Skip to main content

Buffer Overflow

36201 CVEs technique

Monthly

CVE-2026-23180 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation.

Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23178 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`.

Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23172 HIGH PATCH This Week

The Linux kernel's t7xx WWAN driver fails to validate the number of page fragments added to network socket buffers during packet reception, allowing excessive fragmentation to overflow the skb_shinfo(skb)->frags[] array and corrupt kernel memory. A local attacker with low privileges could trigger this vulnerability through malicious modem firmware or crafted network packets, potentially causing kernel crashes or undefined behavior. No patch is currently available for this medium-severity issue.

Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-71201 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet: 9p_client_res: client 18446612686390831168 response P9_TREAD tag 0 err 0 ...

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-26269 MEDIUM PATCH This Month

Stack buffer overflow in Vim's NetBeans integration allows a malicious NetBeans server to corrupt memory and potentially crash the editor or execute arbitrary code through a specially crafted specialKeys command. The vulnerability affects Vim builds with NetBeans support enabled and requires user interaction to connect to a compromised server. A patch is available in Vim version 9.1.2148 and later.

Buffer Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21870 MEDIUM POC PATCH This Month

The BACnet Protocol Stack library versions 1.4.2 and earlier contain an off-by-one buffer overflow in the ubasic interpreter's string tokenizer that crashes the application when processing oversized string literals. Public exploit code exists for this vulnerability, which affects any system running vulnerable versions of the BACnet Stack or Stack Overflow products. An attacker with local access and user interaction can trigger a denial of service condition through a specially crafted input string.

Buffer Overflow Stack Overflow Denial Of Service Bacnet Stack
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-70122 HIGH POC This Week

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23112 CRITICAL PATCH CISA Act Now

Linux kernel NVMe-oF TCP transport lacks proper bounds checking in PDU processing, allowing a local attacker with low privileges to trigger a kernel panic by crafting malicious PDU parameters that exceed scatter-gather list boundaries. The vulnerability enables denial of service through GPF/KASAN errors when invalid memory offsets are dereferenced during data copy operations. No patch is currently available for affected systems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2443 MEDIUM PATCH This Month

libsoup's improper validation of HTTP Range headers enables remote attackers to read sensitive server memory when processing specially crafted requests against vulnerable SoupServer instances. The flaw affects GNOME-based systems using certain build configurations and requires no authentication or user interaction. No patch is currently available, and exploitation likelihood remains low at 0.1% EPSS.

Buffer Overflow Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2019-25336 HIGH POC This Week

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. [CVSS 8.4 HIGH]

Buffer Overflow Spotauditor
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2019-25334 MEDIUM POC This Month

Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Stack Overflow Product Key Explorer
NVD Exploit-DB VulDB
CVSS 4.0
6.7
EPSS
0.0%
CVE-2019-25331 HIGH POC This Week

AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. [CVSS 8.4 HIGH]

Buffer Overflow
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2019-25327 CRITICAL POC Act Now

Buffer overflow in Prime95 29.8 build 6 user ID field allows code execution. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25321 CRITICAL POC Act Now

Stack overflow in FTP Navigator 8.03 via SEH overwrite. PoC available.

RCE Buffer Overflow Stack Overflow Ftp Navigator
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-70314 CRITICAL POC Act Now

Buffer overflow in webfsd 1.21 web server via crafted request targeting filename variable. PoC available.

Buffer Overflow Webfsd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67433 HIGH This Week

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69807 HIGH This Week

p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Bareiron
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69806 HIGH This Week

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Bareiron
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-31323 Monitor

Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.

Buffer Overflow
NVD
EPSS
0.0%
CVE-2023-20601 Monitor

Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.

Buffer Overflow
NVD
EPSS
0.0%
CVE-2026-2007 HIGH PATCH This Week

Heap buffer overflow in the pg_trgm extension of PostgreSQL 18.0 and 18.1 allows authenticated database users to trigger memory corruption through specially crafted input strings. An attacker with database access could potentially achieve privilege escalation or cause service disruption, though exploit complexity is currently limited by restricted control over written data. No patch is currently available.

PostgreSQL Buffer Overflow Privilege Escalation Heap Overflow
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-2005 HIGH PATCH This Week

Arbitrary code execution in PostgreSQL pgcrypto module (versions before 14.21, 15.16, 16.12, 17.8, and 18.2) stems from a heap buffer overflow that allows attackers with database access to execute commands with the privileges of the PostgreSQL system user. An authenticated attacker can exploit this vulnerability by providing specially crafted ciphertext to trigger the overflow condition. No patch is currently available, leaving affected PostgreSQL installations vulnerable to privilege escalation and full system compromise.

PostgreSQL Buffer Overflow Heap Overflow RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-20700 HIGH POC KEV THREAT Act Now

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.

Apple RCE Buffer Overflow macOS iOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
Threat
4.6
CVE-2026-20654 MEDIUM This Month

A local privilege escalation vulnerability in Apple's operating systems (macOS, iOS, visionOS, and iPadOS) allows authenticated users to trigger a buffer overflow condition resulting in denial of service through application crashes. The vulnerability stems from improper memory handling and affects multiple Apple platforms including watchOS and tvOS. Currently, no patch is available, though the vendor has indicated fixes will be included in upcoming OS updates.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20644 MEDIUM PATCH This Month

Memory handling flaws in Apple's macOS, iOS, iPadOS, and Safari allow remote attackers to crash affected processes by serving specially crafted web content, requiring only user interaction to trigger the denial of service. The vulnerability affects multiple Apple platforms and products across recent versions, with fixes available in macOS Tahoe 26.3, iOS 18.7.5, iPadOS 18.7.5, and Safari 26.3. No patches are currently available for all affected versions.

Apple Buffer Overflow Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20636 MEDIUM PATCH This Month

Denial of service in Apple Safari, iOS, iPadOS, and macOS results from improper memory handling when processing maliciously crafted web content, causing unexpected process crashes. An unauthenticated remote attacker can trigger this vulnerability through a specially crafted webpage, affecting users who view the malicious content. No patch is currently available for this vulnerability.

Apple Buffer Overflow Ipados Iphone Os Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20635 MEDIUM PATCH This Month

Denial of service affecting Apple's macOS, iOS, iPadOS, watchOS, tvOS, and visionOS results from a memory handling flaw that crashes processes when parsing malicious web content. An unauthenticated remote attacker can trigger unexpected application termination through crafted web pages, requiring only user interaction to visit a malicious site. A patch is not currently available for this medium-severity vulnerability.

Apple Buffer Overflow Ipados Iphone Os Tvos +2
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20621 MEDIUM This Month

Improper memory handling in Apple operating systems (macOS, iOS, iPadOS, visionOS) allows local attackers with user-level privileges to trigger kernel memory corruption or unexpected system crashes without user interaction. The vulnerability affects multiple macOS versions (Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4) and iOS/iPadOS 18.7.5 and later. No patch is currently available for this medium-severity flaw.

Apple Buffer Overflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20620 HIGH This Week

Local attackers can exploit an out-of-bounds read vulnerability in macOS and Linux systems to crash the kernel or leak sensitive kernel memory, affecting macOS Sequoia 15.7.3 and earlier, macOS Tahoe 26.2 and earlier, and macOS Sonoma 14.8.3 and earlier. The vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this HIGH severity issue.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-20616 HIGH This Week

Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.

Apple Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-20611 HIGH This Week

Memory corruption in Apple's media processing across iOS, macOS, watchOS, tvOS, and visionOS allows local attackers to crash applications or corrupt process memory by supplying specially crafted media files. An attacker with local access and user interaction can trigger out-of-bounds memory access during media file parsing, potentially leading to arbitrary code execution or denial of service. No patch is currently available for this vulnerability.

Apple Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20609 MEDIUM This Month

Memory handling vulnerabilities across Apple's macOS, iOS, and iPadOS platforms allow local attackers to trigger denial-of-service conditions or leak sensitive memory contents by processing specially crafted files. The vulnerability requires user interaction and local access, affecting multiple OS versions with patches available across the Apple ecosystem. CVSS 4.4 (Medium) severity reflects the limited attack surface and lack of remote exploitability.

Apple Buffer Overflow Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-20605 MEDIUM This Month

System process denial of service affecting Apple macOS, iOS, and iPadOS through improper memory handling allows local attackers with physical access to crash critical system processes. The vulnerability impacts multiple recent OS versions including macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and newer releases, with patches available for affected users. This could enable attackers to disrupt system stability and availability on vulnerable Apple devices.

Apple Buffer Overflow
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-46305 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46303 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46302 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46301 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-46300 MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-25994 CRITICAL POC PATCH Act Now

Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affects VoIP/communication applications built on PJSIP.

Buffer Overflow Pjsip
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25990 PyPI HIGH PATCH GHSA This Week

Out-of-bounds write in Pillow versions 10.3.0 through 12.1.0 allows remote denial of service when processing maliciously crafted PSD image files. An attacker can trigger a crash by supplying a specially crafted image without authentication or user interaction. A patch is available in version 12.1.1.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2020-37212 MEDIUM POC This Month

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotmsn Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37211 MEDIUM POC This Month

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotim Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37210 MEDIUM POC This Month

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotie Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37209 MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotftp Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37208 MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Spotftp Memory Corruption
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37207 MEDIUM POC This Month

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotdialup Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37206 MEDIUM POC This Month

ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field. [CVSS 7.5 HIGH]

Denial Of Service Sharealarmpro Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37205 MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37204 MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37201 MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37200 MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher Stack Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37199 MEDIUM POC This Month

NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Nbmonitor Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37197 MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37196 MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2020-37183 CRITICAL POC Act Now

Stack overflow in Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 via SEH chain. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-37176 CRITICAL POC Act Now

Stack overflow in Torrent 3GP Converter 1.51 via SEH overwrite. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2314 HIGH PATCH This Week

Heap buffer overflow in Google Chrome's codec implementation prior to version 145.0.7632.45 enables remote attackers to corrupt heap memory and potentially achieve arbitrary code execution through a malicious HTML page. The vulnerability requires user interaction to visit a crafted webpage but does not require special privileges, affecting all Chrome users. No patch is currently available.

Google Buffer Overflow Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-70085 CRITICAL Act Now

Stack buffer overflow in OpenSatKit 2.2.1 satellite ground station software. The ErrStr buffer overflows when formatting filenames. Space infrastructure vulnerability.

Buffer Overflow Opensatkit
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70083 HIGH This Week

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. [CVSS 7.8 HIGH]

Buffer Overflow Opensatkit
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-57709 HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-54170 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54169 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure File Station
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-54152 MEDIUM This Month

A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52870 HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-52869 HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52868 HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-48725 HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service Quts Hero Qts
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-48724 HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-48723 HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-30276 HIGH This Week

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. [CVSS 8.8 HIGH]

Buffer Overflow Qsync Central
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56807 MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure Media Streaming Add On
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21349 HIGH This Week

Arbitrary code execution in Adobe Lightroom Desktop 15.1 and earlier via an out-of-bounds write vulnerability when users open malicious files. Local exploitation requires user interaction but executes with the privileges of the current user. No patch is currently available.

Buffer Overflow RCE Lightroom
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21348 MEDIUM This Month

Memory disclosure in Substance 3D Modeler 1.22.5 and earlier through an out-of-bounds read allows attackers to expose sensitive information when victims open specially crafted files. The vulnerability requires user interaction but no special privileges, making it accessible to local attackers with access to craft malicious documents. Currently no patch is available, and exploitation could reveal confidential data stored in process memory.

Buffer Overflow Information Disclosure Substance 3d Modeler
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-29951 This Week

A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.

Buffer Overflow Privilege Escalation RCE
NVD
EPSS
0.0%
CVE-2024-36355 This Week

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

Buffer Overflow RCE
NVD
EPSS
0.0%
CVE-2024-36310 Monitor

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.

Buffer Overflow
NVD
EPSS
0.0%
CVE-2026-25506 HIGH PATCH This Week

Cryptographic key disclosure and credential forgery in MUNGE 0.5 through 0.5.17 lets a local user extract munged's MAC subkey from process memory and forge arbitrary credentials. By sending a crafted message with an oversized address-length field, an attacker triggers an out-of-bounds write that corrupts munged's internal state and leaks the key used to validate credentials, enabling impersonation of any user including root across every service that trusts MUNGE for authentication. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but MUNGE's role as a cluster trust anchor makes the impact severe wherever it is deployed.

Buffer Overflow Munge Debian Linux Memory Corruption
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21355 MEDIUM This Month

Out-of-bounds memory read in DNG SDK 1.7.1 (2410) and earlier enables attackers to extract sensitive information from process memory when a user opens a specially crafted file. The vulnerability requires local user interaction but poses a direct confidentiality risk to applications processing untrusted DNG image files. No patch is currently available for affected versions.

Buffer Overflow Information Disclosure Dng Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21352 HIGH This Week

Arbitrary code execution in DNG SDK 1.7.1 build 2410 and earlier via out-of-bounds write when processing malicious DNG files. An attacker can achieve code execution with user privileges by tricking a victim into opening a specially crafted file. No patch is currently available for this vulnerability.

Buffer Overflow RCE Dng Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21346 HIGH This Week

Arbitrary code execution in Bridge 15.1.3, 16.0.1 and earlier through an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can execute commands with the privileges of the affected user, though exploitation requires social engineering to convince a victim to open a crafted file. No patch is currently available.

Buffer Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21345 HIGH This Week

Code execution in Substance 3D Stager 3.1.6 and earlier through a crafted file that triggers an out-of-bounds memory read during parsing. An attacker can exploit this vulnerability by tricking a user into opening a malicious file, achieving arbitrary code execution with the victim's privileges. No patch is currently available for this vulnerability.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21344 HIGH This Week

Substance 3D Stager 3.1.6 and earlier contains an out-of-bounds read vulnerability in file parsing that allows arbitrary code execution when a victim opens a malicious crafted file. The vulnerability affects local users and requires user interaction to exploit, making social engineering a viable attack vector. No patch is currently available for this high-severity flaw.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21343 HIGH This Week

Code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds read vulnerability in malformed file parsing that allows attackers to corrupt memory and execute arbitrary code within the user's context. The vulnerability requires user interaction, as victims must open a specially crafted file to trigger exploitation. No patch is currently available for this high-severity flaw.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21342 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds write vulnerability that executes with user privileges. An attacker can exploit this by crafting a malicious file that, when opened by a victim, triggers the memory corruption and executes arbitrary code. No patch is currently available, making user education about untrusted files critical for mitigation.

Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21341 HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local attackers to execute arbitrary code with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it practical to exploit through social engineering. No patch is currently available.

Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25646 HIGH POC PATCH This Week

Denial of service (with limited memory disclosure) in libpng before 1.6.55 lets an attacker supply a specially crafted but spec-valid PNG that, when processed via the png_set_quantize() API, traps the library in an infinite loop reading past the end of an internal heap buffer. Affects any application that links libpng and calls png_set_quantize() without a histogram while the palette holds more than twice the colors the display supports. Publicly available exploit code exists; EPSS is low (0.06%, 19th percentile) and it is not on CISA KEV, so widespread exploitation is not currently indicated.

Buffer Overflow Denial Of Service Libpng Heap Overflow
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.1%
CVE-2026-21519 HIGH KEV PATCH THREAT Act Now

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling.

Buffer Overflow Windows 11 24h2 Windows 11 23h2 Windows 10 21h2 Windows Server 2022 23h2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
3.1%
CVE-2026-21358 MEDIUM This Month

InDesign versions 21.1, 20.5.1 and earlier contain a heap buffer overflow that enables local denial-of-service attacks when users open malicious files. An attacker can crash the application to disrupt workflow, though no patch is currently available. User interaction is required for exploitation.

Adobe Buffer Overflow Heap Overflow Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21357 HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.1, 20.5.1, and earlier through a heap buffer overflow vulnerability triggered by opening a malicious file. The vulnerability requires user interaction and executes with the privileges of the current user, with no patch currently available. Local attackers can leverage this to achieve code execution on affected systems.

Adobe Buffer Overflow Heap Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21340 MEDIUM This Month

Out-of-bounds memory read in Substance 3D Designer 15.1.0 and earlier allows attackers to extract sensitive data from process memory when a victim opens a specially crafted file. The vulnerability requires user interaction but can bypass existing protections to leak confidential information. No patch is currently available for this local attack vector.

Buffer Overflow Information Disclosure Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware status register and uses it to index into ethsw->ports[] without validation.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data into `ihid->rawbuf`.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

The Linux kernel's t7xx WWAN driver fails to validate the number of page fragments added to network socket buffers during packet reception, allowing excessive fragmentation to overflow the skb_shinfo(skb)->frags[] array and corrupt kernel memory. A local attacker with low privileges could trigger this vulnerability through malicious modem firmware or crafted network packets, potentially causing kernel crashes or undefined behavior. No patch is currently available for this medium-severity issue.

Linux Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet: 9p_client_res: client 18446612686390831168 response P9_TREAD tag 0 err 0 ...

Linux Buffer Overflow Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stack buffer overflow in Vim's NetBeans integration allows a malicious NetBeans server to corrupt memory and potentially crash the editor or execute arbitrary code through a specially crafted specialKeys command. The vulnerability affects Vim builds with NetBeans support enabled and requires user interaction to connect to a compromised server. A patch is available in Vim version 9.1.2148 and later.

Buffer Overflow Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The BACnet Protocol Stack library versions 1.4.2 and earlier contain an off-by-one buffer overflow in the ubasic interpreter's string tokenizer that crashes the application when processing oversized string literals. Public exploit code exists for this vulnerability, which affects any system running vulnerable versions of the BACnet Stack or Stack Overflow products. An attacker with local access and user interaction can trigger a denial of service condition through a specially crafted input string.

Buffer Overflow Stack Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Linux kernel NVMe-oF TCP transport lacks proper bounds checking in PDU processing, allowing a local attacker with low privileges to trigger a kernel panic by crafting malicious PDU parameters that exceed scatter-gather list boundaries. The vulnerability enables denial of service through GPF/KASAN errors when invalid memory offsets are dereferenced during data copy operations. No patch is currently available for affected systems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

libsoup's improper validation of HTTP Range headers enables remote attackers to read sensitive server memory when processing specially crafted requests against vulnerable SoupServer instances. The flaw affects GNOME-based systems using certain build configurations and requires no authentication or user interaction. No patch is currently available, and exploitation likelihood remains low at 0.1% EPSS.

Buffer Overflow Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. [CVSS 8.4 HIGH]

Buffer Overflow Spotauditor
NVD Exploit-DB
EPSS 0% CVSS 6.7
MEDIUM POC This Month

Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. [CVSS 6.2 MEDIUM]

Buffer Overflow Denial Of Service Stack Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. [CVSS 8.4 HIGH]

Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in Prime95 29.8 build 6 user ID field allows code execution. PoC available.

DNS Buffer Overflow
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack overflow in FTP Navigator 8.03 via SEH overwrite. PoC available.

RCE Buffer Overflow Stack Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in webfsd 1.21 web server via crafted request targeting filename variable. PoC available.

Buffer Overflow Webfsd
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Bareiron
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Bareiron
NVD GitHub
EPSS 0%
Monitor

Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.

Buffer Overflow
NVD
EPSS 0%
Monitor

Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.

Buffer Overflow
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Heap buffer overflow in the pg_trgm extension of PostgreSQL 18.0 and 18.1 allows authenticated database users to trigger memory corruption through specially crafted input strings. An attacker with database access could potentially achieve privilege escalation or cause service disruption, though exploit complexity is currently limited by restricted control over written data. No patch is currently available.

PostgreSQL Buffer Overflow Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in PostgreSQL pgcrypto module (versions before 14.21, 15.16, 16.12, 17.8, and 18.2) stems from a heap buffer overflow that allows attackers with database access to execute commands with the privileges of the PostgreSQL system user. An authenticated attacker can exploit this vulnerability by providing specially crafted ciphertext to trigger the overflow condition. No patch is currently available, leaving affected PostgreSQL installations vulnerable to privilege escalation and full system compromise.

PostgreSQL Buffer Overflow Heap Overflow +1
NVD VulDB
EPSS 0% 4.6 CVSS 7.8
HIGH POC KEV THREAT Act Now

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.

Apple RCE Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A local privilege escalation vulnerability in Apple's operating systems (macOS, iOS, visionOS, and iPadOS) allows authenticated users to trigger a buffer overflow condition resulting in denial of service through application crashes. The vulnerability stems from improper memory handling and affects multiple Apple platforms including watchOS and tvOS. Currently, no patch is available, though the vendor has indicated fixes will be included in upcoming OS updates.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory handling flaws in Apple's macOS, iOS, iPadOS, and Safari allow remote attackers to crash affected processes by serving specially crafted web content, requiring only user interaction to trigger the denial of service. The vulnerability affects multiple Apple platforms and products across recent versions, with fixes available in macOS Tahoe 26.3, iOS 18.7.5, iPadOS 18.7.5, and Safari 26.3. No patches are currently available for all affected versions.

Apple Buffer Overflow Ipados +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in Apple Safari, iOS, iPadOS, and macOS results from improper memory handling when processing maliciously crafted web content, causing unexpected process crashes. An unauthenticated remote attacker can trigger this vulnerability through a specially crafted webpage, affecting users who view the malicious content. No patch is currently available for this vulnerability.

Apple Buffer Overflow Ipados +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Denial of service affecting Apple's macOS, iOS, iPadOS, watchOS, tvOS, and visionOS results from a memory handling flaw that crashes processes when parsing malicious web content. An unauthenticated remote attacker can trigger unexpected application termination through crafted web pages, requiring only user interaction to visit a malicious site. A patch is not currently available for this medium-severity vulnerability.

Apple Buffer Overflow Ipados +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper memory handling in Apple operating systems (macOS, iOS, iPadOS, visionOS) allows local attackers with user-level privileges to trigger kernel memory corruption or unexpected system crashes without user interaction. The vulnerability affects multiple macOS versions (Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4) and iOS/iPadOS 18.7.5 and later. No patch is currently available for this medium-severity flaw.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Local attackers can exploit an out-of-bounds read vulnerability in macOS and Linux systems to crash the kernel or leak sensitive kernel memory, affecting macOS Sequoia 15.7.3 and earlier, macOS Tahoe 26.2 and earlier, and macOS Sonoma 14.8.3 and earlier. The vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this HIGH severity issue.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Memory corruption in Apple's USD file processing across iPhone OS, iPadOS, and visionOS enables attackers to crash applications through crafted malicious files, with high severity impact on confidentiality, integrity, and availability. The vulnerability requires user interaction to trigger (opening a malicious USD file) but needs no special privileges, affecting a large user base across multiple Apple platforms. No patch is currently available for this out-of-bounds write vulnerability.

Apple Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in Apple's media processing across iOS, macOS, watchOS, tvOS, and visionOS allows local attackers to crash applications or corrupt process memory by supplying specially crafted media files. An attacker with local access and user interaction can trigger out-of-bounds memory access during media file parsing, potentially leading to arbitrary code execution or denial of service. No patch is currently available for this vulnerability.

Apple Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

Memory handling vulnerabilities across Apple's macOS, iOS, and iPadOS platforms allow local attackers to trigger denial-of-service conditions or leak sensitive memory contents by processing specially crafted files. The vulnerability requires user interaction and local access, affecting multiple OS versions with patches available across the Apple ecosystem. CVSS 4.4 (Medium) severity reflects the limited attack surface and lack of remote exploitability.

Apple Buffer Overflow Information Disclosure
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

System process denial of service affecting Apple macOS, iOS, and iPadOS through improper memory handling allows local attackers with physical access to crash critical system processes. The vulnerability impacts multiple recent OS versions including macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and newer releases, with patches available for affected users. This could enable attackers to disrupt system stability and availability on vulnerable Apple devices.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. [CVSS 5.7 MEDIUM]

Apple Buffer Overflow
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affects VoIP/communication applications built on PJSIP.

Buffer Overflow Pjsip
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Out-of-bounds write in Pillow versions 10.3.0 through 12.1.0 allows remote denial of service when processing maliciously crafted PSD image files. An attacker can trigger a crash by supplying a specially crafted image without authentication or user interaction. A patch is available in version 12.1.1.

Python Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotmsn Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotim Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotie Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotftp Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Spotftp +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Spotdialup Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field. [CVSS 7.5 HIGH]

Denial Of Service Sharealarmpro Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Remshutdown Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Buffer Overflow Netsharewatcher Stack Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Nbmonitor Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. [CVSS 7.5 HIGH]

Denial Of Service Domain Name Search Software Buffer Overflow
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack overflow in Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 via SEH chain. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Stack overflow in Torrent 3GP Converter 1.51 via SEH overwrite. PoC available.

Buffer Overflow Stack Overflow
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Google Chrome's codec implementation prior to version 145.0.7632.45 enables remote attackers to corrupt heap memory and potentially achieve arbitrary code execution through a malicious HTML page. The vulnerability requires user interaction to visit a crafted webpage but does not require special privileges, affecting all Chrome users. No patch is currently available.

Google Buffer Overflow Chrome +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack buffer overflow in OpenSatKit 2.2.1 satellite ground station software. The ErrStr buffer overflows when formatting filenames. Space infrastructure vulnerability.

Buffer Overflow Opensatkit
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. [CVSS 7.8 HIGH]

Buffer Overflow Opensatkit
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure Qsync Central
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure File Station
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure Qsync Central
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Qnap Buffer Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. [CVSS 8.1 HIGH]

Buffer Overflow Denial Of Service Qsync Central
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. [CVSS 8.8 HIGH]

Buffer Overflow Qsync Central
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure Media Streaming Add On
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Lightroom Desktop 15.1 and earlier via an out-of-bounds write vulnerability when users open malicious files. Local exploitation requires user interaction but executes with the privileges of the current user. No patch is currently available.

Buffer Overflow RCE Lightroom
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Memory disclosure in Substance 3D Modeler 1.22.5 and earlier through an out-of-bounds read allows attackers to expose sensitive information when victims open specially crafted files. The vulnerability requires user interaction but no special privileges, making it accessible to local attackers with access to craft malicious documents. Currently no patch is available, and exploitation could reveal confidential data stored in process memory.

Buffer Overflow Information Disclosure Substance 3d Modeler
NVD
EPSS 0%
This Week

A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.

Buffer Overflow Privilege Escalation RCE
NVD
EPSS 0%
This Week

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

Buffer Overflow RCE
NVD
EPSS 0%
Monitor

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.

Buffer Overflow
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Cryptographic key disclosure and credential forgery in MUNGE 0.5 through 0.5.17 lets a local user extract munged's MAC subkey from process memory and forge arbitrary credentials. By sending a crafted message with an oversized address-length field, an attacker triggers an out-of-bounds write that corrupts munged's internal state and leaks the key used to validate credentials, enabling impersonation of any user including root across every service that trusts MUNGE for authentication. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis, but MUNGE's role as a cluster trust anchor makes the impact severe wherever it is deployed.

Buffer Overflow Munge Debian Linux +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds memory read in DNG SDK 1.7.1 (2410) and earlier enables attackers to extract sensitive information from process memory when a user opens a specially crafted file. The vulnerability requires local user interaction but poses a direct confidentiality risk to applications processing untrusted DNG image files. No patch is currently available for affected versions.

Buffer Overflow Information Disclosure Dng Software Development Kit
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in DNG SDK 1.7.1 build 2410 and earlier via out-of-bounds write when processing malicious DNG files. An attacker can achieve code execution with user privileges by tricking a victim into opening a specially crafted file. No patch is currently available for this vulnerability.

Buffer Overflow RCE Dng Software Development Kit
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Bridge 15.1.3, 16.0.1 and earlier through an out-of-bounds write vulnerability triggered when users open malicious files. An attacker can execute commands with the privileges of the affected user, though exploitation requires social engineering to convince a victim to open a crafted file. No patch is currently available.

Buffer Overflow RCE Bridge
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Code execution in Substance 3D Stager 3.1.6 and earlier through a crafted file that triggers an out-of-bounds memory read during parsing. An attacker can exploit this vulnerability by tricking a user into opening a malicious file, achieving arbitrary code execution with the victim's privileges. No patch is currently available for this vulnerability.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Substance 3D Stager 3.1.6 and earlier contains an out-of-bounds read vulnerability in file parsing that allows arbitrary code execution when a victim opens a malicious crafted file. The vulnerability affects local users and requires user interaction to exploit, making social engineering a viable attack vector. No patch is currently available for this high-severity flaw.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds read vulnerability in malformed file parsing that allows attackers to corrupt memory and execute arbitrary code within the user's context. The vulnerability requires user interaction, as victims must open a specially crafted file to trigger exploitation. No patch is currently available for this high-severity flaw.

Buffer Overflow Information Disclosure Substance 3d Stager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds write vulnerability that executes with user privileges. An attacker can exploit this by crafting a malicious file that, when opened by a victim, triggers the memory corruption and executes arbitrary code. No patch is currently available, making user education about untrusted files critical for mitigation.

Buffer Overflow RCE Substance 3d Stager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local attackers to execute arbitrary code with user privileges when a victim opens a malicious file. The vulnerability requires user interaction but no special privileges, making it practical to exploit through social engineering. No patch is currently available.

Buffer Overflow RCE Substance 3d Stager
NVD
EPSS 0% CVSS 8.3
HIGH POC PATCH This Week

Denial of service (with limited memory disclosure) in libpng before 1.6.55 lets an attacker supply a specially crafted but spec-valid PNG that, when processed via the png_set_quantize() API, traps the library in an infinite loop reading past the end of an internal heap buffer. Affects any application that links libpng and calls png_set_quantize() without a histogram while the palette holds more than twice the colors the display supports. Publicly available exploit code exists; EPSS is low (0.06%, 19th percentile) and it is not on CISA KEV, so widespread exploitation is not currently indicated.

Buffer Overflow Denial Of Service Libpng +1
NVD GitHub VulDB
EPSS 3% CVSS 7.8
HIGH KEV PATCH THREAT Act Now

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling.

Buffer Overflow Windows 11 24h2 Windows 11 23h2 +11
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

InDesign versions 21.1, 20.5.1 and earlier contain a heap buffer overflow that enables local denial-of-service attacks when users open malicious files. An attacker can crash the application to disrupt workflow, though no patch is currently available. User interaction is required for exploitation.

Adobe Buffer Overflow Heap Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign versions 21.1, 20.5.1, and earlier through a heap buffer overflow vulnerability triggered by opening a malicious file. The vulnerability requires user interaction and executes with the privileges of the current user, with no patch currently available. Local attackers can leverage this to achieve code execution on affected systems.

Adobe Buffer Overflow Heap Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds memory read in Substance 3D Designer 15.1.0 and earlier allows attackers to extract sensitive data from process memory when a victim opens a specially crafted file. The vulnerability requires user interaction but can bypass existing protections to leak confidential information. No patch is currently available for this local attack vector.

Buffer Overflow Information Disclosure Substance 3d Designer
NVD
Prev Page 43 of 403 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy