Skip to main content

Buffer Overflow

36085 CVEs technique

Monthly

CVE-2026-50388 HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50428 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.

Buffer Overflow Microsoft Information Disclosure Windows 11 Version 26H1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-50355 HIGH PATCH Exploit Unlikely This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash or render the federation service unavailable by triggering a stack-based buffer overflow over the network. The flaw affects the AD FS role across Windows Server 2012 through 2025 (including Server Core installations) and carries a CVSS 7.5 rating driven entirely by availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 +10
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2026-50375 MEDIUM PATCH Exploit Likely This Month

Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
6.3
EPSS
1.5%
CVE-2026-50377 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-50330 HIGH PATCH This Week

Denial-of-service (and possible privilege-elevation) heap-based buffer overflow in the Microsoft Windows Remote Desktop Client is reachable over the network, with Microsoft's CVSS vector recording only an availability impact (A:H) despite the description's 'elevate privileges' wording. A patch is available from Microsoft (MSRC update guide), the flaw was reported by Microsoft itself, and there is no public exploit identified at time of analysis. Affected platforms span the full supported Windows client and server line, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2026-50347 HIGH PATCH This Week

Local code execution in Microsoft Windows arises from a heap-based buffer overflow in a Windows Data DLL, letting an attacker who can get a victim to open crafted content run arbitrary code with the victim's privileges. Affected builds span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft (the reporter) has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50370 HIGH PATCH NEWS Exploit Likely This Week

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated, adjacent-network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in DHCP message parsing. Affected systems span Windows Server 2012 through Windows Server 2025 (including Server Core installations) plus the DHCP service on Windows 10 versions 1607 and 1809, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-50407 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Resilient File System (ReFS) driver allows an authenticated attacker to run code with SYSTEM-level privileges by triggering a heap-based buffer overflow. The flaw (CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds and carries high confidentiality, integrity, and availability impact. It is a Microsoft-reported issue with a vendor patch available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50341 MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-50327 HIGH PATCH NEWS Exploit Likely This Week

Local code execution in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to run arbitrary code by triggering a heap-based buffer overflow. Successful exploitation yields high confidentiality, integrity, and availability impact within the current security context, and Microsoft has released a patch. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50380 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in Microsoft Windows GDI+ (gdiplus) lets an unauthenticated network attacker run arbitrary code when a victim opens or renders a specially crafted image, via a heap-based buffer overflow (CWE-122). The flaw affects a broad range of supported Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). It carries a critical CVSS 9.6 with a scope-changed impact, but requires user interaction and currently has no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2026-50313 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver (heap-based buffer overflow, CWE-122) allows an attacker to run arbitrary code with the privileges of the exploited context. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. CVSS 7.8 with high confidentiality, integrity, and availability impact; exploitation requires local access and user interaction, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50368 HIGH PATCH This Week

Remote denial of service in Microsoft Active Directory Federation Services (ADFS) allows an unauthenticated network attacker to crash the service via a stack-based buffer overflow (CWE-121). The flaw affects the ADFS role across Windows Server 2012 through 2025 (and the underlying Windows 10 1607/1809 servicing components), carries a CVSS 7.5 availability-only score, and was reported by Microsoft with a patch available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 +10
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-50309 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS arises from a heap-based buffer overflow (CWE-122) that an authorized, low-privileged local user can trigger to run arbitrary code and elevate to SYSTEM. The flaw spans a broad Windows footprint from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.8 (High).

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50400 HIGH PATCH This Week

Local privilege escalation in Windows App Installer (the MSIX/AppX package deployment component, msixbundle/App Installer) lets an already-authenticated low-privileged user overflow a stack buffer to gain higher privileges on affected Windows 10, Windows 11, and Windows Server builds. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (AV:L/PR:L) rating reflects a locally-launched attack with high confidentiality, integrity, and availability impact.

Buffer Overflow Stack Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50386 HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows NTFS file system driver lets an unauthorized attacker run arbitrary code by tricking a user into interacting with specially crafted content, per Microsoft's MSRC advisory. The flaw is a heap-based buffer overflow (CWE-122) affecting a broad range of Windows releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and full-CIA impact make it a meaningful local code-execution risk.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50412 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver allows an authenticated attacker to run code with elevated (SYSTEM-level) privileges by triggering a stack-based buffer overflow (CWE-121). The flaw was reported by Microsoft and affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.8 (High).

Buffer Overflow Stack Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50304 HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. Because AD FS commonly fronts single sign-on for Microsoft 365, SaaS, and internal web applications, a successful crash can knock out federated authentication for an entire organization. No public exploit identified at time of analysis, and the flaw is availability-only — confidentiality and integrity are not impacted per the CVSS vector.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2012 +10
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2026-50363 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Push Notifications component (WNS/WpnService) lets an already-authenticated low-privileged user overwrite adjacent heap memory to gain SYSTEM-level control across Windows 10 (1607-22H2), Windows 11 (24H2-26H1), and Windows Server 2012 R2 through 2025. Microsoft reported the flaw and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered, but exploitation requires prior local access.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50372 HIGH PATCH This Week

Local privilege escalation in the Windows Redirected Drive Buffering Subsystem (RDBSS) lets an authenticated low-privileged attacker read memory beyond an allocated buffer to elevate to higher privileges. The flaw affects a broad range of currently-supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, Windows Server 2012 through Server 2025) and carries a CVSS 7.0 (High) rating. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50332 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel lets a low-privileged, authenticated attacker gain SYSTEM-level control by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad platform range from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025, and was reported internally by Microsoft. No public exploit is identified at time of analysis and it is not in CISA KEV, but the ubiquity of the affected component plus full high impact on confidentiality, integrity, and availability make it a meaningful patch priority.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50298 MEDIUM PATCH This Month

Integer overflow or wraparound in Windows Spaceport.sys allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-50318 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) allows an authenticated low-privileged user to gain elevated (SYSTEM-level) privileges by triggering a stack-based buffer overflow (CWE-121) in the ReFS driver. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-49804 MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +15
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2026-49800 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Web Proxy Auto-Discovery Protocol (WPAD) component lets an already-authenticated local user run code with SYSTEM-level rights by triggering an integer overflow (CWE-190). The flaw affects a broad range of Windows client and server builds, from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and high triad impact make it a meaningful patch-tier issue.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50299 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-49797 HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows NTFS driver (CVE-2026-49797) allows an attacker with local access to run arbitrary code by tricking a user into interacting with a maliciously crafted NTFS artifact, exploiting a heap-based buffer overflow (CWE-122). The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has released a patch; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-49796 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Windows GDI+ (the Graphics Device Interface Plus rendering component) affects a broad range of Microsoft Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. An attacker who convinces a user to open or preview a specially crafted image or document triggers a heap-based buffer overflow (CWE-122) during graphics parsing, yielding arbitrary code execution in the context of the current user. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but GDI+ image-parsing flaws are historically attractive to attackers.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-49794 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2026-49793 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via arbitrary code execution in Microsoft Windows Resilient File System (ReFS) affects a broad range of Windows 10, Windows 11, and Windows Server (2016-2025) builds. An authorized (low-privileged) attacker who can trigger the vulnerable heap allocation path can corrupt heap memory (CWE-122) to run code in the security context of the ReFS driver, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-49789 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows NTFS driver allows an already-authenticated, low-privileged user to gain elevated (likely SYSTEM) privileges by triggering a stack-based buffer overflow, contingent on user interaction. The flaw spans a broad range of supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has issued a patch and reported the issue itself; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-49184 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (New Technology File System) stems from a heap-based buffer overflow (CWE-122) that lets a local attacker run arbitrary code with high confidentiality, integrity, and availability impact. The flaw affects a broad range of Windows client and server builds - from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025 - and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but NTFS's role as the default Windows filesystem makes the exposed surface extremely wide.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2026-49178 HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an authenticated network attacker to run arbitrary code on domain controllers by triggering a heap-based buffer overflow (CWE-122). Affected platforms span Windows Server 2012 through 2025 (including Server Core) and Windows 10/11 clients acting in AD roles, with Microsoft-issued patches available. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the CVSS 8.8 rating and the sensitivity of the domain-controller attack surface make this a high-priority patch.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-48564 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in the Microsoft Windows DHCP Server role allows an authenticated network attacker (PR:L) to trigger a heap-based buffer overflow and run arbitrary code on the server. The flaw affects DHCP Server across Windows Server 2012 through Server 2025 (including Server Core installations) and carries a CVSS 8.8 with full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-58640 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver allows an authenticated attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) after inducing user interaction. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +17
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-58618 HIGH PATCH Exploit Unlikely This Week

Local arbitrary code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted spreadsheet; successful exploitation runs attacker code in the context of the current user across desktop Office builds (Excel 2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps) on both Windows and Mac, as well as Office Online Server. The flaw carries CVSS 7.8 with high confidentiality, integrity, and availability impact but requires user interaction (opening the file). No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58614 MEDIUM PATCH This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-58610 HIGH PATCH This Week

Local code execution in Microsoft Windows Media Foundation lets an attacker run arbitrary code in the context of the victim after luring them to open a maliciously crafted media file. The flaw (CVE-2026-58610, CWE-122 heap-based buffer overflow) affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. CVSS is 7.8 (AV:L/AC:L/PR:N/UI:R) with full confidentiality, integrity, and availability impact; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58609 HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58601 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Virtual Hard Disk (VHD) Miniport Driver lets an authenticated low-privileged user corrupt kernel heap memory and gain SYSTEM-level control. The flaw (CWE-122 heap-based buffer overflow, CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server builds and was reported by Microsoft. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-57979 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-56193 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. Microsoft is the reporting source and has published a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2026-55899 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (and the broader Office family through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from a stack-based buffer overflow (CWE-121) triggered when a user opens a maliciously crafted spreadsheet. An attacker who convinces a victim to open the file runs arbitrary code in the security context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; Microsoft has released a patch.

Buffer Overflow Stack Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54988 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-50678 LOW PATCH Exploit Unlikely Monitor

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2026-50675 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55012 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Defender (Microsoft Malware Protection Engine) allows an unauthorized attacker to run arbitrary code by having a maliciously crafted file processed by the scanning engine. The flaw stems from an integer overflow (CWE-190) that corrupts memory during scanning, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Buffer Overflow Microsoft Integer Overflow Microsoft Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-55005 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-54122 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2026-54109 HIGH PATCH This Week

Local privilege escalation to code execution in the Windows Resilient File System (ReFS) driver affects a broad range of Windows 10/11 and Windows Server 2016 through 2025 releases, where an integer overflow (CWE-190) in filesystem processing lets an already-authenticated local user run arbitrary code in an elevated context. The CVSS 3.1 vector (AV:L/PR:L) confirms low-privileged local access is required rather than remote exploitation, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54992 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2026-54993 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54986 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-54132 MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +9
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-54990 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Remote Desktop Client (Windows 11 24H2/25H2/26H1 and Windows Server 2025) allows an unauthenticated network attacker to run arbitrary code via a heap-based buffer overflow. Exploitation is client-side: a victim connecting to an attacker-controlled or malicious RDP endpoint can be compromised, with the CVSS 9.8 vector indicating no privileges or user authentication are required. No public exploit has been identified at time of analysis, but a vendor patch is available and the flaw's parameters make it a high-priority fix.

Heap Overflow Buffer Overflow Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-50696 HIGH PATCH This Week

Network denial of service in the Windows Internet Key Exchange (IKE) protocol implementation allows an unauthenticated remote attacker to crash affected systems by triggering a heap-based buffer overflow. All impact is to availability only (CVSS 7.5, A:H, no confidentiality or integrity loss), making this a reliability/uptime threat against IPsec/VPN-facing Windows 10, Windows 11, and Windows Server hosts rather than a code-execution vulnerability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a meaningful patching priority for internet-exposed IPsec endpoints.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54987 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50695 HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by triggering a stack-based buffer overflow over the network (CVSS 7.5, availability-only impact). Because AD FS brokers single sign-on and federated authentication, a successful attack can knock out login for every downstream application that relies on it. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54983 HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. The flaw affects AD FS as shipped across a broad range of Windows client and server builds (Windows 10/11 and Windows Server 2012 through 2025). Microsoft - the reporting party - has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-49177 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-49172 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-49175 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows DNS lets an already-authenticated, low-privileged attacker corrupt heap memory to gain higher (likely SYSTEM) privileges on affected Windows 10, Windows 11, and Windows Server 2022/2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft itself, with a vendor patch available via MSRC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so it currently represents a patch-priority rather than an emergency.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49168 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-49164 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code on affected domain controllers. The flaw (CVE-2026-49164, CVSS 8.1) spans a broad range of Windows client and server builds from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the high attack complexity (AC:H) tempers the practical exploitation likelihood.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-42990 CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-42975 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Bluetooth Port Driver lets an adjacent, unauthenticated attacker corrupt heap memory to run arbitrary code on the target after minimal user interaction. The flaw (CWE-122 heap-based buffer overflow) affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, with full confidentiality, integrity, and availability impact (CVSS 8.0). There is no public exploit identified at time of analysis, but a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2026-15701 HIGH POC This Week

Stack-based buffer overflow in the Totolink NR1800X router (firmware 9.1.0u.6279_B20210910) lets remote attackers corrupt memory by supplying an oversized HTTP Host header to the Form_Logout handler at /formLogout.htm, served by the embedded lighttpd web interface. Because the flaw is reachable over the network without authentication and publicly available exploit code exists, it is a strong candidate for opportunistic exploitation despite not yet appearing in CISA KEV. Successful exploitation can crash the device or, given the CWE-121 stack overwrite, potentially achieve code execution on the router.

Buffer Overflow Stack Overflow Nr1800X
NVD VulDB GitHub
CVSS 4.0
8.9
EPSS
0.8%
CVE-2026-54058 HIGH PATCH This Week

Out-of-bounds memory disclosure in Python Pillow before 12.3.0 lets an attacker who supplies a crafted McIdas AREA image file read adjacent process memory or crash the host application. When such a file is opened from a filename, header words control the raw-codec mmap row stride; setting it below the true row width causes later pixel operations (tobytes, getpixel, convert, save) to read past the mapped region. No public exploit is identified at time of analysis and it is not in CISA KEV, but the upstream fix, PR, and a regression test are public, making the flaw well documented.

Python Buffer Overflow Information Disclosure Pillow
NVD GitHub
CVSS 4.0
8.3
EPSS
0.4%
CVE-2026-59197 HIGH PATCH This Week

Heap out-of-bounds write in Python Pillow prior to 12.3.0 lets an attacker who controls the rank-filter size parameter corrupt native heap memory and crash or potentially manipulate the process. ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before validating the filter size, and the native ImagingExpand() routine computes output dimensions using unchecked signed-int arithmetic, so a very large odd size overflows and drives an out-of-bounds write (CWE-787). No public exploit is identified at time of analysis; the flaw is fixed in Pillow 12.3.0.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2026-59198 HIGH PATCH This Week

Out-of-bounds heap read in Python Pillow's TGA RLE encoder (versions 5.2.0 through 12.2.x) lets adjacent process heap bytes leak into a generated TGA file when an application saves a mode '1' (1-bit) image using compression='tga_rle'. The flaw is an information-disclosure bug (CWE-125), fixed in 12.3.0, with no public exploit identified at time of analysis. The NVD CVSS of 7.5 (network vector) overstates practical reach because triggering the leak depends on the host application invoking this specific and unusual save path.

Python Buffer Overflow Information Disclosure Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-59205 PyPI HIGH PATCH This Week

Denial-of-service and controlled heap corruption in Python's Pillow imaging library (all versions prior to 12.3.0) occurs when ImageCms.ImageCmsTransform.apply() is invoked with an output image whose mode does not match the transform's declared output mode, causing an out-of-bounds write in the native color-management code. The pre-fix code only validated the output mode and never validated the input mode, so a mismatched buffer geometry lets the C-level transform write past allocation bounds. No public exploit has been identified at time of analysis; the fix is confirmed in release 12.3.0 via the vendor security advisory GHSA-9hw9-ch79-4vh6.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-59199 PyPI HIGH PATCH This Week

Denial of service (and potential memory corruption) in Python Pillow before 12.3.0 arises when public image coordinate APIs - Image.paste(), Image.crop(), and Image.alpha_composite() - are handed box coordinates near the signed 32-bit integer boundary (±2**31), causing a native heap out-of-bounds write in the C imaging core. Any application that forwards untrusted coordinate values into these calls can be crashed, and the OOB write raises the theoretical prospect of heap corruption. No public exploit identified at time of analysis; the fix (integer-overflow-safe int64_t arithmetic) shipped in 12.3.0.

Python Buffer Overflow Integer Overflow Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-60082 CRITICAL PATCH Act Now

Out-of-bounds read in the Perl DBI (Database Independent Interface) module before version 1.651 lets a caller trigger a negative-array-index read inside the internal row-buffer helper (_set_fbav in DBI.xs), potentially disclosing adjacent process memory or crashing the interpreter. The flaw arises when a statement handle declares zero fields but is fed a non-empty source row, an inconsistency the module failed to reject before returning results. No public exploit has been identified at time of analysis and the issue is not on CISA KEV; the assigned CVSS of 9.1 reflects high confidentiality and availability impact under a network vector, but realistic exploitation depends on a caller (typically a DBD driver or database backend) supplying mismatched metadata and rows.

Buffer Overflow Information Disclosure Dbi
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-59840 MEDIUM This Month

Buffer over-read in Fortinet FortiOS and FortiProxy exposes sensitive memory contents to authenticated network attackers across multiple product lines including FortiPAM and FortiSwitchManager. The flaw, rooted in CWE-126 (buffer over-read), allows low-privileged remote users to read beyond allocated buffer boundaries, resulting in partial information disclosure with no integrity or availability impact. No active exploitation confirmed in CISA KEV, but the CVSS temporal vector includes E:P indicating proof-of-concept exploit code exists, and an official fix is available per RL:O.

Fortinet Buffer Overflow Information Disclosure Fortios Fortipam +2
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-43892 MEDIUM This Month

FortiOS across the 7.2, 7.4, and 7.6 release trains leaks portions of device runtime memory to authenticated remote attackers via a buffer over-read in redirect response handling. Exploitation requires valid credentials but no elevated privileges, and proof-of-concept code exists (CVSS temporal E:P). An official vendor fix is confirmed available (RL:O), though unpatched instances of FortiOS 7.2.x, 7.4.0-7.4.8, and 7.6.0-7.6.2 remain at risk of sensitive memory disclosure - a consequential exposure given that FortiOS processes session tokens, credentials, and cryptographic material at runtime.

Fortinet Buffer Overflow Fortios
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-53379 HIGH This Week

Information disclosure in Fortinet FortiAuthenticator (6.5 all versions and 6.6.0–6.6.2) lets a remote unauthenticated attacker read out-of-bounds memory via a specially crafted request, exposing sensitive in-memory data. The CVSS temporal metrics (E:F, RC:C) indicate a functional, confirmed exploit is understood by the vendor, and an official fix is available (RL:O). No CISA KEV listing is present, so this is not confirmed as actively exploited despite the mature exploit signal.

Fortinet Buffer Overflow Information Disclosure Fortiauthenticator
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-59837 MEDIUM This Month

Stack-based buffer overflow in Fortinet FortiOS, FortiPAM, FortiProxy, and FortiSASE enables arbitrary code execution for a privileged authenticated attacker capable of bypassing ASLR and stack canary protections via crafted HTTP requests. The CVSS temporal metric E:P confirms proof-of-concept exploit code exists, and RL:O confirms an official patch has been released by Fortinet (advisory FG-IR-26-148). This vulnerability is not listed in CISA KEV at time of analysis, and the dual prerequisites of privileged access plus memory-protection bypass substantially constrain real-world exploitability despite the critical CIA impact triad.

Fortinet Buffer Overflow Stack Overflow RCE Fortipam +3
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2025-11698 CRITICAL Act Now

Denial-of-service in Rockwell Automation CompactLogix/GuardLogix 5380, CompactLogix 5480, and ControlLogix/GuardLogix 5580 controllers running boot firmware below version 1.072 lets a remote unauthenticated attacker write malformed file data that forces the device into a major non-recoverable fault (MNRF), halting the controlled process until manual recovery. The flaw carries a CVSS 4.0 base of 9.2 driven purely by availability impact (no data confidentiality or integrity loss) and requires no authentication or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Compactlogix 5380 Recovery Image Compact Guardlogix 5380 Recovery Image Compactlogix 5480 Recovery Image Controllogix 5580 Recovery Image Guardlogix 5580 Recovery Image
NVD VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2025-12012 CRITICAL Act Now

Denial-of-service in Rockwell Automation Logix programmable controllers allows a remote unauthenticated attacker to write invalid file data that forces the device into a Major Non-Recoverable Fault (MNRF), halting the industrial process it controls. Rated CVSS 4.0 9.2 (Critical) with availability as the sole impact, the flaw is a CWE-120 buffer overflow reachable over the network with no privileges or user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low attack complexity makes it a high-priority patch for OT environments.

Buffer Overflow Compactlogix 5370 Compact Guardlogix 5370 Controllogix 5570 Guardlogix 5570
NVD
CVSS 4.0
9.2
EPSS
0.3%
CVE-2025-12011 CRITICAL Act Now

Remote denial-of-service in Rockwell Automation CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5570 controllers allows a remote user to push a malformed project file that forces the controller into a Major Non-Recoverable Fault (MNRF), halting the controlled process until manual recovery. The CVSS 4.0 score of 9.2 reflects high availability impact on both the controller and the downstream physical process (VA:H/SA:H) with no authentication or user interaction required per the vendor vector. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the loss of a safety-rated (GuardLogix) controller makes availability the dominant concern.

Buffer Overflow Compactlogix 5370 Compact Guardlogix 5370 Controllogix 5570 Guardlogix 5570
NVD
CVSS 4.0
9.2
EPSS
0.3%
CVE-2026-10672 HIGH PATCH This Week

Out-of-bounds memory read in the Zephyr RTOS LwM2M firmware-update pull client (subsys/net/lib/lwm2m/lwm2m_pull_context.c) lets a LwM2M management server — or an on-path attacker on a session lacking strong DTLS — leak adjacent device memory and crash the device by writing an over-length Package URI (resource /5/0/1). Affected releases span v3.0.0 through v4.4.0 with the default-on CONFIG_LWM2M_FIRMWARE_UPDATE_PULL_SUPPORT path enabled. No public exploit identified at time of analysis; a vendor patch is available and EPSS/KEV signals are absent.

Buffer Overflow Denial Of Service Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-10669 HIGH PATCH This Week

Local privilege escalation and kernel memory corruption in Zephyr RTOS on Xtensa SoCs (v3.7.0 through v4.4.0) built with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, where arch_buffer_validate() fails open on an integer-overflow edge case, letting an unprivileged user thread trick the kernel into reading or writing arbitrary kernel/partition memory on its behalf. The flaw stems from a default-permit return value combined with a ROUND_UP address-space wrap that skips the MPU probe loop entirely, and it is not caught by the existing syscall-layer overflow guards. Vendor patch is available; no public exploit identified at time of analysis, and this is not in CISA KEV.

Denial Of Service Privilege Escalation Information Disclosure Buffer Overflow Memory Corruption +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-15696 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) allows remote attackers to corrupt memory via the fromVirtualSer handler for the /goform/VirtualSer endpoint by supplying an oversized 'page' argument. The flaw carries CVSS 4.0 7.4 and, per its vector, requires low-level privileges (PR:L); publicly available exploit code exists, though there is no public exploit identified as actively used in the wild (not in CISA KEV). Successful exploitation can crash the device or potentially lead to arbitrary code execution on the embedded MIPS/ARM firmware.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15695 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. Per the supplied CVSS 4.0 vector (PR:L) the attack requires low-level authentication to the device, and successful exploitation can crash the router or potentially achieve arbitrary code execution.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-15694 HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) lets attackers corrupt memory by manipulating the 'page' argument passed to the fromSetIpBind function of the /goform/SetIpBind endpoint. The flaw is remotely reachable over the network and, per the CVSS 4.0 vector, requires low-level privileges (PR:L) while yielding high confidentiality, integrity, and availability impact - typically resulting in device crash or arbitrary code execution on the router. Publicly available exploit code exists (E:P), disclosed via VulDB, though it is not listed in CISA KEV.

Tenda Buffer Overflow Stack Overflow Be12 Pro
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-8314 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the siman.exe (Siman) simulation-language component, which mishandles user-supplied data when parsing a model file. An attacker who convinces a user to open a crafted Arena file can run code in the context of that user's process. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so risk is currently theoretical rather than actively exploited.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8313 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the linker.exe (Siman) component, which fails to properly validate user-supplied data parsed from simulation model files. A local attacker who convinces a user to open a specially crafted Arena file can corrupt memory and run code in the context of the current user. No public exploit has been identified at time of analysis, the issue is not in CISA KEV, and no EPSS score was provided, so real-world exploitation appears theoretical rather than observed.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8312 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the expmt.exe (Siman) component, which fails to validate user-supplied data when parsing model/experiment files. A local attacker who convinces an engineer to open a malicious Arena file can run code in the context of the current user. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; it was self-reported by Rockwell's PSIRT (advisory SD1784).

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8085 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the model.exe (Siman) component when a victim opens a maliciously crafted simulation model file. The flaw lets an attacker run code in the context of the current user by tricking an operator or engineer into opening a booby-trapped file, making it a client-side, file-delivery RCE rather than a remotely reachable network service bug. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided, so real-world exploitation appears limited to social-engineering-driven targeting.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.

Buffer Overflow Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash or render the federation service unavailable by triggering a stack-based buffer overflow over the network. The flaw affects the AD FS role across Windows Server 2012 through 2025 (including Server Core installations) and carries a CVSS 7.5 rating driven entirely by availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +12
NVD
EPSS 2% CVSS 6.3
MEDIUM PATCH Exploit Likely This Month

Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial-of-service (and possible privilege-elevation) heap-based buffer overflow in the Microsoft Windows Remote Desktop Client is reachable over the network, with Microsoft's CVSS vector recording only an availability impact (A:H) despite the description's 'elevate privileges' wording. A patch is available from Microsoft (MSRC update guide), the flaw was reported by Microsoft itself, and there is no public exploit identified at time of analysis. Affected platforms span the full supported Windows client and server line, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Windows arises from a heap-based buffer overflow in a Windows Data DLL, letting an attacker who can get a victim to open crafted content run arbitrary code with the victim's privileges. Affected builds span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft (the reporter) has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Likely This Week

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated, adjacent-network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in DHCP message parsing. Affected systems span Windows Server 2012 through Windows Server 2025 (including Server Core installations) plus the DHCP service on Windows 10 versions 1607 and 1809, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Resilient File System (ReFS) driver allows an authenticated attacker to run code with SYSTEM-level privileges by triggering a heap-based buffer overflow. The flaw (CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds and carries high confidentiality, integrity, and availability impact. It is a Microsoft-reported issue with a vendor patch available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local code execution in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to run arbitrary code by triggering a heap-based buffer overflow. Successful exploitation yields high confidentiality, integrity, and availability impact within the current security context, and Microsoft has released a patch. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows GDI+ (gdiplus) lets an unauthenticated network attacker run arbitrary code when a victim opens or renders a specially crafted image, via a heap-based buffer overflow (CWE-122). The flaw affects a broad range of supported Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). It carries a critical CVSS 9.6 with a scope-changed impact, but requires user interaction and currently has no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver (heap-based buffer overflow, CWE-122) allows an attacker to run arbitrary code with the privileges of the exploited context. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. CVSS 7.8 with high confidentiality, integrity, and availability impact; exploitation requires local access and user interaction, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Microsoft Active Directory Federation Services (ADFS) allows an unauthenticated network attacker to crash the service via a stack-based buffer overflow (CWE-121). The flaw affects the ADFS role across Windows Server 2012 through 2025 (and the underlying Windows 10 1607/1809 servicing components), carries a CVSS 7.5 availability-only score, and was reported by Microsoft with a patch available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS arises from a heap-based buffer overflow (CWE-122) that an authorized, low-privileged local user can trigger to run arbitrary code and elevate to SYSTEM. The flaw spans a broad Windows footprint from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.8 (High).

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows App Installer (the MSIX/AppX package deployment component, msixbundle/App Installer) lets an already-authenticated low-privileged user overflow a stack buffer to gain higher privileges on affected Windows 10, Windows 11, and Windows Server builds. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (AV:L/PR:L) rating reflects a locally-launched attack with high confidentiality, integrity, and availability impact.

Buffer Overflow Stack Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows NTFS file system driver lets an unauthorized attacker run arbitrary code by tricking a user into interacting with specially crafted content, per Microsoft's MSRC advisory. The flaw is a heap-based buffer overflow (CWE-122) affecting a broad range of Windows releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and full-CIA impact make it a meaningful local code-execution risk.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver allows an authenticated attacker to run code with elevated (SYSTEM-level) privileges by triggering a stack-based buffer overflow (CWE-121). The flaw was reported by Microsoft and affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.8 (High).

Buffer Overflow Stack Overflow Microsoft +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. Because AD FS commonly fronts single sign-on for Microsoft 365, SaaS, and internal web applications, a successful crash can knock out federated authentication for an entire organization. No public exploit identified at time of analysis, and the flaw is availability-only — confidentiality and integrity are not impacted per the CVSS vector.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Push Notifications component (WNS/WpnService) lets an already-authenticated low-privileged user overwrite adjacent heap memory to gain SYSTEM-level control across Windows 10 (1607-22H2), Windows 11 (24H2-26H1), and Windows Server 2012 R2 through 2025. Microsoft reported the flaw and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered, but exploitation requires prior local access.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Redirected Drive Buffering Subsystem (RDBSS) lets an authenticated low-privileged attacker read memory beyond an allocated buffer to elevate to higher privileges. The flaw affects a broad range of currently-supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, Windows Server 2012 through Server 2025) and carries a CVSS 7.0 (High) rating. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel lets a low-privileged, authenticated attacker gain SYSTEM-level control by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad platform range from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025, and was reported internally by Microsoft. No public exploit is identified at time of analysis and it is not in CISA KEV, but the ubiquity of the affected component plus full high impact on confidentiality, integrity, and availability make it a meaningful patch priority.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Integer overflow or wraparound in Windows Spaceport.sys allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) allows an authenticated low-privileged user to gain elevated (SYSTEM-level) privileges by triggering a stack-based buffer overflow (CWE-121) in the ReFS driver. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Web Proxy Auto-Discovery Protocol (WPAD) component lets an already-authenticated local user run code with SYSTEM-level rights by triggering an integer overflow (CWE-190). The flaw affects a broad range of Windows client and server builds, from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and high triad impact make it a meaningful patch-tier issue.

Buffer Overflow Microsoft Integer Overflow +11
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows NTFS driver (CVE-2026-49797) allows an attacker with local access to run arbitrary code by tricking a user into interacting with a maliciously crafted NTFS artifact, exploiting a heap-based buffer overflow (CWE-122). The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has released a patch; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Windows GDI+ (the Graphics Device Interface Plus rendering component) affects a broad range of Microsoft Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. An attacker who convinces a user to open or preview a specially crafted image or document triggers a heap-based buffer overflow (CWE-122) during graphics parsing, yielding arbitrary code execution in the context of the current user. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but GDI+ image-parsing flaws are historically attractive to attackers.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via arbitrary code execution in Microsoft Windows Resilient File System (ReFS) affects a broad range of Windows 10, Windows 11, and Windows Server (2016-2025) builds. An authorized (low-privileged) attacker who can trigger the vulnerable heap allocation path can corrupt heap memory (CWE-122) to run code in the security context of the ReFS driver, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows NTFS driver allows an already-authenticated, low-privileged user to gain elevated (likely SYSTEM) privileges by triggering a stack-based buffer overflow, contingent on user interaction. The flaw spans a broad range of supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has issued a patch and reported the issue itself; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft +18
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (New Technology File System) stems from a heap-based buffer overflow (CWE-122) that lets a local attacker run arbitrary code with high confidentiality, integrity, and availability impact. The flaw affects a broad range of Windows client and server builds - from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025 - and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but NTFS's role as the default Windows filesystem makes the exposed surface extremely wide.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an authenticated network attacker to run arbitrary code on domain controllers by triggering a heap-based buffer overflow (CWE-122). Affected platforms span Windows Server 2012 through 2025 (including Server Core) and Windows 10/11 clients acting in AD roles, with Microsoft-issued patches available. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the CVSS 8.8 rating and the sensitivity of the domain-controller attack surface make this a high-priority patch.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows DHCP Server role allows an authenticated network attacker (PR:L) to trigger a heap-based buffer overflow and run arbitrary code on the server. The flaw affects DHCP Server across Windows Server 2012 through Server 2025 (including Server Core installations) and carries a CVSS 8.8 with full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver allows an authenticated attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) after inducing user interaction. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local arbitrary code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted spreadsheet; successful exploitation runs attacker code in the context of the current user across desktop Office builds (Excel 2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps) on both Windows and Mac, as well as Office Online Server. The flaw carries CVSS 7.8 with high confidentiality, integrity, and availability impact but requires user interaction (opening the file). No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Windows Media Foundation lets an attacker run arbitrary code in the context of the victim after luring them to open a maliciously crafted media file. The flaw (CVE-2026-58610, CWE-122 heap-based buffer overflow) affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. CVSS is 7.8 (AV:L/AC:L/PR:N/UI:R) with full confidentiality, integrity, and availability impact; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Virtual Hard Disk (VHD) Miniport Driver lets an authenticated low-privileged user corrupt kernel heap memory and gain SYSTEM-level control. The flaw (CWE-122 heap-based buffer overflow, CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server builds and was reported by Microsoft. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +14
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. Microsoft is the reporting source and has published a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (and the broader Office family through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from a stack-based buffer overflow (CWE-121) triggered when a user opens a maliciously crafted spreadsheet. An attacker who convinces a victim to open the file runs arbitrary code in the security context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; Microsoft has released a patch.

Buffer Overflow Stack Overflow Microsoft +9
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Defender (Microsoft Malware Protection Engine) allows an unauthorized attacker to run arbitrary code by having a maliciously crafted file processed by the scanning engine. The flaw stems from an integer overflow (CWE-190) that corrupts memory during scanning, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Buffer Overflow Microsoft Integer Overflow +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +4
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation to code execution in the Windows Resilient File System (ReFS) driver affects a broad range of Windows 10/11 and Windows Server 2016 through 2025 releases, where an integer overflow (CWE-190) in filesystem processing lets an already-authenticated local user run arbitrary code in an elevated context. The CVSS 3.1 vector (AV:L/PR:L) confirms low-privileged local access is required rather than remote exploitation, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 8.4
HIGH POC PATCH Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft +11
NVD VulDB
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Remote Desktop Client (Windows 11 24H2/25H2/26H1 and Windows Server 2025) allows an unauthenticated network attacker to run arbitrary code via a heap-based buffer overflow. Exploitation is client-side: a victim connecting to an attacker-controlled or malicious RDP endpoint can be compromised, with the CVSS 9.8 vector indicating no privileges or user authentication are required. No public exploit has been identified at time of analysis, but a vendor patch is available and the flaw's parameters make it a high-priority fix.

Heap Overflow Buffer Overflow Windows 11 Version 24H2 +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Network denial of service in the Windows Internet Key Exchange (IKE) protocol implementation allows an unauthenticated remote attacker to crash affected systems by triggering a heap-based buffer overflow. All impact is to availability only (CVSS 7.5, A:H, no confidentiality or integrity loss), making this a reliability/uptime threat against IPsec/VPN-facing Windows 10, Windows 11, and Windows Server hosts rather than a code-execution vulnerability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a meaningful patching priority for internet-exposed IPsec endpoints.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by triggering a stack-based buffer overflow over the network (CVSS 7.5, availability-only impact). Because AD FS brokers single sign-on and federated authentication, a successful attack can knock out login for every downstream application that relies on it. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. The flaw affects AD FS as shipped across a broad range of Windows client and server builds (Windows 10/11 and Windows Server 2012 through 2025). Microsoft - the reporting party - has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows DNS lets an already-authenticated, low-privileged attacker corrupt heap memory to gain higher (likely SYSTEM) privileges on affected Windows 10, Windows 11, and Windows Server 2022/2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft itself, with a vendor patch available via MSRC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so it currently represents a patch-priority rather than an emergency.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow +14
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code on affected domain controllers. The flaw (CVE-2026-49164, CVSS 8.1) spans a broad range of Windows client and server builds from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the high attack complexity (AC:H) tempers the practical exploitation likelihood.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +18
NVD
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Bluetooth Port Driver lets an adjacent, unauthenticated attacker corrupt heap memory to run arbitrary code on the target after minimal user interaction. The flaw (CWE-122 heap-based buffer overflow) affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, with full confidentiality, integrity, and availability impact (CVSS 8.0). There is no public exploit identified at time of analysis, but a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 8.9
HIGH POC This Week

Stack-based buffer overflow in the Totolink NR1800X router (firmware 9.1.0u.6279_B20210910) lets remote attackers corrupt memory by supplying an oversized HTTP Host header to the Form_Logout handler at /formLogout.htm, served by the embedded lighttpd web interface. Because the flaw is reachable over the network without authentication and publicly available exploit code exists, it is a strong candidate for opportunistic exploitation despite not yet appearing in CISA KEV. Successful exploitation can crash the device or, given the CWE-121 stack overwrite, potentially achieve code execution on the router.

Buffer Overflow Stack Overflow Nr1800X
NVD VulDB GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out-of-bounds memory disclosure in Python Pillow before 12.3.0 lets an attacker who supplies a crafted McIdas AREA image file read adjacent process memory or crash the host application. When such a file is opened from a filename, header words control the raw-codec mmap row stride; setting it below the true row width causes later pixel operations (tobytes, getpixel, convert, save) to read past the mapped region. No public exploit is identified at time of analysis and it is not in CISA KEV, but the upstream fix, PR, and a regression test are public, making the flaw well documented.

Python Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Heap out-of-bounds write in Python Pillow prior to 12.3.0 lets an attacker who controls the rank-filter size parameter corrupt native heap memory and crash or potentially manipulate the process. ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before validating the filter size, and the native ImagingExpand() routine computes output dimensions using unchecked signed-int arithmetic, so a very large odd size overflows and drives an out-of-bounds write (CWE-787). No public exploit is identified at time of analysis; the flaw is fixed in Pillow 12.3.0.

Python Buffer Overflow Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds heap read in Python Pillow's TGA RLE encoder (versions 5.2.0 through 12.2.x) lets adjacent process heap bytes leak into a generated TGA file when an application saves a mode '1' (1-bit) image using compression='tga_rle'. The flaw is an information-disclosure bug (CWE-125), fixed in 12.3.0, with no public exploit identified at time of analysis. The NVD CVSS of 7.5 (network vector) overstates practical reach because triggering the leak depends on the host application invoking this specific and unusual save path.

Python Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service and controlled heap corruption in Python's Pillow imaging library (all versions prior to 12.3.0) occurs when ImageCms.ImageCmsTransform.apply() is invoked with an output image whose mode does not match the transform's declared output mode, causing an out-of-bounds write in the native color-management code. The pre-fix code only validated the output mode and never validated the input mode, so a mismatched buffer geometry lets the C-level transform write past allocation bounds. No public exploit has been identified at time of analysis; the fix is confirmed in release 12.3.0 via the vendor security advisory GHSA-9hw9-ch79-4vh6.

Python Buffer Overflow Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service (and potential memory corruption) in Python Pillow before 12.3.0 arises when public image coordinate APIs - Image.paste(), Image.crop(), and Image.alpha_composite() - are handed box coordinates near the signed 32-bit integer boundary (±2**31), causing a native heap out-of-bounds write in the C imaging core. Any application that forwards untrusted coordinate values into these calls can be crashed, and the OOB write raises the theoretical prospect of heap corruption. No public exploit identified at time of analysis; the fix (integer-overflow-safe int64_t arithmetic) shipped in 12.3.0.

Python Buffer Overflow Integer Overflow +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Out-of-bounds read in the Perl DBI (Database Independent Interface) module before version 1.651 lets a caller trigger a negative-array-index read inside the internal row-buffer helper (_set_fbav in DBI.xs), potentially disclosing adjacent process memory or crashing the interpreter. The flaw arises when a statement handle declares zero fields but is fed a non-empty source row, an inconsistency the module failed to reject before returning results. No public exploit has been identified at time of analysis and the issue is not on CISA KEV; the assigned CVSS of 9.1 reflects high confidentiality and availability impact under a network vector, but realistic exploitation depends on a caller (typically a DBD driver or database backend) supplying mismatched metadata and rows.

Buffer Overflow Information Disclosure Dbi
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Buffer over-read in Fortinet FortiOS and FortiProxy exposes sensitive memory contents to authenticated network attackers across multiple product lines including FortiPAM and FortiSwitchManager. The flaw, rooted in CWE-126 (buffer over-read), allows low-privileged remote users to read beyond allocated buffer boundaries, resulting in partial information disclosure with no integrity or availability impact. No active exploitation confirmed in CISA KEV, but the CVSS temporal vector includes E:P indicating proof-of-concept exploit code exists, and an official fix is available per RL:O.

Fortinet Buffer Overflow Information Disclosure +4
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

FortiOS across the 7.2, 7.4, and 7.6 release trains leaks portions of device runtime memory to authenticated remote attackers via a buffer over-read in redirect response handling. Exploitation requires valid credentials but no elevated privileges, and proof-of-concept code exists (CVSS temporal E:P). An official vendor fix is confirmed available (RL:O), though unpatched instances of FortiOS 7.2.x, 7.4.0-7.4.8, and 7.6.0-7.6.2 remain at risk of sensitive memory disclosure - a consequential exposure given that FortiOS processes session tokens, credentials, and cryptographic material at runtime.

Fortinet Buffer Overflow Fortios
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in Fortinet FortiAuthenticator (6.5 all versions and 6.6.0–6.6.2) lets a remote unauthenticated attacker read out-of-bounds memory via a specially crafted request, exposing sensitive in-memory data. The CVSS temporal metrics (E:F, RC:C) indicate a functional, confirmed exploit is understood by the vendor, and an official fix is available (RL:O). No CISA KEV listing is present, so this is not confirmed as actively exploited despite the mature exploit signal.

Fortinet Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 6.6
MEDIUM This Month

Stack-based buffer overflow in Fortinet FortiOS, FortiPAM, FortiProxy, and FortiSASE enables arbitrary code execution for a privileged authenticated attacker capable of bypassing ASLR and stack canary protections via crafted HTTP requests. The CVSS temporal metric E:P confirms proof-of-concept exploit code exists, and RL:O confirms an official patch has been released by Fortinet (advisory FG-IR-26-148). This vulnerability is not listed in CISA KEV at time of analysis, and the dual prerequisites of privileged access plus memory-protection bypass substantially constrain real-world exploitability despite the critical CIA impact triad.

Fortinet Buffer Overflow Stack Overflow +5
NVD
EPSS 0% CVSS 9.2
CRITICAL Act Now

Denial-of-service in Rockwell Automation CompactLogix/GuardLogix 5380, CompactLogix 5480, and ControlLogix/GuardLogix 5580 controllers running boot firmware below version 1.072 lets a remote unauthenticated attacker write malformed file data that forces the device into a major non-recoverable fault (MNRF), halting the controlled process until manual recovery. The flaw carries a CVSS 4.0 base of 9.2 driven purely by availability impact (no data confidentiality or integrity loss) and requires no authentication or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Compactlogix 5380 Recovery Image Compact Guardlogix 5380 Recovery Image Compactlogix 5480 Recovery Image Controllogix 5580 Recovery Image Guardlogix 5580 Recovery Image
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL Act Now

Denial-of-service in Rockwell Automation Logix programmable controllers allows a remote unauthenticated attacker to write invalid file data that forces the device into a Major Non-Recoverable Fault (MNRF), halting the industrial process it controls. Rated CVSS 4.0 9.2 (Critical) with availability as the sole impact, the flaw is a CWE-120 buffer overflow reachable over the network with no privileges or user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low attack complexity makes it a high-priority patch for OT environments.

Buffer Overflow Compactlogix 5370 Compact Guardlogix 5370 Controllogix 5570 Guardlogix 5570
NVD
EPSS 0% CVSS 9.2
CRITICAL Act Now

Remote denial-of-service in Rockwell Automation CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5570 controllers allows a remote user to push a malformed project file that forces the controller into a Major Non-Recoverable Fault (MNRF), halting the controlled process until manual recovery. The CVSS 4.0 score of 9.2 reflects high availability impact on both the controller and the downstream physical process (VA:H/SA:H) with no authentication or user interaction required per the vendor vector. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the loss of a safety-rated (GuardLogix) controller makes availability the dominant concern.

Buffer Overflow Compactlogix 5370 Compact Guardlogix 5370 Controllogix 5570 Guardlogix 5570
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds memory read in the Zephyr RTOS LwM2M firmware-update pull client (subsys/net/lib/lwm2m/lwm2m_pull_context.c) lets a LwM2M management server — or an on-path attacker on a session lacking strong DTLS — leak adjacent device memory and crash the device by writing an over-length Package URI (resource /5/0/1). Affected releases span v3.0.0 through v4.4.0 with the default-on CONFIG_LWM2M_FIRMWARE_UPDATE_PULL_SUPPORT path enabled. No public exploit identified at time of analysis; a vendor patch is available and EPSS/KEV signals are absent.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and kernel memory corruption in Zephyr RTOS on Xtensa SoCs (v3.7.0 through v4.4.0) built with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, where arch_buffer_validate() fails open on an integer-overflow edge case, letting an unprivileged user thread trick the kernel into reading or writing arbitrary kernel/partition memory on its behalf. The flaw stems from a default-permit return value combined with a ROUND_UP address-space wrap that skips the MPU probe loop entirely, and it is not caught by the existing syscall-layer overflow guards. Vendor patch is available; no public exploit identified at time of analysis, and this is not in CISA KEV.

Denial Of Service Privilege Escalation Information Disclosure +3
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) allows remote attackers to corrupt memory via the fromVirtualSer handler for the /goform/VirtualSer endpoint by supplying an oversized 'page' argument. The flaw carries CVSS 4.0 7.4 and, per its vector, requires low-level privileges (PR:L); publicly available exploit code exists, though there is no public exploit identified as actively used in the wild (not in CISA KEV). Successful exploitation can crash the device or potentially lead to arbitrary code execution on the embedded MIPS/ARM firmware.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. Per the supplied CVSS 4.0 vector (PR:L) the attack requires low-level authentication to the device, and successful exploitation can crash the router or potentially achieve arbitrary code execution.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda BE12 Pro router (firmware 16.03.66.23) lets attackers corrupt memory by manipulating the 'page' argument passed to the fromSetIpBind function of the /goform/SetIpBind endpoint. The flaw is remotely reachable over the network and, per the CVSS 4.0 vector, requires low-level privileges (PR:L) while yielding high confidentiality, integrity, and availability impact - typically resulting in device crash or arbitrary code execution on the router. Publicly available exploit code exists (E:P), disclosed via VulDB, though it is not listed in CISA KEV.

Tenda Buffer Overflow Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the siman.exe (Siman) simulation-language component, which mishandles user-supplied data when parsing a model file. An attacker who convinces a user to open a crafted Arena file can run code in the context of that user's process. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so risk is currently theoretical rather than actively exploited.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the linker.exe (Siman) component, which fails to properly validate user-supplied data parsed from simulation model files. A local attacker who convinces a user to open a specially crafted Arena file can corrupt memory and run code in the context of the current user. No public exploit has been identified at time of analysis, the issue is not in CISA KEV, and no EPSS score was provided, so real-world exploitation appears theoretical rather than observed.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the expmt.exe (Siman) component, which fails to validate user-supplied data when parsing model/experiment files. A local attacker who convinces an engineer to open a malicious Arena file can run code in the context of the current user. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; it was self-reported by Rockwell's PSIRT (advisory SD1784).

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the model.exe (Siman) component when a victim opens a maliciously crafted simulation model file. The flaw lets an attacker run code in the context of the current user by tricking an operator or engineer into opening a booby-trapped file, making it a client-side, file-delivery RCE rather than a remotely reachable network service bug. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided, so real-world exploitation appears limited to social-engineering-driven targeting.

Buffer Overflow Memory Corruption RCE +1
NVD
Prev Page 3 of 401 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy