fortinet RCE Heap Overflow
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-5713 MEDIUM PATCH This Month

Memory corruption in Python's asyncio introspection and profiling.sampling modules (3.14-3.15) allows a local attacker with high privileges to read and write arbitrary memory in a connected privileged Python process via remote debugging. Exploitation requires persistent, repeated connections and high tolerance for crashes due to ASLR; no public exploit code has been identified. SSVC framework rates technical impact as total, but exploitation remains none-indicating low real-world priority despite severe capability impact.

Buffer Overflow Stack Overflow Python
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-40164 HIGH PATCH This Week

Algorithmic complexity attack in jq JSON processor allows remote denial of service via hash collision exploitation. An attacker can craft a ~100KB JSON object with precomputed colliding keys that degrade hash table performance from O(1) to O(n²), causing severe CPU exhaustion in unauthenticated network contexts including CI/CD pipelines and web services. The vulnerability stems from a hardcoded MurmurHash3 seed (0x432A9843) that enables offline collision calculation. Fixed in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784. CVSS 7.5 (High severity, network-exploitable, no authentication required). No public exploit identified at time of analysis, but attack technique is well-documented and feasible.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 3.5
LOW Monitor

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical USB access to crash the library via malformed PTP protocol data from untrusted camera devices, affecting applications using libgphoto2 for camera enumeration and control on desktop systems.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical access to a USB-connected camera to trigger information disclosure or denial of service via malformed PTP protocol data during Samsung Galaxy device enumeration. The vulnerability exists in `ptp_unpack_OI()` which validates buffer boundaries at 48 bytes but subsequently reads up to 56 bytes, exceeding the boundary by 9 bytes. A fix is available in commit 7c7f515bc88c3d0c4098ac965d313518e0ccbe33.

Samsung Information Disclosure Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical access to a connected camera to read sensitive memory and potentially cause denial of service via a specially crafted Sony camera device. The vulnerability exists in the Sony-specific PTP packet unpacking function which omits bounds validation present in the standard variant, enabling attackers with direct camera access to trigger information disclosure and minor availability impact.

Information Disclosure Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows physical attackers to disclose sensitive memory and cause denial of service via a malicious PTP (Picture Transfer Protocol) device. The vulnerability exists in the Sony-specific DPD unpacking function, which fails to validate buffer boundaries before reading an enumeration count, enabling attackers with direct device access to craft responses that trigger the out-of-bounds read. Patch is available via upstream commit 3b9f9696be76ae51dca983d9dd8ce586a2561845.

Information Disclosure Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 in the PTP protocol parser allows information disclosure and potential denial of service when processing specially crafted camera responses. The vulnerability exists in ptp_unpack_DPV() where UINT128 and INT128 cases advance the buffer offset by 16 bytes without verifying sufficient buffer remains available, potentially exposing adjacent memory. Exploitation requires physical access to connect a malicious camera device (AV:P), but no special authentication or user interaction is needed once connected. No public exploit code identified at time of analysis.

Information Disclosure Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Missing null terminator in libgphoto2's ptp_unpack_Canon_FE() function allows out-of-bounds memory reads when processing Canon camera filenames. Versions up to 2.5.33 are vulnerable when a 13-byte filename without null termination is supplied, causing subsequent string operations to read beyond buffer boundaries. The vulnerability requires physical camera access and results in information disclosure or denial of service, not remote code execution.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical access to a connected camera to read sensitive information from process memory or cause denial of service via malformed EOS event data. Two functions in ptp-pack.c lack length validation, enabling unbounded buffer reads when processing camera events. The vulnerability requires physical device access and is not remotely exploitable, with no public exploit code identified at time of analysis.

Information Disclosure Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read in libcoap's OSCORE CBOR parsing can escalate to heap buffer overflow, enabling remote unauthenticated attackers to trigger memory corruption via malformed CoAP packets. Affects libcoap versions prior to v4.3.5b. The vulnerability stems from release builds removing assert() bounds checks in get_byte_inc(), allowing integer wraparound during allocation size computation. No public exploit identified at time of analysis, but proof-of-concept is straightforward given the specific code path and commit fix available.

Information Disclosure Buffer Overflow Libcoap
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows remote code execution after authentication via malicious EGFX graphics channel PDUs. Authenticated attackers can exploit insufficient validation of client-controlled size parameters to write beyond allocated heap buffers. Unauthenticated attackers can only trigger denial-of-service crashes. Vendor-released patch available in version 0.10.6. No active exploitation confirmed (not in CISA KEV), but heap overflows in remote services are high-value targets. Default non-privileged execution since 0.10.2 limits post-compromise impact.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Out-of-bounds read in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to crash the RDP service or disclose memory contents during pre-authentication message parsing. The vulnerability (CWE-125) exploits insufficient buffer length validation in dynamic channel communication handling, affecting default installations exposed to network access. Fixed in version 0.10.6 per vendor advisory GHSA-92mr-6wpp-27jj. CVSS 8.7 reflects high availability impact; no active exploitation confirmed in CISA KEV at time of analysis, though public disclosure increases risk for internet-facing xrdp deployments.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to cause denial of service or memory corruption when the domain_user_separator configuration directive is explicitly enabled in xrdp.ini. An attacker sends a crafted RDP logon request with an excessively long username and domain name combination that overflows an internal buffer, corrupting adjacent memory regions. The vulnerability requires non-default configuration (domain_user_separator must be uncommented) and affects only systems with this setting enabled. Vendor-released patch: version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Out-of-bounds read in xrdp RDP server versions ≤0.10.5 allows remote unauthenticated attackers to crash the service or disclose process memory by sending a malformed Confirm Active PDU during RDP capability negotiation. Attack complexity is low but requires user interaction. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis. Vendor-released patch available in version 0.10.6 per GitHub security advisory GHSA-rvh9-9wm3-28c7.

Denial Of Service Information Disclosure Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Heap-based buffer overflow in xrdp's NeutrinoRDP module (versions ≤0.10.5) enables malicious downstream RDP servers or MitM attackers to achieve remote code execution or denial of service when proxying RDP sessions. Exploitation requires the victim xrdp server to have the non-default NeutrinoRDP module compiled and enabled (--enable-neutrinordp), and a user must initiate an RDP session through the affected proxy to a malicious server. EPSS data unavailable; no CISA KEV listing indicates targeted rather than widespread exploitation. Fixed in version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in Firebird RDBMS allows remote unauthenticated attackers to crash database servers via malformed slice packets. Affects Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 across all three maintained major release branches. The xdr_datum() deserialization function fails to validate cstring lengths against slice descriptor bounds during packet processing, enabling heap buffer overflow. CVSS 7.5 (High) with network attack vector and no authentication required. EPSS data not available, no KEV listing identified, but public vendor advisory and tagged releases confirm the issue and provide specific fix versions.

Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Remote denial-of-service in Firebird database server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via malformed authentication packets. Exploitable by sending out-of-order CNCT_specific_data segments during connection setup, triggering a negative size calculation and segmentation fault. No authentication, credentials, or special configuration required - only knowledge of server IP and port. CVSS 8.2 (High) with network vector, low complexity, and no privileges required. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the attack surface is maximally exposed given the unauthenticated network vector and low complexity (AV:N/AC:L/PR:N).

Buffer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in libvips up to version 8.18.2 via the deprecated im_minpos_vec function in libvips/deprecated/vips7compat.c allows authenticated local attackers to trigger memory corruption through manipulation of the argument n, with publicly available exploit code confirmed and vendor commitment to remove the deprecated code in libvips 8.19.

Heap Overflow Buffer Overflow Libvips
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds write in dnsmasq's DHCP split-relay handler allows remote unauthenticated denial of service via crafted BOOTREPLY packets. Affects Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 when dnsmasq runs with the --dhcp-split-relay option enabled. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial network exploitation, but real-world risk is mitigated by the non-default configuration requirement. No public exploit or active exploitation (CISA KEV) confirmed at time of analysis, though CWE-787 (out-of-bounds write) primitives are well-understood by attackers.

Denial Of Service Memory Corruption Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them against actual buffer boundaries. All primitive decoders are affected: ber_decode_INTEGER, ber_decode_SEQUENCE, ber_decode_OCTET_STRING, ber_decode_BIT_STRING, and ber_decode_CHOICE. Additionally, ber_decode_INTEGER can produce integer underflows when the encoded length is zero. An attacker supplying a malformed BER-encoded cryptographic object through PKCS#11 operations such as C_CreateObject or C_UnwrapKey, token loading from disk, or remote backend communication can trigger out-of-bounds reads. This affects all token backends (Soft, ICA, CCA, TPM, EP11, ICSF) since the vulnerable code is in the shared common library. A patch is available thorugh commit ed378f463ef73364c89feb0fc923f4dc867332a3.

Information Disclosure Buffer Overflow Opencryptoki
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.

Stack Overflow Buffer Overflow Ngtcp2
NVD GitHub VulDB
EPSS 0% CVSS 1.7
LOW PATCH Monitor

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Buffer Overflow Zlib
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

ONLYOFFICE DocumentServer before 9.3.0 contains an untrusted pointer dereference vulnerability in XLS file processing that enables authenticated remote attackers to leak sensitive memory and bypass ASLR protections. The vulnerability affects XLS conversion workflows through multiple vectors including pictFmla.cbBufInCtlStm manipulation, allowing information disclosure without requiring user interaction. CVSS 5.0 reflects moderate risk given network accessibility and the authentication barrier, though the scope change to CVSS:C indicates potential cross-boundary impact.

Information Disclosure Buffer Overflow Onlyoffice Documentserver
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.

Stack Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Integer overflow in FFmpeg's CENC subsample data parsing (libavformat/mov.c) before version 8.1 enables out-of-bounds memory writes on local systems processing specially crafted MP4 files. The vulnerability requires attacker-controlled media file input and non-default system configuration, limiting exploitation to local contexts; no active exploitation or public exploit code has been identified. With a CVSS score of 4.9 and low attack complexity requirement, this represents a moderate local integrity and confidentiality risk primarily affecting users who process untrusted video files from untrusted sources.

Integer Overflow Buffer Overflow Ffmpeg
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications evaluate untrusted scripts containing many string literals at global scope. The vulnerability stems from insufficient bounds checking in gravity_fiber_reassign(), allowing heap metadata corruption. VulnCheck disclosed this issue with a vendor-released patch (commit 18b9195) available. CVSS 9.3 reflects the critical network-accessible, unauthenticated attack vector. No active exploitation (CISA KEV) or public POC identified at time of analysis, but technical details in GitHub issue #437 could facilitate exploit development.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.

Denial Of Service Buffer Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)

Information Disclosure Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Microsoft Google Heap Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in Google Chrome's media component (versions prior to 147.0.7727.101) enables remote code execution when attackers convince users to perform specific UI interactions on a malicious HTML page. Google rated this high severity and released Chrome 147.0.7727.101 as a fix. No active exploitation confirmed via CISA KEV at time of analysis, though CVSS 7.5 reflects significant impact if user interaction prerequisite is met. The UI gesture requirement and high attack complexity (AC:H) reduce automated exploitation risk compared to interaction-free vulnerabilities.

Information Disclosure Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Google Chrome's PDFium library (versions prior to 147.0.7727.101) enables remote code execution within the Chrome sandbox when a victim opens a malicious PDF file. Despite CVSS 8.8 severity, exploitation requires user interaction (opening a crafted PDF) and is confined to the sandbox, limiting system-level impact. Vendor patch available in Chrome 147.0.7727.101. No active exploitation confirmed (not in CISA KEV), no public POC identified at time of analysis. EPSS data not provided.

Heap Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Heap Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Heap Overflow Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Heap Overflow Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.

Denial Of Service Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 6 +3
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process such files.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 6 +3
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array.

Denial Of Service Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS).

Denial Of Service Buffer Overflow Red Hat +1
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows-based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

HP RCE Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.

Stack Overflow Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Out-of-bounds write in FortiWeb administrative interface enables authenticated remote code execution on web application firewall appliances. Affects FortiWeb 7.4.0-7.4.11, 7.6.0-7.6.6, and 8.0.0-8.0.3. CVSS 7.2 indicates high-privilege authenticated network attack with low complexity. No public exploit identified at time of analysis, though the incomplete advisory description ('<insert attack vector here>') suggests disclosure may be pending or sanitized. Memory corruption class (CWE-787) typically enables arbitrary code execution, confirmed by CVSS impact ratings (High C/I/A). EPSS data not available for risk probability assessment.

Buffer Overflow Memory Corruption Fortinet
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in Adobe FrameMaker 2022.8 and earlier allows local attackers to disclose sensitive information from process memory without user privileges, requiring only that a victim open a malicious document. CVSS 5.5 reflects confidentiality impact with low attack complexity, though no active exploitation or public proof-of-concept has been confirmed at analysis time.

Heap Overflow Buffer Overflow Adobe
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds write in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution when users open specially crafted malicious files. The vulnerability achieves full confidentiality, integrity, and availability impact (CVSS 7.8 HIGH) but requires local access and user interaction, limiting immediate risk. No public exploit identified at time of analysis, and exploitation requires social engineering to deliver the malicious file to victims.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds read in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution when users open malicious crafted files. Exploitation requires local access and user interaction (CVSS 7.8, AV:L/UI:R), allowing attackers to execute code with current user privileges and achieve high confidentiality, integrity, and availability impact. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis. Adobe has released security bulletin APSB26-36 addressing this vulnerability.

Buffer Overflow Information Disclosure Adobe
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe FrameMaker 2022.8 and earlier enables arbitrary code execution with high integrity and confidentiality impact when users open specially crafted malicious files. Attack requires local access and user interaction (CVSS 7.8, AV:L/UI:R), limiting remote exploitation scenarios. No public exploit identified at time of analysis. EPSS data not available, and vulnerability not listed in CISA KEV, suggesting exploitation remains theoretical despite the high CVSS score.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

### Summary Processing a malformed input containing a `<` character that is not followed by a `>` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. ### Details The `smartLeftAngle()` function in `html/smartypants.go:367-376` performs an out-of-bounds slice operation when processing a `<` character that is not followed by a `>` character anywhere in the remaining text. https://github.com/gomarkdown/markdown/blob/37c66b85d6ab025ba67a73ba03b7f3ef55859cca/html/smartypants.go#L367-L376 If the length of the slice is lower than its capacity, this leads to an extra byte of data read. If the length equals the capacity, this leads to a panic. ### PoC ```golang package main import ( "bytes" "fmt" "github.com/gomarkdown/markdown/html" ) func main() { src := []byte("<a") fmt.Printf("Input: %q (len=%d, cap=%d)\n", src, len(src), cap(src)) var buf bytes.Buffer sp := html.NewSmartypantsRenderer(html.Smartypants) sp.Process(&buf, src) // panics: slice bounds out of range fmt.Printf("Output: %q\n", buf.String()) } ``` ### Impact This vulnerability will lead to a Denial of Service / panic on the processing service. -- The Datadog Security Team

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub HeroDevs
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy 20.5.2, 21.2 and earlier allows unauthenticated local attackers to execute malicious code with the victim's privileges through a specially crafted file. The vulnerability stems from an out-of-bounds write (CWE-787) triggering memory corruption. Exploitation requires the victim to open a malicious document, making this a viable social engineering vector. No public exploit identified at time of analysis, though the vulnerability's local attack vector and user interaction requirement moderately constrain immediate risk.

Buffer Overflow RCE Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap buffer overflow in libsixel 1.8.7 and earlier allows local attackers to achieve arbitrary code execution by providing a maliciously crafted large palettised PNG image that triggers integer overflow in RGB888 conversion routines. The vulnerability requires user interaction to process the malicious image but no authentication. EPSS data not available; no public exploit identified at time of analysis, though the technical details in the advisory provide sufficient information for weaponization. Vendor-released patch: version 1.8.7-r1.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds heap read in libsixel img2sixel via integer overflow allows local attackers to crash the application and potentially leak sensitive memory contents when processing malicious --crop arguments with otherwise valid images. Affects libsixel 1.8.7 and earlier; patched in 1.8.7-r1. EPSS data not available, but exploitation requires local access with user interaction (CVSS AV:L/UI:R). No CISA KEV listing; no public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in libsixel's gdk-pixbuf2 loader enables local attackers to achieve code execution via crafted images. Affects libsixel versions through 1.8.7 when compiled with --with-gdk-pixbuf2 option. The vulnerability stems from inconsistent memory management in load_with_gdkpixbuf(), which manually frees reference-counted frame objects, leaving dangling pointers that callbacks can access post-cleanup. CVSS 7.8 (High) with local attack vector requiring user interaction. Fixed in version 1.8.7-r1. No confirmed active exploitation (CISA KEV), though proof-of-concept feasibility is high given the deterministic nature of the memory corruption.

Information Disclosure RCE Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds read in Adobe InCopy 20.5.2, 21.2 and earlier allows arbitrary code execution when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction to open a weaponized document, which then triggers memory disclosure leading to code execution in user context. No public exploit identified at time of analysis. EPSS data not available, but the local-only attack vector and mandatory user interaction substantially reduce real-world risk compared to remotely exploitable flaws.

Buffer Overflow Information Disclosure Incopy
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier versions enables arbitrary code execution with victim's privileges when processing maliciously crafted files. Attack requires local access and user interaction (opening a weaponized file). CVSS 7.8 (High) reflects significant impact but local-only attack vector. No public exploit identified at time of analysis, and exploitation probability remains moderate given the user interaction requirement and local access constraint.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Illustrator 30.2, 29.8.5 and earlier versions allows unauthenticated local attackers to execute malicious code with current user privileges via crafted file exploitation. The vulnerability requires user interaction (opening a malicious file) but has low attack complexity once delivered. No public exploit identified at time of analysis, with EPSS data unavailable for risk quantification. The out-of-bounds write flaw affects memory management during file parsing operations.

Buffer Overflow RCE Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Bridge 16.0.2, 15.1.4 and earlier allows local attackers to execute malicious code with current user privileges through specially crafted files. CVSS 7.8 (High) with EPSS data not available. No public exploit identified at time of analysis. Exploitation requires victim to open a malicious Bridge file, making this a realistic threat for targeted attacks using phishing or social engineering delivery methods.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier allows arbitrary code execution with user privileges when processing malicious files. CVSS 7.8 (High) reflects the local attack vector requiring victim interaction to open a crafted file. No public exploit identified at time of analysis, with SSVC framework rating this as non-automatable but capable of total technical impact. Exploitation requires social engineering to deliver the malicious file to the target user.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe Bridge 16.0.2, 15.1.4, and earlier versions enables arbitrary code execution with user privileges when processing maliciously crafted files. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, requiring local access and user interaction. CISA SSVC framework categorizes this as non-automatable with total technical impact. No public exploit identified at time of analysis, and vendor has released security advisory APSB26-39 addressing the vulnerability.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution via heap-based buffer overflow in Adobe Bridge (versions 16.0.2, 15.1.4 and earlier) allows local attackers to execute code in the user's security context by tricking victims into opening specially crafted malicious files. No public exploit identified at time of analysis, with SSVC assessment indicating no current exploitation, non-automatable attack requiring user interaction, and total technical impact upon successful compromise.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds read in Adobe Photoshop Desktop 27.4 and earlier enables arbitrary code execution when users open malicious files. Attackers can read beyond allocated memory boundaries during file parsing to execute code with current user privileges. CVSS 7.8 (High) reflects local attack vector requiring user interaction. No public exploit identified at time of analysis, though exploitation requires only low complexity once a victim opens the crafted file.

Buffer Overflow Information Disclosure Photoshop
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high impact to confidentiality, integrity, and availability when users open malicious files. The vulnerability requires local access and user interaction (opening a crafted document), with no authentication barriers (CVSS PR:N). No public exploit identified at time of analysis, and CISA SSVC framework rates this as non-exploited with total technical impact but not automatable, indicating targeted attack potential rather than mass exploitation risk.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high integrity and confidentiality impact when users open specially crafted malicious files. No public exploit identified at time of analysis. CVSS 7.8 reflects local attack vector requiring user interaction but no authentication, with complete system compromise potential in user context. EPSS risk data not available; exploitation requires social engineering to deliver malicious InDesign document.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact when users open malicious files. No public exploit identified at time of analysis. Attack requires local access and user interaction (opening a crafted file), with low attack complexity and no authentication requirements (CVSS:3.1 AV:L/AC:L/PR:N/UI:R). EPSS risk data not available; vulnerability enables complete system compromise in user context.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds write in Adobe DNG SDK 1.7.1 2502 and earlier causes application denial-of-service through memory corruption when processing malicious DNG files. The vulnerability requires user interaction (opening a crafted file) and affects local attackers on systems where DNG SDK is deployed; no public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Memory Corruption Dng Sdk
NVD
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service via stack buffer overflow in .NET (versions 8.0, 9.0, 10.0) and Visual Studio 2022 (versions 17.12, 17.14) allows unauthenticated remote attackers to crash affected applications over the network. The vulnerability has a CVSS score of 7.5 (High) with low attack complexity and no privileges required. Vendor-released patches are available from Microsoft (MSRC). No public exploit identified at time of analysis, and the issue is not confirmed actively exploited.

Stack Overflow Buffer Overflow Net 10 0 +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Storage Spaces Controller (Windows 11 22H2-26H1, Server 2022-2025) enables low-privileged authenticated users to gain SYSTEM-level access via out-of-bounds read exploitation. CVSS 7.8 (High). No public exploit identified at time of analysis, but ENISA EUVD tracking indicates European regulatory attention. Vendor-released patches available for all affected versions.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows GDI allows local unauthenticated attackers to disclose sensitive information with user interaction. The vulnerability affects Windows 10 versions 1607, 1809, 21H2, and 22H2, all Windows 11 versions from 22H3 through 26H1, and Windows Server 2012 through 2025. No public exploit code or active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Windows Projected File System buffer over-read allows authenticated local attackers with low privileges to escalate to high integrity, potentially achieving SYSTEM-level access across Windows 10, Windows 11, and Windows Server platforms. This CWE-126 memory disclosure vulnerability scores 7.8 CVSS with straightforward exploitation (low complexity, no user interaction), affecting extensive Windows infrastructure from legacy 1809 through current 26H1 builds. No public exploit identified at time of

Buffer Overflow Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Client Side Caching driver (csc.sys) allows authenticated users with low privileges to gain SYSTEM-level access via heap-based buffer overflow exploitation. Affects all supported Windows 10, Windows 11, and Windows Server versions (2012 through 2025). Vendor-released patches are available from Microsoft as of early 2026. No public exploit identified at time of analysis, though the straightforward attack complexity (AC:L) and no user interaction requirement (

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Likely This Month

Buffer over-read in Windows Kernel Memory allows authenticated local attackers to disclose sensitive kernel information with high confidence. CVE-2026-26169 affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2016 through 2025. The vulnerability requires local access and low-level user privileges but does not enable privilege escalation or code execution. Microsoft has released vendor patches addressing the issue across all affected versions.

Buffer Overflow Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Windows Hyper-V enables local code execution with high impact across Windows 10, Windows 11, and Windows Server environments. An unauthenticated attacker with local access can trigger the vulnerability through user interaction (CVSS:3.1 AV:L/AC:L/PR:N/UI:R), achieving full system compromise (C:H/I:H/A:H). Microsoft has released patches addressing 17 affected Windows versions ranging from legacy Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. No publ

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Out-of-bounds read in Windows Encrypting File System (EFS) enables low-privileged local attackers to escalate to SYSTEM privileges on Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2019/2022/2025. The vulnerability (CWE-125) requires local access and low-level privileges but no user interaction, yielding complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). Vendor-released patches are available

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office Word enables local information disclosure when a user opens a malicious document, affecting Microsoft 365 Apps for Enterprise and Office LTSC for Mac 2021/2024. The vulnerability requires user interaction (document opening) but does not require elevated privileges, with a CVSS score of 6.1 reflecting moderate severity. Microsoft has released patches addressing this issue across affected product lines.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service in Windows HTTP.sys kernel-mode driver allows unauthenticated remote attackers to crash affected systems via malformed HTTP requests. Affects all currently supported Windows 11 versions (22H2 through 26H1) and Windows Server 2022/2025 editions. The vulnerability stems from an out-of-bounds read (CWE-125) triggered when HTTP.sys processes specially crafted network packets without authentication (CVSS AV:N/PR:N). Vendor-released patches available for all affected versions with specific build numbers identified. No public exploit identified at time of analysis, though low attack complexity (AC:L) suggests straightforward exploitation once technical details emerge.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows USB Print Driver allows local privilege escalation via physical device access. Affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, with patch available from Microsoft. Attack requires physical USB access and no user interaction; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Graphics Component across Windows 11 24H2/25H2/26H1 and Server 2025 enables unauthenticated local attackers to execute arbitrary code with high integrity via heap-based buffer overflow exploitation. CVSS 8.4 (High) reflects low attack complexity and no user interaction requirement, though local access is necessary. EPSS data unavailable; no CISA KEV listing or public exploit identified at time of analysis, but the low complexity (AC:L) and no-auth requirement (PR:N) make this highly attractive for post-compromise escalation.

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Stack-based buffer overflow in the Windows Kernel enables low-privileged local attackers to escalate to SYSTEM privileges on Windows 11 version 26H1 (build 10.0.28000.0 through 10.0.28000.1835). Despite CVSS 7.0 (High), the attack complexity is high (AC:H) and requires local access with low-level privileges (PR:L). Vendor-released patch available via Microsoft Security Response Center (build 10.0.28000.1836). No public exploit identified at time of analysis, though CWE-121 stack overflows are well-understood vulnerability classes with established exploitation techniques.

Stack Overflow Buffer Overflow Microsoft
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Out-of-bounds read vulnerability (CWE-125) in Microsoft Excel allows local attackers to disclose sensitive memory contents and cause denial of service through maliciously crafted spreadsheet files with user interaction. Affects Microsoft Office 2016/2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, and Office Online Server across Windows and macOS platforms. CVSS 7.1 reflects high confidentiality and availability impact with low attack complexity but requires local access and user interaction. No public exploit identified at time of analysis. Vendor-released patches available through Microsoft Security Response Center covering all affected Office product lines.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Windows Function Discovery Service (fdwsd.dll) enables low-privileged authenticated local attackers to escalate privileges to SYSTEM across Windows 10, Windows 11, and Windows Server 2012-2025. Vendor-released patch available per Microsoft Security Response Center advisory. No public exploit identified at time of analysis, though the CVSS vector indicates local access with high attack complexity (AC:H), requiring authenticated low-privilege users (PR:L). A

Heap Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows GDI (Graphics Device Interface) allows local attackers to disclose sensitive information without authentication. The vulnerability affects Windows 10 versions 21H2 and 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2022/2025, requiring user interaction to trigger. Microsoft has released patches for all affected versions, with specific build numbers provided for remediation.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in the Windows Kernel enables local privilege escalation to SYSTEM on Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server (2012 through 2025). Authenticated local attackers with low privileges can exploit this memory corruption vulnerability to gain complete system control. Microsoft has released patches addressing 21 affected product versions. No public exploit identified at time of analysis, though the local attack vec

Heap Overflow Buffer Overflow Microsoft
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Microsoft Local Security Authority Subsystem Service (LSASS) information disclosure vulnerability allows authenticated network attackers to read sensitive memory contents via a bounds check bypass in the LSASS process. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, and 2025. No public exploit code or active exploitation has been reported; vendor-released patches are available across all affected versions.

Buffer Overflow Information Disclosure Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds read in Adobe InDesign Desktop versions 20.5.2, 21.2, and earlier enables arbitrary code execution when users open malicious files. Attack requires local access and user interaction (CVSS AV:L/UI:R) but no authentication (PR:N), allowing attackers with file delivery capability to execute code as the victim user. No public exploit identified at time of analysis, though the vulnerability class (CWE-125 out-of-bounds read) is well-understood and commonly weaponized in document processors.

Buffer Overflow Information Disclosure Indesign Desktop
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier allows local attackers to cause application denial-of-service by crafting malicious files that trigger memory corruption when opened. This vulnerability requires user interaction to exploit and does not enable code execution or data compromise, making it primarily a disruption vector rather than a critical attack surface despite its moderate CVSS score of 5.5.

Buffer Overflow Heap Overflow Indesign Desktop
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in Adobe InDesign Desktop versions 21.2 and earlier allows local attackers to disclose sensitive information from memory without authentication, requiring only user interaction to open a malicious file. The vulnerability has a CVSS score of 5.5 with high confidentiality impact but no integrity or availability impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow Heap Overflow Indesign Desktop
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe InDesign Desktop 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact. Attack requires local access and user interaction (victim opens malicious InDesign file), with low attack complexity and no authentication barriers. CVSS 7.8 reflects significant impact once social engineering succeeds. No CISA KEV listing indicates no confirmed active exploitation at time of analysis. Adobe has published security advisory APSB26-32 addressing this vulnerability.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions through 21.2 allows unauthenticated attackers to execute malicious code with full user privileges by exploiting an out-of-bounds write vulnerability via a specially crafted InDesign file. Attack requires local access and user interaction to open the malicious document. No public exploit identified at time of analysis, though CVSS 7.8 reflects high impact if successfully exploited. Adobe has released security bulletin APSB26-32 addressing this memory corruption flaw.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Remote code execution in Fortinet FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 through 7.6.4 allows unauthenticated remote attackers to execute arbitrary code via crafted network requests exploiting a heap-based buffer overflow (CWE-122). Attack complexity is rated high due to ASLR and network segmentation defenses requiring significant exploitation preparation. CVSS score of 8.1 reflects the critical impact despite defensive barriers. No public exploit identified at time of analysis, though the vulnerability's disclosure by Fortinet suggests patch availability through their security advisory FG-IR-26-121.

Buffer Overflow Fortinet RCE +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory corruption in Python's asyncio introspection and profiling.sampling modules (3.14-3.15) allows a local attacker with high privileges to read and write arbitrary memory in a connected privileged Python process via remote debugging. Exploitation requires persistent, repeated connections and high tolerance for crashes due to ASLR; no public exploit code has been identified. SSVC framework rates technical impact as total, but exploitation remains none-indicating low real-world priority despite severe capability impact.

Buffer Overflow Stack Overflow Python
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Algorithmic complexity attack in jq JSON processor allows remote denial of service via hash collision exploitation. An attacker can craft a ~100KB JSON object with precomputed colliding keys that degrade hash table performance from O(1) to O(n²), causing severe CPU exhaustion in unauthenticated network contexts including CI/CD pipelines and web services. The vulnerability stems from a hardcoded MurmurHash3 seed (0x432A9843) that enables offline collision calculation. Fixed in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784. CVSS 7.5 (High severity, network-exploitable, no authentication required). No public exploit identified at time of analysis, but attack technique is well-documented and feasible.

Buffer Overflow
NVD GitHub VulDB
Prev Page 28 of 402 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy