Skip to main content

Buffer Overflow

36143 CVEs technique

Monthly

CVE-2019-25361 CRITICAL POC Act Now

Buffer overflow in Ayukov NFTP client 1.71 in SYST command handling allows remote FTP servers to execute arbitrary code on connecting clients. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25360 HIGH POC This Week

Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. [CVSS 9.8 CRITICAL]

RCE Buffer Overflow Stack Overflow Aida64
NVD Exploit-DB VulDB
CVSS 4.0
8.4
EPSS
0.2%
CVE-2019-25357 HIGH POC This Week

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). [CVSS 8.4 HIGH]

Windows Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-2662 LOW POC Monitor

A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. [CVSS 3.3 LOW]

Buffer Overflow Lily
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2661 LOW POC Monitor

A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. [CVSS 3.3 LOW]

Buffer Overflow Squirrel
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2660 LOW POC Monitor

A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. [CVSS 3.3 LOW]

Buffer Overflow Denial Of Service Lily
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2659 LOW POC Monitor

A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. [CVSS 3.3 LOW]

Buffer Overflow Squirrel
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2657 LOW POC Monitor

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. [CVSS 3.3 LOW]

Buffer Overflow Wren
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-71237 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small.

Linux Buffer Overflow Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71234 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to allocate insufficient space for driver private station data in __sta_info_alloc().

Linux Memory Corruption Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71231 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned.

Linux Information Disclosure Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-2656 LOW POC Monitor

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. [CVSS 2.5 LOW]

Buffer Overflow Denial Of Service Chaiscript
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-2329 CRITICAL POC PATCH THREAT Act Now

Unauthenticated stack-based buffer overflow in /cgi-bin/api.values.get HTTP API endpoint. EPSS 41.1% indicates very high exploitation probability. Patch available.

RCE Buffer Overflow Stack Overflow Gxp1628 Firmware Gxp1630 Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
41.1%
Threat
4.7
CVE-2026-2655 LOW POC Monitor

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. [CVSS 2.5 LOW]

Buffer Overflow Denial Of Service Chaiscript
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-2653 PyPI LOW POC PATCH Monitor

Admesh versions up to 0.98.5 contain a heap buffer overflow in the stl_check_normal_vector function that allows local attackers to corrupt memory with low integrity and confidentiality impact. Public exploit code exists for this vulnerability, and the product appears to be unmaintained with no patch available.

Buffer Overflow Admesh
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-2644 LOW POC Monitor

A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. [CVSS 3.3 LOW]

Buffer Overflow Minisat
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-26736 HIGH POC This Week

Stack-based buffer overflow in TOTOLIK A3002RU firmware versions up to V3.0.0-B20220304.1804 allows authenticated attackers to achieve remote code execution through a malicious static_ipv6 parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise of system confidentiality, integrity, and availability for affected devices.

Buffer Overflow Stack Overflow A3002ru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-26732 HIGH POC This Week

Stack overflow vulnerabilities in TOTOLIK A3002RU V2.1.1 router firmware allow authenticated attackers to achieve remote code execution through malformed vpnUser or vpnPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at risk of complete compromise.

Buffer Overflow Stack Overflow A3002ru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26731 HIGH POC This Week

Remote code execution in TOTOLIK A3002RU V2.1.1 firmware results from a stack-based buffer overflow in the DNS configuration function that can be exploited by authenticated network users. Public exploit code exists for this vulnerability, and attackers with valid credentials can achieve full system compromise including code execution and data manipulation. No patch is currently available.

Buffer Overflow Memory Corruption A3002ru Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2474 HIGH PATCH This Week

Heap buffer overflow in Perl's Crypt::URandom module (versions 0.41-0.54) allows denial of service through integer wraparound when negative length values are passed to the crypt_urandom_getrandom() XS function, causing heap corruption and application crashes. The vulnerability requires direct control over the length parameter, limiting real-world exploitability in typical usage scenarios where this value is hardcoded. No patch is currently available for affected users.

Buffer Overflow Memory Corruption Denial Of Service Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2567 HIGH POC This Week

Remote code execution in Wavlink WL-NU516U1 firmware through a stack-based buffer overflow in the nas.cgi User1Passwd parameter allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2566 HIGH This Week

Stack buffer overflow in Wavlink WL-NU516U1 firmware up to version 130/260 allows authenticated remote attackers to achieve code execution via a malformed firmware_url parameter to /cgi-bin/adm.cgi. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early notification. The high CVSS score (7.2) reflects the severity of unauthenticated remote code execution risk, though exploitation currently requires high-level privileges.

Buffer Overflow Stack Overflow
NVD VulDB GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2565 MEDIUM POC This Month

Stack overflow in Wavlink WL-NU516U1 firmware's /cgi-bin/adm.cgi allows remote attackers with high privileges to achieve code execution via a malicious time_zone parameter. Public exploit code exists for this vulnerability, though exploitation requires high complexity and the vendor has not released a patch.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-2447 HIGH PATCH This Week

Heap buffer overflow in libvpx affects Firefox and Thunderbird across multiple versions, enabling remote code execution when a user interacts with malicious content. An unauthenticated attacker can exploit this vulnerability over the network without special privileges to achieve complete system compromise including data theft and integrity violations. No patch is currently available, making this a critical risk for affected users.

Buffer Overflow Mozilla Heap Overflow Thunderbird
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1335 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write in EPRT file parsing allows local attackers to gain code execution when opening malicious files. The vulnerability requires user interaction and affects both confidentiality, integrity, and availability. No patch is currently available.

Buffer Overflow RCE Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1334 HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 results from an out-of-bounds read flaw in EPRT file processing, enabling attackers to compromise systems by tricking users into opening malicious files. The vulnerability affects local users with no privilege requirements and carries a high severity rating, though no patch is currently available.

Buffer Overflow RCE Information Disclosure Solidworks Edrawings
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32062 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32061 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32059 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32058 CRITICAL Act Now

Bosch Infotainment ECU's RH850 CAN module has a stack buffer overflow enabling potential code execution through crafted CAN bus messages.

Buffer Overflow RCE
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-23208 HIGH PATCH This Week

A buffer overflow in the Linux kernel's ALSA USB audio driver allows local attackers with user privileges to write beyond allocated URB buffers by crafting malicious audio parameters with mismatched packet sizes and frame counts. An attacker can trigger out-of-bounds memory corruption, potentially achieving privilege escalation or denial of service. No patch is currently available for this vulnerability.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23204 HIGH PATCH This Week

The Linux kernel's u32 traffic classifier fails to properly validate negative offset values in skb_header_pointer(), allowing local attackers with low privileges to trigger out-of-bounds memory reads and cause denial of service. This vulnerability affects the network scheduling subsystem and requires local access to exploit, with no currently available patch.

Linux Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23180 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation.

Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23178 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`.

Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23172 HIGH PATCH This Week

The Linux kernel's t7xx WWAN driver fails to validate the number of page fragments added to network socket buffers during packet reception, allowing excessive fragmentation to overflow the skb_shinfo(skb)->frags[] array and corrupt kernel memory. A local attacker with low privileges could trigger this vulnerability through malicious modem firmware or crafted network packets, potentially causing kernel crashes or undefined behavior. No patch is currently available for this medium-severity issue.

Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-71201 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet: 9p_client_res: client 18446612686390831168 response P9_TREAD tag 0 err 0 ...

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-26269 MEDIUM PATCH This Month

Stack buffer overflow in Vim's NetBeans integration allows a malicious NetBeans server to corrupt memory and potentially crash the editor or execute arbitrary code through a specially crafted specialKeys command. The vulnerability affects Vim builds with NetBeans support enabled and requires user interaction to connect to a compromised server. A patch is available in Vim version 9.1.2148 and later.

Buffer Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21870 MEDIUM POC PATCH This Month

The BACnet Protocol Stack library versions 1.4.2 and earlier contain an off-by-one buffer overflow in the ubasic interpreter's string tokenizer that crashes the application when processing oversized string literals. Public exploit code exists for this vulnerability, which affects any system running vulnerable versions of the BACnet Stack or Stack Overflow products. An attacker with local access and user interaction can trigger a denial of service condition through a specially crafted input string.

Buffer Overflow Stack Overflow Denial Of Service Bacnet Stack
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-70122 HIGH POC This Week

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23112 CRITICAL PATCH CISA Act Now

Linux kernel NVMe-oF TCP transport lacks proper bounds checking in PDU processing, allowing a local attacker with low privileges to trigger a kernel panic by crafting malicious PDU parameters that exceed scatter-gather list boundaries. The vulnerability enables denial of service through GPF/KASAN errors when invalid memory offsets are dereferenced during data copy operations. No patch is currently available for affected systems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2443 MEDIUM PATCH This Month

libsoup's improper validation of HTTP Range headers enables remote attackers to read sensitive server memory when processing specially crafted requests against vulnerable SoupServer instances. The flaw affects GNOME-based systems using certain build configurations and requires no authentication or user interaction. No patch is currently available, and exploitation likelihood remains low at 0.1% EPSS.

Buffer Overflow Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2019-25336 HIGH POC This Week

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. [CVSS 8.4 HIGH]

Buffer Overflow Spotauditor
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2019-25334 MEDIUM POC This Month

Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Stack Overflow Product Key Explorer
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2019-25331 HIGH POC This Week

AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. [CVSS 8.4 HIGH]

Buffer Overflow
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2019-25327 CRITICAL POC Act Now

Buffer overflow in Prime95 29.8 build 6 user ID field allows code execution. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25321 CRITICAL POC Act Now

Stack overflow in FTP Navigator 8.03 via SEH overwrite. PoC available.

RCE Buffer Overflow Stack Overflow Ftp Navigator
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-70314 CRITICAL POC Act Now

Buffer overflow in webfsd 1.21 web server via crafted request targeting filename variable. PoC available.

Buffer Overflow Webfsd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67433 HIGH This Week

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69807 HIGH This Week

p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Bareiron
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69806 HIGH This Week

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Bareiron
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-31323 Monitor

Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.

Buffer Overflow
NVD
EPSS
0.0%
CVE-2023-20601 Monitor

Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.

Buffer Overflow
NVD
EPSS
0.0%
CVE-2026-2007 HIGH PATCH This Week

Heap buffer overflow in the pg_trgm extension of PostgreSQL 18.0 and 18.1 allows authenticated database users to trigger memory corruption through specially crafted input strings. An attacker with database access could potentially achieve privilege escalation or cause service disruption, though exploit complexity is currently limited by restricted control over written data. No patch is currently available.

PostgreSQL Buffer Overflow Privilege Escalation Heap Overflow
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-2005 HIGH PATCH This Week

Arbitrary code execution in PostgreSQL pgcrypto module (versions before 14.21, 15.16, 16.12, 17.8, and 18.2) stems from a heap buffer overflow that allows attackers with database access to execute commands with the privileges of the PostgreSQL system user. An authenticated attacker can exploit this vulnerability by providing specially crafted ciphertext to trigger the overflow condition. No patch is currently available, leaving affected PostgreSQL installations vulnerable to privilege escalation and full system compromise.

PostgreSQL Buffer Overflow Heap Overflow RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-20700 HIGH POC KEV THREAT Act Now

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.

Apple RCE Buffer Overflow macOS iOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
Threat
4.6
CVE-2026-20654 MEDIUM This Month

A local privilege escalation vulnerability in Apple's operating systems (macOS, iOS, visionOS, and iPadOS) allows authenticated users to trigger a buffer overflow condition resulting in denial of service through application crashes. The vulnerability stems from improper memory handling and affects multiple Apple platforms including watchOS and tvOS. Currently, no patch is available, though the vendor has indicated fixes will be included in upcoming OS updates.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20644 MEDIUM PATCH This Month

Memory handling flaws in Apple's macOS, iOS, iPadOS, and Safari allow remote attackers to crash affected processes by serving specially crafted web content, requiring only user interaction to trigger the denial of service. The vulnerability affects multiple Apple platforms and products across recent versions, with fixes available in macOS Tahoe 26.3, iOS 18.7.5, iPadOS 18.7.5, and Safari 26.3. No patches are currently available for all affected versions.

Apple Buffer Overflow Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20636 MEDIUM PATCH This Month

Denial of service in Apple Safari, iOS, iPadOS, and macOS results from improper memory handling when processing maliciously crafted web content, causing unexpected process crashes. An unauthenticated remote attacker can trigger this vulnerability through a specially crafted webpage, affecting users who view the malicious content. No patch is currently available for this vulnerability.

Apple Buffer Overflow Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20635 MEDIUM PATCH This Month

Denial of service affecting Apple's macOS, iOS, iPadOS, watchOS, tvOS, and visionOS results from a memory handling flaw that crashes processes when parsing malicious web content. An unauthenticated remote attacker can trigger unexpected application termination through crafted web pages, requiring only user interaction to visit a malicious site. A patch is not currently available for this medium-severity vulnerability.

Apple Buffer Overflow Ipados Iphone Os Tvos +2
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20621 MEDIUM This Month

Improper memory handling in Apple operating systems (macOS, iOS, iPadOS, visionOS) allows local attackers with user-level privileges to trigger kernel memory corruption or unexpected system crashes without user interaction. The vulnerability affects multiple macOS versions (Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4) and iOS/iPadOS 18.7.5 and later. No patch is currently available for this medium-severity flaw.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20620 HIGH This Week

Local attackers can exploit an out-of-bounds read vulnerability in macOS and Linux systems to crash the kernel or leak sensitive kernel memory, affecting macOS Sequoia 15.7.3 and earlier, macOS Tahoe 26.2 and earlier, and macOS Sonoma 14.8.3 and earlier. The vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this HIGH severity issue.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-20616 HIGH This Week

Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.

Apple Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-20611 HIGH This Week

Memory corruption in Apple's media processing across iOS, macOS, watchOS, tvOS, and visionOS allows local attackers to crash applications or corrupt process memory by supplying specially crafted media files. An attacker with local access and user interaction can trigger out-of-bounds memory access during media file parsing, potentially leading to arbitrary code execution or denial of service. No patch is currently available for this vulnerability.

Apple Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20609 MEDIUM This Month

Memory handling vulnerabilities across Apple's macOS, iOS, and iPadOS platforms allow local attackers to trigger denial-of-service conditions or leak sensitive memory contents by processing specially crafted files. The vulnerability requires user interaction and local access, affecting multiple OS versions with patches available across the Apple ecosystem. CVSS 4.4 (Medium) severity reflects the limited attack surface and lack of remote exploitability.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20605 MEDIUM This Month

System process denial of service affecting Apple macOS, iOS, and iPadOS through improper memory handling allows local attackers with physical access to crash critical system processes. The vulnerability impacts multiple recent OS versions including macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and newer releases, with patches available for affected users. This could enable attackers to disrupt system stability and availability on vulnerable Apple devices.

Apple Buffer Overflow
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-46305 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46303 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46302 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46301 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46300 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-25994 CRITICAL POC PATCH Act Now

Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affects VoIP/communication applications built on PJSIP.

Buffer Overflow Pjsip
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25990 PyPI HIGH PATCH GHSA This Week

Out-of-bounds write in Pillow versions 10.3.0 through 12.1.0 allows remote denial of service when processing maliciously crafted PSD image files. An attacker can trigger a crash by supplying a specially crafted image without authentication or user interaction. A patch is available in version 12.1.1.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2020-37212 MEDIUM POC This Month

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotmsn Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37211 MEDIUM POC This Month

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotim Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37210 MEDIUM POC This Month

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotie Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37209 MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotftp Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37208 MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Spotftp Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37207 MEDIUM POC This Month

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotdialup Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37206 MEDIUM POC This Month

ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field. [CVSS 7.5 HIGH]

Denial Of Service Sharealarmpro Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37205 MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37204 MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37201 MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37200 MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher Stack Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37199 MEDIUM POC This Month

NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Nbmonitor Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37197 MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37196 MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37183 CRITICAL POC Act Now

Stack overflow in Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 via SEH chain. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37176 CRITICAL POC Act Now

Stack overflow in Torrent 3GP Converter 1.51 via SEH overwrite. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2314 HIGH PATCH This Week

Heap buffer overflow in Google Chrome's codec implementation prior to version 145.0.7632.45 enables remote attackers to corrupt heap memory and potentially achieve arbitrary code execution through a malicious HTML page. The vulnerability requires user interaction to visit a crafted webpage but does not require special privileges, affecting all Chrome users. No patch is currently available.

Google Buffer Overflow Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-70085 CRITICAL Act Now

Stack buffer overflow in OpenSatKit 2.2.1 satellite ground station software. The ErrStr buffer overflows when formatting filenames. Space infrastructure vulnerability.

Buffer Overflow Opensatkit
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in Ayukov NFTP client 1.71 in SYST command handling allows remote FTP servers to execute arbitrary code on connecting clients. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 8.4
HIGH POC This Week

Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. [CVSS 9.8 CRITICAL]

RCE Buffer Overflow Stack Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). [CVSS 8.4 HIGH]

Windows Buffer Overflow Stack Overflow
NVD Exploit-DB
EPSS 0% CVSS 1.9
LOW POC Monitor

A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. [CVSS 3.3 LOW]

Buffer Overflow Lily
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. [CVSS 3.3 LOW]

Buffer Overflow Squirrel
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. [CVSS 3.3 LOW]

Buffer Overflow Denial Of Service Lily
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. [CVSS 3.3 LOW]

Buffer Overflow Squirrel
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. [CVSS 3.3 LOW]

Buffer Overflow Wren
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small.

Linux Buffer Overflow Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to allocate insufficient space for driver private station data in __sta_info_alloc().

Linux Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned.

Linux Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 1.1
LOW POC Monitor

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. [CVSS 2.5 LOW]

Buffer Overflow Denial Of Service Chaiscript
NVD GitHub VulDB
EPSS 41% 4.7 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Unauthenticated stack-based buffer overflow in /cgi-bin/api.values.get HTTP API endpoint. EPSS 41.1% indicates very high exploitation probability. Patch available.

RCE Buffer Overflow Stack Overflow +6
NVD GitHub
EPSS 0% CVSS 1.1
LOW POC Monitor

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str_less::operator of the file include/chaiscript/chaiscript_defines.hpp. [CVSS 2.5 LOW]

Buffer Overflow Denial Of Service Chaiscript
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Admesh versions up to 0.98.5 contain a heap buffer overflow in the stl_check_normal_vector function that allows local attackers to corrupt memory with low integrity and confidentiality impact. Public exploit code exists for this vulnerability, and the product appears to be unmaintained with no patch available.

Buffer Overflow Admesh
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. [CVSS 3.3 LOW]

Buffer Overflow Minisat
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack-based buffer overflow in TOTOLIK A3002RU firmware versions up to V3.0.0-B20220304.1804 allows authenticated attackers to achieve remote code execution through a malicious static_ipv6 parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise of system confidentiality, integrity, and availability for affected devices.

Buffer Overflow Stack Overflow A3002ru Firmware
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Stack overflow vulnerabilities in TOTOLIK A3002RU V2.1.1 router firmware allow authenticated attackers to achieve remote code execution through malformed vpnUser or vpnPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at risk of complete compromise.

Buffer Overflow Stack Overflow A3002ru Firmware
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in TOTOLIK A3002RU V2.1.1 firmware results from a stack-based buffer overflow in the DNS configuration function that can be exploited by authenticated network users. Public exploit code exists for this vulnerability, and attackers with valid credentials can achieve full system compromise including code execution and data manipulation. No patch is currently available.

Buffer Overflow Memory Corruption A3002ru Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap buffer overflow in Perl's Crypt::URandom module (versions 0.41-0.54) allows denial of service through integer wraparound when negative length values are passed to the crypt_urandom_getrandom() XS function, causing heap corruption and application crashes. The vulnerability requires direct control over the length parameter, limiting real-world exploitability in typical usage scenarios where this value is hardcoded. No patch is currently available for affected users.

Buffer Overflow Memory Corruption Denial Of Service +1
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in Wavlink WL-NU516U1 firmware through a stack-based buffer overflow in the nas.cgi User1Passwd parameter allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Stack buffer overflow in Wavlink WL-NU516U1 firmware up to version 130/260 allows authenticated remote attackers to achieve code execution via a malformed firmware_url parameter to /cgi-bin/adm.cgi. Public exploit code exists for this vulnerability and the vendor has not provided a patch despite early notification. The high CVSS score (7.2) reflects the severity of unauthenticated remote code execution risk, though exploitation currently requires high-level privileges.

Buffer Overflow Stack Overflow
NVD VulDB GitHub
EPSS 0% CVSS 6.6
MEDIUM POC This Month

Stack overflow in Wavlink WL-NU516U1 firmware's /cgi-bin/adm.cgi allows remote attackers with high privileges to achieve code execution via a malicious time_zone parameter. Public exploit code exists for this vulnerability, though exploitation requires high complexity and the vendor has not released a patch.

Buffer Overflow Stack Overflow Wl Nu516u1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in libvpx affects Firefox and Thunderbird across multiple versions, enabling remote code execution when a user interacts with malicious content. An unauthenticated attacker can exploit this vulnerability over the network without special privileges to achieve complete system compromise including data theft and integrity violations. No patch is currently available, making this a critical risk for affected users.

Buffer Overflow Mozilla Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 via out-of-bounds write in EPRT file parsing allows local attackers to gain code execution when opening malicious files. The vulnerability requires user interaction and affects both confidentiality, integrity, and availability. No patch is currently available.

Buffer Overflow RCE Solidworks Edrawings
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in SOLIDWORKS eDrawings 2025-2026 results from an out-of-bounds read flaw in EPRT file processing, enabling attackers to compromise systems by tricking users into opening malicious files. The vulnerability affects local users with no privilege requirements and carries a high severity rating, though no patch is currently available.

Buffer Overflow RCE Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Bosch Infotainment ECU's RH850 CAN module has a stack buffer overflow enabling potential code execution through crafted CAN bus messages.

Buffer Overflow RCE
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow in the Linux kernel's ALSA USB audio driver allows local attackers with user privileges to write beyond allocated URB buffers by crafting malicious audio parameters with mismatched packet sizes and frame counts. An attacker can trigger out-of-bounds memory corruption, potentially achieving privilege escalation or denial of service. No patch is currently available for this vulnerability.

Linux Buffer Overflow Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

The Linux kernel's u32 traffic classifier fails to properly validate negative offset values in skb_header_pointer(), allowing local attackers with low privileges to trigger out-of-bounds memory reads and cause denial of service. This vulnerability affects the network scheduling subsystem and requires local access to exploit, with no currently available patch.

Linux Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

The Linux kernel's t7xx WWAN driver fails to validate the number of page fragments added to network socket buffers during packet reception, allowing excessive fragmentation to overflow the skb_shinfo(skb)->frags[] array and corrupt kernel memory. A local attacker with low privileges could trigger this vulnerability through malicious modem firmware or crafted network packets, potentially causing kernel crashes or undefined behavior. No patch is currently available for this medium-severity issue.

Linux Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet: 9p_client_res: client 18446612686390831168 response P9_TREAD tag 0 err 0 ...

Linux Buffer Overflow Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stack buffer overflow in Vim's NetBeans integration allows a malicious NetBeans server to corrupt memory and potentially crash the editor or execute arbitrary code through a specially crafted specialKeys command. The vulnerability affects Vim builds with NetBeans support enabled and requires user interaction to connect to a compromised server. A patch is available in Vim version 9.1.2148 and later.

Buffer Overflow Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The BACnet Protocol Stack library versions 1.4.2 and earlier contain an off-by-one buffer overflow in the ubasic interpreter's string tokenizer that crashes the application when processing oversized string literals. Public exploit code exists for this vulnerability, which affects any system running vulnerable versions of the BACnet Stack or Stack Overflow products. An attacker with local access and user interaction can trigger a denial of service condition through a specially crafted input string.

Buffer Overflow Stack Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Linux kernel NVMe-oF TCP transport lacks proper bounds checking in PDU processing, allowing a local attacker with low privileges to trigger a kernel panic by crafting malicious PDU parameters that exceed scatter-gather list boundaries. The vulnerability enables denial of service through GPF/KASAN errors when invalid memory offsets are dereferenced during data copy operations. No patch is currently available for affected systems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

libsoup's improper validation of HTTP Range headers enables remote attackers to read sensitive server memory when processing specially crafted requests against vulnerable SoupServer instances. The flaw affects GNOME-based systems using certain build configurations and requires no authentication or user interaction. No patch is currently available, and exploitation likelihood remains low at 0.1% EPSS.

Buffer Overflow Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. [CVSS 8.4 HIGH]

Buffer Overflow Spotauditor
NVD Exploit-DB
EPSS 0% CVSS 6.7
MEDIUM POC This Month

Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Stack Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. [CVSS 8.4 HIGH]

Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in Prime95 29.8 build 6 user ID field allows code execution. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack overflow in FTP Navigator 8.03 via SEH overwrite. PoC available.

RCE Buffer Overflow Stack Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in webfsd 1.21 web server via crafted request targeting filename variable. PoC available.

Buffer Overflow Webfsd
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Bareiron
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Bareiron
NVD GitHub
EPSS 0%
Monitor

Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.

Buffer Overflow
NVD
EPSS 0%
Monitor

Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.

Buffer Overflow
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Heap buffer overflow in the pg_trgm extension of PostgreSQL 18.0 and 18.1 allows authenticated database users to trigger memory corruption through specially crafted input strings. An attacker with database access could potentially achieve privilege escalation or cause service disruption, though exploit complexity is currently limited by restricted control over written data. No patch is currently available.

PostgreSQL Buffer Overflow Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in PostgreSQL pgcrypto module (versions before 14.21, 15.16, 16.12, 17.8, and 18.2) stems from a heap buffer overflow that allows attackers with database access to execute commands with the privileges of the PostgreSQL system user. An authenticated attacker can exploit this vulnerability by providing specially crafted ciphertext to trigger the overflow condition. No patch is currently available, leaving affected PostgreSQL installations vulnerable to privilege escalation and full system compromise.

PostgreSQL Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% 4.6 CVSS 7.8
HIGH POC KEV THREAT Act Now

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.

Apple RCE Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A local privilege escalation vulnerability in Apple's operating systems (macOS, iOS, visionOS, and iPadOS) allows authenticated users to trigger a buffer overflow condition resulting in denial of service through application crashes. The vulnerability stems from improper memory handling and affects multiple Apple platforms including watchOS and tvOS. Currently, no patch is available, though the vendor has indicated fixes will be included in upcoming OS updates.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory handling flaws in Apple's macOS, iOS, iPadOS, and Safari allow remote attackers to crash affected processes by serving specially crafted web content, requiring only user interaction to trigger the denial of service. The vulnerability affects multiple Apple platforms and products across recent versions, with fixes available in macOS Tahoe 26.3, iOS 18.7.5, iPadOS 18.7.5, and Safari 26.3. No patches are currently available for all affected versions.

Apple Buffer Overflow Ipados +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in Apple Safari, iOS, iPadOS, and macOS results from improper memory handling when processing maliciously crafted web content, causing unexpected process crashes. An unauthenticated remote attacker can trigger this vulnerability through a specially crafted webpage, affecting users who view the malicious content. No patch is currently available for this vulnerability.

Apple Buffer Overflow Ipados +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Denial of service affecting Apple's macOS, iOS, iPadOS, watchOS, tvOS, and visionOS results from a memory handling flaw that crashes processes when parsing malicious web content. An unauthenticated remote attacker can trigger unexpected application termination through crafted web pages, requiring only user interaction to visit a malicious site. A patch is not currently available for this medium-severity vulnerability.

Apple Buffer Overflow Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper memory handling in Apple operating systems (macOS, iOS, iPadOS, visionOS) allows local attackers with user-level privileges to trigger kernel memory corruption or unexpected system crashes without user interaction. The vulnerability affects multiple macOS versions (Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4) and iOS/iPadOS 18.7.5 and later. No patch is currently available for this medium-severity flaw.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Local attackers can exploit an out-of-bounds read vulnerability in macOS and Linux systems to crash the kernel or leak sensitive kernel memory, affecting macOS Sequoia 15.7.3 and earlier, macOS Tahoe 26.2 and earlier, and macOS Sonoma 14.8.3 and earlier. The vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this HIGH severity issue.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.

Apple Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Apple's media processing across iOS, macOS, watchOS, tvOS, and visionOS allows local attackers to crash applications or corrupt process memory by supplying specially crafted media files. An attacker with local access and user interaction can trigger out-of-bounds memory access during media file parsing, potentially leading to arbitrary code execution or denial of service. No patch is currently available for this vulnerability.

Apple Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

Memory handling vulnerabilities across Apple's macOS, iOS, and iPadOS platforms allow local attackers to trigger denial-of-service conditions or leak sensitive memory contents by processing specially crafted files. The vulnerability requires user interaction and local access, affecting multiple OS versions with patches available across the Apple ecosystem. CVSS 4.4 (Medium) severity reflects the limited attack surface and lack of remote exploitability.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

System process denial of service affecting Apple macOS, iOS, and iPadOS through improper memory handling allows local attackers with physical access to crash critical system processes. The vulnerability impacts multiple recent OS versions including macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and newer releases, with patches available for affected users. This could enable attackers to disrupt system stability and availability on vulnerable Apple devices.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affects VoIP/communication applications built on PJSIP.

Buffer Overflow Pjsip
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Out-of-bounds write in Pillow versions 10.3.0 through 12.1.0 allows remote denial of service when processing maliciously crafted PSD image files. An attacker can trigger a crash by supplying a specially crafted image without authentication or user interaction. A patch is available in version 12.1.1.

Python Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotmsn Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotim Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotie Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotftp Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Spotftp +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotdialup Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field. [CVSS 7.5 HIGH]

Denial Of Service Sharealarmpro Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher Stack Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Nbmonitor Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack overflow in Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 via SEH chain. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack overflow in Torrent 3GP Converter 1.51 via SEH overwrite. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Google Chrome's codec implementation prior to version 145.0.7632.45 enables remote attackers to corrupt heap memory and potentially achieve arbitrary code execution through a malicious HTML page. The vulnerability requires user interaction to visit a crafted webpage but does not require special privileges, affecting all Chrome users. No patch is currently available.

Google Buffer Overflow Chrome +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack buffer overflow in OpenSatKit 2.2.1 satellite ground station software. The ErrStr buffer overflows when formatting filenames. Space infrastructure vulnerability.

Buffer Overflow Opensatkit
NVD GitHub
Prev Page 42 of 402 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy