Skip to main content

Buffer Overflow

36109 CVEs technique

Monthly

CVE-2026-13967 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.47) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) but no authentication, and the flaw carries a CVSS 8.8 with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and EPSS is low (0.30%, 22nd percentile), indicating no evidence of widespread exploitation despite the high CVSS.

Memory Corruption RCE Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13938 HIGH PATCH This Week

Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13906 MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome's Codecs component (prior to 150.0.7871.47) enables remote attackers to leak sensitive data from renderer process memory by delivering a crafted HTML page. The CVSS C:H rating reflects meaningful exposure of in-process data such as session tokens or credentials, though Chromium's own team assessed this as Medium severity, and the sandbox boundary (S:U) limits blast radius to the renderer. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-13890 MEDIUM PATCH This Month

Out-of-bounds read in the Chromecast component of Google Chrome prior to 150.0.7871.47 enables a remote attacker, who has already achieved renderer process compromise, to exfiltrate potentially sensitive data from process memory via a crafted HTML page. This is a second-stage, chained vulnerability - it cannot be exploited in isolation and requires a prior renderer compromise as a prerequisite. Google has released a patch in Chrome 150.0.7871.47; no public exploit code or CISA KEV listing has been identified at time of analysis.

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-13884 HIGH PATCH This Week

Heap-based integer overflow in Google Chrome's Chromecast component allows an adjacent-network attacker to achieve arbitrary code execution against browsers running versions prior to 150.0.7871.47. The flaw is reachable via crafted malicious network traffic and carries a high CVSS of 8.8; Google has shipped a stable-channel fix, and no public exploit has been identified at time of analysis. Chromium rates the underlying issue as Medium severity despite the high CVSS, reflecting the adjacency and interaction constraints.

Heap Overflow RCE Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13873 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's Layout engine prior to 150.0.7871.47 allows remote attackers to leak potentially sensitive data from the renderer process memory by serving a crafted HTML page. User interaction is required - the victim must visit the malicious page - limiting automated mass exploitation. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation status as none with partial technical impact, placing real-world urgency below what the CVSS 6.5 score alone might suggest.

Memory Corruption Buffer Overflow Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-13858 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's bundled FFmpeg video decoding component (all versions prior to 150.0.7871.47) allows a remote attacker to leak renderer process memory contents via a crafted video file. The CVSS vector confirms network reachability with no required privileges (PR:N) but mandates user interaction (UI:R), meaning the victim must process the malicious video. SSVC assessment rates exploitation as none and the attack non-automatable, and no public exploit has been identified at time of analysis; Google has released a patched build at 150.0.7871.47.

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-13841 HIGH PATCH This Week

Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13835 HIGH PATCH This Week

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Heap Overflow Buffer Overflow Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13831 HIGH PATCH This Week

Out-of-bounds read/write (use-after-free) in Google Chrome's GPU component lets a remote attacker who has already compromised the renderer process run arbitrary code - though still confined inside the sandbox - by serving a crafted HTML page to a Chrome build prior to 150.0.7871.47. Google rates the Chromium severity High and has shipped a fixed Stable-channel build; there is no public exploit identified at time of analysis and EPSS puts near-term exploitation probability at just 0.26%.

Memory Corruption Google Buffer Overflow Use After Free RCE +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-13820 MEDIUM PATCH This Month

Out of bounds read in Skia in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-13819 HIGH PATCH This Week

Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Google Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13801 HIGH PATCH This Week

Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13798 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 stems from a heap buffer overflow in the Chromecast component, letting an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 9.6, but it is a second-stage bug requiring prior renderer control, and there is no public exploit identified at time of analysis (SSVC exploitation: none, EPSS 0.22%). No CISA KEV listing exists, indicating no confirmed active exploitation.

Heap Overflow Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13796 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Chromecast component before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page, escalating from renderer-level code execution to the more privileged browser process. Google rates the Chromium severity High and the CVSS is 9.6 due to the scope change; however, EPSS is only 0.21% (11th percentile) and there is no public exploit identified at time of analysis. A vendor patch is available.

Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-57585 PyPI HIGH PATCH This Week

Denial of service in the msgpack-python serialization library (versions prior to 1.2.1) lets remote attackers crash a process via an out-of-bounds read when an application reuses an Unpacker instance after a previously raised error was caught. Sending malformed MessagePack data that triggers an error, then feeding further data to the same Unpacker, can drive the process to a SEGV. No public exploit has been identified at time of analysis, and EPSS data was not provided, but the CVSS 3.1 score of 7.5 (availability-only) reflects a straightforward, unauthenticated crash condition.

Memory Corruption Python Use After Free Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-52196 HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets a remote, unauthenticated attacker crash the device by triggering a buffer overflow in the gohead web-service function sub_416f28 (FUN_00416f28). Publicly available exploit code exists (referenced PoC on GitHub), though the flaw is not listed in CISA KEV and EPSS scores it at just 0.22% (13th percentile), indicating low observed exploitation activity. Impact is limited to availability - no code execution or data exposure is claimed in the source data.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-56361 NuGet MEDIUM PATCH This Month

Heap buffer out-of-bounds read in ImageMagick before 7.1.2-19 via off-by-one error in morphology validation allows local attackers with user interaction to trigger denial of service. The vulnerability stems from incorrect morphology parameters causing single pixel memory access violations within heap buffers, potentially leading to application crashes or information disclosure through controlled reads of adjacent heap memory.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-54696 LOW Monitor

Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash via attacker-controlled serialized data. When applications invoke `JSON.dump(obj, io)` or `JSON::State#generate(obj, io)` to stream JSON to an IO object, the C-level generator can write past its internal buffer if the serialized object contains a string near 16 KB in size. Impact is confined to denial of service - reliable process termination - with no evidence of confidentiality or integrity impact. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS score of 3.7 (Low) appropriately reflects the constrained attack conditions.

Heap Overflow Denial Of Service Buffer Overflow Json
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2026-10655 MEDIUM PATCH This Month

Use-after-free in Zephyr's asynchronous SNTP client (sntp_close_async, v4.2.0-v4.4.0) can be triggered remotely by any network peer or off-path attacker capable of dropping or delaying UDP NTP responses, exploiting a race between the system workqueue thread and the socket-service poll thread. The most probable outcome is a crash of the networking subsystem thread (denial of service); where the freed net_context pool slot is rapidly reallocated, memory corruption is possible. The vulnerability is on the normal SNTP timeout path, making it reliably and periodically triggerable when NET_CONFIG_SNTP_INIT_RESYNC is enabled. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Memory Corruption Buffer Overflow Denial Of Service Use After Free Zephyr
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-9263 HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS Bluetooth controller's ISO Adaptation Layer (isoal.c) lets an adjacent attacker leak controller memory to the HCI host and potentially crash the device. A malicious CIS peer or a broadcaster the device is BIS-synced to sends a framed ISO PDU whose start-segment length field is 0-2, causing a uint8_t underflow (len-3 → 253-255) that copies up to ~255 bytes past the received PDU into an HCI ISO packet. Publicly available exploit code exists (SSVC: poc); it is not listed in CISA KEV, and EPSS is low at 0.17%, indicating no evidence of widespread active exploitation.

Denial Of Service Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-10652 HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS DNS resolver (subsys/net/lib/dns) lets a malicious, spoofed, or on-path DNS server - or any LAN node when mDNS/LLMNR is enabled - return crafted truncated TXT or SRV records that leak residual receive-pool memory to the application, and in some configurations crash the device. It affects Zephyr v4.3.0 and v4.4.0; the SSVC framework records a proof-of-concept, so publicly available exploit code exists, though EPSS is low (0.20%, 10th percentile) and there is no public evidence of active exploitation. The disclosed data is bounded (~64 bytes for TXT, ~6 for SRV) and read-only, but can expose stale contents of prior DNS packets.

Denial Of Service Buffer Overflow Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2026-14241 CRITICAL Act Now

Memory-corruption weaknesses in Mozilla Firefox 152.0.3 could allow remote attackers to potentially execute arbitrary code within the browser process. Mozilla graded the collected memory-safety bugs as critical (MFSA2026-62) and states some showed evidence of memory corruption that, with sufficient effort, could be exploited for code execution; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.14%, 4th percentile). The issue is resolved in Firefox 152.0.4.

Memory Corruption Mozilla Buffer Overflow RCE Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-8655 HIGH PATCH NEWS This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Oracle Denial Of Service Buffer Overflow Netscaler Application Delivery Controller +1
NVD VulDB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-8452 HIGH PATCH NEWS This Week

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Citrix Denial Of Service Buffer Overflow Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-8451 HIGH POC PATCH NEWS This Week

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the appliance is configured as a SAML identity provider (IDP), enabling disclosure of sensitive in-memory data such as tokens, session material, or other process memory. The CVSS 4.0 score of 8.8 reflects network-reachable, unauthenticated exploitation (PR:N) with high confidentiality and availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The flaw belongs to the same class of NetScaler appliance vulnerabilities (e.g., Citrix Bleed-style memory disclosure) that have historically drawn aggressive exploitation, making prompt patching advisable.

Citrix Information Disclosure Buffer Overflow Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB GitHub
CVSS 4.0
8.8
EPSS
0.5%
CVE-2026-58374 HIGH PATCH This Week

Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthenticated attacker within wireless range crash the access-point daemon by sending a crafted Wi-Fi 7 (802.11be) Multi-Link association request. A malformed Multi-Link Element or Per-STA Profile subelement supplies a link_id of 15 that overruns the 15-entry (0-14) links[] array, causing an out-of-bounds write before the 4-way handshake. No public exploit identified at time of analysis; EPSS is low (0.29%, 20th percentile) and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Hostapd
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-58016 CRITICAL PATCH Act Now

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-Bus introspection XML that nests a <node> element inside <method>, <signal>, <property>, or <arg>. This state-confusion bug triggers an unsigned integer underflow/overflow (CWE-191) and a subsequent out-of-bounds read, crashing any application or service that parses attacker-influenced introspection data. No public exploit identified at time of analysis, EPSS is low (0.34%), and CISA SSVC rates exploitation as none with only partial technical impact.

Integer Overflow Denial Of Service Buffer Overflow Glib Enterprise Linux
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-58013 HIGH PATCH This Week

Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library prior to version 2.88.1, where an application that configures a multi-byte custom line terminator triggers memcmp to read past the end of the internal GString buffer. Depending on memory layout, this leaks up to 7 bytes of adjacent heap memory (minor information disclosure) or crashes the process when the over-read crosses an unmapped page boundary (denial of service). There is no public exploit identified at time of analysis, EPSS is low (0.27%), and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-58012 HIGH PATCH This Week

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. There is no public exploit identified at time of analysis and EPSS is low (0.26%, 18th percentile), but the flaw is broadly reachable because GLib underpins the GNOME stack and ships across Red Hat Enterprise Linux 6-10.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-58011 HIGH PATCH This Week

Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output and trigger logic errors that may cause denial of service when an application processes an invalid GDateTime produced by g_date_time_add_full(). It affects the GNOME GLib core utility library shipped across Red Hat Enterprise Linux 6 through 10, with fixes in GLib 2.88.1 and 2.86.5. There is publicly available exploit code exists per SSVC (proof-of-concept), no confirmed active exploitation, and EPSS is low at 0.27% (19th percentile).

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-58010 HIGH PATCH This Week

Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory and to crash applications that deserialise untrusted GVariant data. The flaw sits in gvs_tuple_is_normal() in glib/gvariant-serialiser.c, where an alignment-padding bounds check uses '>' instead of '>=', reading one byte past the buffer; when that byte falls across a page boundary the process faults, producing a denial of service. No public exploit identified at time of analysis, and EPSS is low (0.26%), but GLib's near-universal presence on Linux systems makes the exposure broad.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-10817 MEDIUM PATCH NEWS This Month

Memory overread in Citrix NetScaler ADC and NetScaler Gateway exposes low-confidence partial memory contents to unauthenticated remote attackers when TCP TimeStamp processing is triggered against a misconfigured or specifically configured TCP Profile. The vulnerability is rooted in insufficient input validation (CWE-125) within the TCP TimeStamp handling code path, affecting virtual servers of type Load Balancer, Content Switching, and VPN, as well as configured services. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, though the network-accessible, zero-privilege attack vector warrants prompt patching given NetScaler's broad enterprise deployment.

Citrix Buffer Overflow Information Disclosure Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-52195 HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3 v3.2.7-210919-161313) allows a remote, unauthenticated attacker to crash the device by triggering a buffer overflow in the gohead web-service handler at function sub_472f08 (FUN_00472f08). The CVSS 3.1 score of 7.5 reflects availability-only impact (A:H, C:N/I:N) over the network with no privileges or user interaction. EPSS is low (0.22%, 13th percentile) and the CVE is not in CISA KEV; a third-party technical write-up exists on GitHub, but no active exploitation is confirmed.

Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-10647 MEDIUM PATCH This Month

USB CDC-NCM network driver in Zephyr RTOS through v4.4.0 permanently deadlocks the shared network egress thread when a USB bus suspend coincides with outbound device traffic, requiring a reboot to recover. The defect in `cdc_ncm_send()` ignores the return value of `usbd_ep_enqueue()` and unconditionally blocks on a completion semaphore that only the (never-fired) bulk-IN ISR can signal - halting not just CDC-NCM traffic but all egress on other interfaces sharing the TX thread. No public exploit code or active exploitation has been identified; the trigger is routine USB host power management, making this an availability risk for any embedded Zephyr device using USB virtual Ethernet.

Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-43716 MEDIUM PATCH This Month

Memory corruption (CWE-119) in Apple Safari's web content processing engine causes an unexpected application crash when rendering maliciously crafted web content. Affected across Safari, iOS 26, iPadOS 26, and macOS Tahoe - all versions prior to 26.5.2. An unauthenticated remote attacker can trigger a denial-of-service against any user who visits a hostile page, though no code execution is indicated by current data. No public exploit code and no CISA KEV listing are identified at time of analysis; exploitation probability (EPSS) was not provided in source data.

Apple Buffer Overflow Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-39872 MEDIUM PATCH This Month

Processing maliciously crafted web content in Apple Safari, iOS/iPadOS, and macOS Tahoe (all versions prior to 26.5.2) triggers an improper memory handling flaw (CWE-119 buffer overflow) in the web content processing pipeline, resulting in an unexpected process crash. The attack vector is network-based requiring user interaction (UI:R per CVSS), and impact is confined to availability - no confidentiality or integrity compromise is described. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43740 MEDIUM PATCH This Month

Safari, iOS/iPadOS, and macOS Tahoe expose process memory when the browser engine processes maliciously crafted web content, rooted in a CWE-119 improper memory buffer restriction (tagged Buffer Overflow). The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H) indicates a network-reachable, low-complexity attack requiring only that the victim visit or render attacker-controlled content, resulting in high confidentiality impact through memory leakage. No active exploitation has been confirmed in CISA KEV and no public proof-of-concept has been identified at the time of analysis; Apple has released patched versions (26.5.2) across all affected platforms.

Apple Buffer Overflow Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43663 MEDIUM PATCH This Month

Memory corruption in Apple's WebKit-based web content processing allows an unauthenticated remote attacker to crash the affected process by luring a user to visit a maliciously crafted webpage. Affected platforms include Safari, iOS, iPadOS, and macOS Tahoe, all prior to version 26.5.2. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog; impact is limited to availability (process crash) with no confirmed confidentiality or integrity exposure.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43707 MEDIUM PATCH This Month

Denial-of-service memory corruption in Apple's WebKit engine affects Safari, iOS/iPadOS, and macOS Tahoe before version 26.5.2, where processing maliciously crafted web content triggers an unexpected process crash. The CVSS vector scores only availability impact (A:H) with no confidentiality or integrity loss, indicating a crash rather than code execution. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.16%), consistent with a browser-rendering DoS reported internally by Apple rather than an actively exploited threat.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43731 HIGH PATCH This Week

Memory corruption via use-after-free in Apple's WebKit browser engine allows remote attackers to corrupt memory when a victim processes maliciously crafted web content on Safari, iOS/iPadOS, or macOS prior to 26.5.2. The CVSS 3.1 score of 8.8 reflects network-reachable exploitation requiring only that a user open a malicious page; no public exploit is identified at time of analysis and the issue is not listed in CISA KEV. Successful exploitation typically serves as the initial stage of a browser-based attack chain (often paired with a sandbox escape) to achieve code execution in the renderer.

Memory Corruption Buffer Overflow Apple Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-43712 MEDIUM PATCH This Month

Out-of-bounds read in Apple's web content processing engine (WebKit) causes a browser process crash when a user visits a maliciously crafted webpage, affecting Safari, iOS/iPadOS, and macOS Tahoe. All versions prior to the 26.5.2 releases across those platforms are affected, making this a broad-surface denial-of-service vulnerability against Apple's default browser ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the low attack complexity and zero-authentication requirement lower the bar for opportunistic abuse once a malicious page is visited.

Apple Buffer Overflow Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43745 MEDIUM PATCH This Month

Safari's web content processing engine on iOS, iPadOS, and macOS Tahoe contains an out-of-bounds write (CWE-787) that causes an unexpected crash when rendering maliciously crafted web content. All Safari versions prior to 26.5.2 - and the underlying WebKit engine shipping with iOS/iPadOS and macOS Tahoe prior to 26.5.2 - are affected. Apple has released patched versions across all three platforms; no public exploit code or CISA KEV listing has been identified at time of analysis, and available impact is limited to a denial-of-service crash with no confirmed code execution path.

Memory Corruption Apple Buffer Overflow Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-43705 HIGH PATCH This Week

Memory corruption via type confusion in Apple's WebKit browser engine allows attackers to corrupt memory by luring a victim to maliciously crafted web content, affecting Safari, iOS/iPadOS, and macOS before version 26.5.2. The flaw (CWE-843) is network-reachable but requires user interaction (visiting a page), and no public exploit has been identified at time of analysis. Apple has shipped patches across Safari 26.5.2, iOS/iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Memory Corruption Apple Buffer Overflow Ios And Ipados
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-43676 MEDIUM PATCH This Month

Out-of-bounds read in Safari's web content processing engine causes an unexpected application crash when rendering maliciously crafted web content. Affected are Safari prior to 26.5.2, iOS and iPadOS prior to 26.5.2, and macOS Tahoe prior to 26.5.2. An unauthenticated remote attacker (per PR:N/AV:N in the CVSS vector) can trigger a denial-of-service condition by enticing a user to visit a crafted page; no public exploit or CISA KEV listing has been identified at time of analysis.

Apple Buffer Overflow Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-43718 MEDIUM PATCH This Month

Stack-based buffer overflow in Apple Safari's web content processing engine causes an unexpected application crash across Safari, iOS/iPadOS, and macOS Tahoe platforms. All versions prior to 26.5.2 are affected; an attacker can trigger the overflow by luring a victim to a maliciously crafted web page, resulting in a denial-of-service through a Safari crash. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, keeping real-world risk moderate despite the broad install base.

Buffer Overflow Apple Stack Overflow Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-28979 MEDIUM PATCH This Month

Out-of-bounds read in Apple's WebKit rendering engine crashes the browser process when parsing maliciously crafted web content, affecting Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2. The vulnerability requires only that a user visit or be redirected to an attacker-controlled page, making it trivially deliverable via phishing or malicious advertising. Impact is limited to a denial-of-service process crash per vendor disclosure; no public exploit or CISA KEV listing has been identified at time of analysis.

Apple Buffer Overflow Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43703 MEDIUM PATCH This Month

Out-of-bounds read in Apple's web content processing engine crashes the rendering process across iOS, iPadOS, and macOS Tahoe when a user visits or opens maliciously crafted web content. All iOS and iPadOS versions prior to 26.5.2 and macOS Tahoe versions prior to 26.5.2 are affected per EUVD-2026-40185 and Apple's own advisories. No active exploitation is confirmed in CISA KEV and no public exploit code has been identified; however, the zero-privilege, low-complexity attack path makes denial-of-service accessible to any attacker who can deliver a malicious web page to a victim.

Apple Buffer Overflow Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43715 HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine (Safari and the system WebView on iOS, iPadOS, and macOS before 26.5.2) allows a remote attacker to corrupt process memory when a victim loads maliciously crafted web content. The flaw is a use-after-free (CWE-416) and carries a CVSS 8.8 with required user interaction; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Apple reported and patched it in coordinated releases on 2026 advisories.

Memory Corruption Buffer Overflow Apple Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-13592 MEDIUM POC This Month

Out-of-bounds write in CIPster's EtherNet/IP Message Handler exposes industrial automation devices to remote memory corruption through the BufWriter::append function. Unauthenticated remote attackers reachable on the EtherNet/IP network can send crafted protocol messages to corrupt adjacent memory, with potential for service disruption or, with further research, arbitrary code execution on embedded OT devices. A public proof-of-concept exploit (poc.zip) has been released, materially increasing risk for OT/ICS operators running this open-source CIP stack despite the moderate CVSS 4.0 score of 5.5.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-13590 LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05 allows remote, unauthenticated attackers to corrupt heap memory by sending a crafted Modbus TCP packet containing a malformed `length` field to applications using the library's `pcpp::ModbusLayer::getLength()` parser. The CVSS 4.0 score of 2.9 reflects the high attack complexity (AC:H) required to exploit the flaw reliably, with impact capped at low across confidentiality, integrity, and availability. Publicly available exploit code exists (poc.zip), though no active exploitation has been confirmed by CISA KEV at time of analysis.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.4%
CVE-2026-13589 LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05's Telnet subnegotiation packet parser allows remote attackers to corrupt heap memory by sending a specially crafted Telnet subnegotiation packet to any application embedding this library. The flaw in `pcpp::TelnetLayer::getSubCommand` (Packet++/src/TelnetLayer.cpp) results in low-level confidentiality, integrity, and availability impact against the parsing process. A proof-of-concept exploit (poc.zip) is publicly available on GitHub, but no active exploitation has been confirmed via CISA KEV, and the high attack complexity (AC:H in the provided CVSS 4.0 vector) keeps the overall score at a low 2.9.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.6%
CVE-2026-13588 LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05's TLS Hello Handler allows remote unauthenticated attackers to trigger memory corruption via a crafted handshakeVersion argument in the SSLClientHelloMessage::getHandshakeVersion function of SSLHandshake.cpp. Successful exploitation requires high attack complexity, limiting practical impact, but a public proof-of-concept (poc.zip) has been disclosed via GitHub. This vulnerability is not confirmed in CISA KEV, and its CVSS 4.0 score of 2.9 reflects the constrained, low-impact nature of the flaw despite the public exploit availability.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.4%
CVE-2026-12912 HIGH PATCH This Week

Heap-based buffer overflow in libtiff's PixarLog codec decoder lets attackers crash or potentially execute code in any application that decodes a maliciously crafted PixarLog-compressed TIFF using the PIXARLOGDATAFMT_8BITABGR output format with a specific stride value. Any software linking libtiff for TIFF decoding is exposed, with impact ranging from denial of service to potential arbitrary code execution. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, so exploitation is theoretical rather than observed.

Heap Overflow Denial Of Service Buffer Overflow RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-9105 MEDIUM PATCH This Month

Stack-based buffer overflow in the TP-Link TL-WR841N v14 web management interface allows an authenticated attacker on the same local network segment to crash the embedded web server via crafted HTTP requests, forcing the device to automatically reboot. The impact is limited exclusively to availability - no confidentiality or integrity exposure has been identified. No public exploit code or CISA KEV listing exists at time of analysis; the constrained attack prerequisites (adjacent network, administrative credentials) significantly bound real-world risk.

TP-Link Buffer Overflow Stack Overflow Tl Wr841M V14
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2026-13587 LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05 allows remote attackers to crash applications that parse attacker-controlled pcapng files via a crafted `captured_packet_length` value in the `parse_by_block_type` function of the LightPcapNg Parser. A publicly available proof-of-concept exploit (poc.zip) exists, though confirmed impact is limited to availability - application crash/denial-of-service - with no confidentiality or integrity impact indicated by the CVSS 4.0 vector. No active exploitation is confirmed, and no patch has been identified at time of analysis.

Heap Overflow Buffer Overflow Pcapplusplus
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.4%
CVE-2026-13583 HIGH POC This Week

Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers corrupt memory by sending an oversized ShareName or SelectName argument to the formUSBFolder handler at /goform/formUSBFolder. The flaw is reachable over the network and publicly available exploit code exists, though no active exploitation has been reported. Per the CVSS 4.0 vector it requires low-level authentication (PR:L) but yields full confidentiality, integrity, and availability impact on the device.

Buffer Overflow Ew 7478Apc
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2026-13582 HIGH POC This Week

Remote buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets an authenticated attacker corrupt memory through the formUSBAccount handler at /goform/formUSBAccount by supplying oversized UserName or Password values in a POST request, enabling likely code execution or device crash. The flaw is remotely reachable and publicly available exploit code exists (proof-of-concept, CVSS 4.0 base 7.4), though there is no public exploit identified as actively used in the wild. The vendor was notified but did not respond, so no fix is expected.

Buffer Overflow Ew 7478Apc
NVD VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-13580 HIGH POC This Week

Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers overflow a buffer by manipulating the selSSID parameter in a POST request to the /goform/formQoS endpoint, potentially crashing the device or executing code on it. The flaw is network-reachable and publicly available exploit code exists (disclosed via VulDB and a Notion writeup), but it is not listed in CISA KEV and no active exploitation has been confirmed. The vendor was notified but did not respond, and no patched firmware has been published.

Buffer Overflow Ew 7478Apc
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2026-13574 LOW POC Monitor

Heap-based buffer overflow in LLVM llvm-project through version 22.1.6 allows a local low-privilege attacker to crash affected LLVM tooling by supplying a crafted bitcode file that triggers an out-of-bounds heap write in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. The LLVM project was notified via a GitHub issue report but has not yet responded or released a patch. A proof-of-concept exploit has been publicly disclosed, and no active exploitation is confirmed in CISA KEV.

Heap Overflow Buffer Overflow Llvm Project
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-13573 LOW POC Monitor

Stack-based buffer overflow in LLVM's ValueSymbolTable module (llvm-project versions up to 22.1.6) allows a local, low-privileged attacker to crash the LLVM process by triggering a malformed invocation of llvm::StringMap::insert in /lib/IR/ValueSymbolTable.cpp, resulting in limited availability impact only - no confidentiality or integrity compromise is indicated by the CVSS 4.0 vector. A proof-of-concept exploit has been publicly released, lowering the barrier to triggering the crash in affected developer or CI/CD environments. No active exploitation has been confirmed by CISA KEV, and the LLVM project had not issued a patch or public response as of disclosure.

Buffer Overflow Stack Overflow Llvm Project
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-11979 LOW PATCH Monitor

Stack-based buffer overflows in libxml2's xmlcatalog utility enable memory corruption and potential arbitrary code execution when the tool is invoked in its interactive --shell mode. The usershell() function writes user-supplied input into fixed-size stack buffers (command, arg, argv) without any length validation, allowing overflow of adjacent stack memory including return addresses. Real-world risk is very low: exploitation requires local access, deliberate user invocation of a non-default shell mode, and an attack precondition - reflected in the CVSS 4.0 score of 1.8 - with no public exploit or active exploitation identified. Notably, libxml2 maintainers disputed the security classification, treating this as a bug rather than a vulnerability.

Buffer Overflow Stack Overflow RCE Libxml2
NVD VulDB
CVSS 4.0
1.8
EPSS
0.2%
CVE-2026-41992 MEDIUM PATCH This Month

Out-of-bounds read in GNU gzip's LZH decompression logic allows an unprivileged local attacker to disclose memory contents by supplying two specially crafted archives - an LZW file followed by an LZH file - in a single gzip -d invocation. The shared global decompression array, never reinitialized between files in the same process invocation, is poisoned by the LZW pass and subsequently causes the LZH decoder to read past the end of the allocated buffer, yielding high confidentiality impact per the CVSS 4.0 vector (VC:H). No public exploit or CISA KEV listing has been identified at time of analysis; the fix exists as an upstream source commit only, with no confirmed packaged release.

Buffer Overflow Gzip
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-13564 HIGH This Week

Stack-based buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers corrupt memory via an oversized pppUserName parameter sent to the formPPPoESetup handler at /goform/formPPPoESetup, potentially leading to crash or arbitrary code execution on the device. Publicly available exploit code exists, but there is no public exploit identified as actively used in the wild. The CVSS 4.0 vector indicates network reach with low privileges required (PR:L), and the vendor did not respond to disclosure, so no fix is available.

Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.8%
CVE-2026-13563 HIGH This Week

Stack-based buffer overflow in the Edimax EW-7478APC (firmware 1.04) wireless access point lets an authenticated remote attacker corrupt memory by sending an oversized L2TPUserName argument to the formL2TPSetup handler at /goform/formL2TPSetup. Publicly available exploit code exists, though it is not listed in CISA KEV and carries a CVSS 4.0 base score of 7.4. The vendor was notified but did not respond, leaving the flaw unpatched.

Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2026-13562 HIGH This Week

Memory corruption in the Edimax EW-7478APC wireless access point (firmware 1.04) lets a remote, low-privileged user overflow a buffer by submitting an oversized selSSID value to the /goform/formiNICSiteSurvey POST handler. Publicly available exploit code exists, and the vendor did not respond to disclosure, leaving deployed devices without an official fix. Successful exploitation can crash the device or potentially run attacker-controlled code on the embedded firmware; there is no public exploit identified as actively exploited (not in CISA KEV) and no EPSS score was provided.

Buffer Overflow
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2026-9267 MEDIUM This Month

Out-of-bounds read in Eclipse tinydtls prior to commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 allows unauthenticated network attackers to crash memory-constrained IoT devices by sending a specially crafted Certificate handshake message during DTLS epoch 0. The vulnerable check_server_certificate() function omits buffer length validation before uint24 reads, memcmp, and memcpy operations, enabling reads beyond valid buffer boundaries on both client and server code paths. No public exploit code or active exploitation has been identified at time of analysis; however, the unauthenticated, network-reachable nature makes this straightforward to trigger against any exposed tinydtls endpoint.

Denial Of Service Buffer Overflow Information Disclosure Eclipse Tinydtls
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-57965 MEDIUM This Month

Integer overflow in spice-vdagent's message parsing allows a malicious or compromised SPICE host to crash the guest VM's vdagent daemon by delivering a specially crafted message that triggers a downstream heap buffer overflow. Affected deployments span spice-vdagent as packaged in Red Hat Enterprise Linux 6 through 10, where the daemon runs inside guests handling host-to-guest SPICE protocol communications. No public exploit code or CISA KEV listing exists at time of analysis; exploitation is structurally constrained by the requirement that the attacking SPICE host itself be untrusted or already compromised prior to the attack.

Integer Overflow Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
5.1
EPSS
0.1%
CVE-2026-13539 HIGH POC PATCH This Week

Stack-based buffer overflow in the Wavlink WL-NU516U1-A wireless range extender (firmware M16U1_V240425) lets a remote, low-privileged attacker corrupt memory by sending an oversized Guest_ssid POST parameter to the sub_407504 function in /cgi-bin/wireless.cgi. The flaw was reported by VulDB, publicly available exploit code exists, and it carries a CVSS 4.0 base score of 7.4; there is no evidence of active exploitation in CISA KEV at this time.

Buffer Overflow Stack Overflow Wl Nu516U1 A
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-13522 LOW Monitor

Out-of-bounds read in Investintech SlimPDFReader through version 2.0.14 exposes users to application crashes when processing maliciously crafted PDF files, exploitable remotely with passive user interaction. The vulnerable function `SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0` within `SlimPDFReader.exe` fails to validate buffer boundaries during PDF parsing, resulting in a low-severity availability impact (application crash/DoS) with no confirmed confidentiality or integrity effect despite the 'Information Disclosure' tag in source metadata. No public exploit identified at time of analysis beyond the CVSS 4.0 E:P maturity indicator, and no patch will ever be released as the product is confirmed end-of-life.

Buffer Overflow Information Disclosure Slimpdfreader
NVD VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-13519 HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory via the 'page' parameter handled by the fromNatStaticSetting function at the /goform/NatStaticSetting endpoint. Publicly available exploit code exists, and the CVSS 4.0 vector (PR:L) indicates an authenticated user on the device's web interface can trigger high confidentiality, integrity and availability impact. There is no public exploit identified as actively used in the wild - exploitation is proof-of-concept only at this time.

Buffer Overflow Tenda Stack Overflow Jd12L
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-13516 HIGH This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote, low-privileged attackers corrupt memory by supplying an oversized shareSpeed value to the fromSetWifiGusetBasic handler at /goform/WifiGuestSet, enabling denial of service and potential remote code execution on the device. Publicly available exploit code exists, though there is no public exploit identified as actively used in the wild. The EPSS-style risk is moderate per the CVSS 4.0 base score of 7.4 (HIGH), and CISA KEV does not list it.

Tenda Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-13515 HIGH This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory by sending an oversized startIp argument to the formSetPPTPServer handler at /goform/SetPptpServerCfg, potentially achieving denial of service or arbitrary code execution on the device. The flaw is reachable over the network and publicly available exploit code exists, though it is not listed in CISA KEV and the CVSS 4.0 vector indicates low-privilege (authenticated) access is required. EPSS data was not provided, so widespread automated exploitation cannot be confirmed.

Tenda Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-13518 HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets a remote attacker corrupt memory by manipulating the 'page' parameter handled by the fromAddressNat function at the /goform/addressNat endpoint, potentially achieving code execution or device crash. Publicly available exploit code exists and the issue was disclosed by VulDB, though there is no public exploit identified as actively exploited in the wild. With a CVSS 4.0 base score of 7.4 and PR:L, exploitation requires some level of authenticated access to the web management interface.

Buffer Overflow Tenda Stack Overflow Jd12L
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-13517 HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) allows remote attackers to corrupt memory by manipulating the security_5g argument sent to the formWifiBasicSet handler at /goform/WifiBasicSet, potentially achieving denial of service or arbitrary code execution on the device. The flaw is network-reachable but, per the CVSS 4.0 vector, requires low-level authentication (PR:L), and publicly available exploit code exists. There is no public exploit identified as actively exploited in CISA KEV, and the EPSS score was not provided.

Buffer Overflow Tenda Stack Overflow Jd12L
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.5%
CVE-2026-51219 MEDIUM This Month

A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Denial Of Service Buffer Overflow N A Heap Overflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-51218 MEDIUM This Month

Heap buffer overflow in snap7 v1.4.3 crashes the embedded S7 server when processing a specially crafted write function packet targeting TS7Worker::PerformFunctionWrite() in /core/s7_server.cpp. Systems deploying snap7 as an S7-compatible communication server - common in industrial SCADA, HMI, and IoT gateway applications bridging to Siemens S7-series PLCs - can be disrupted remotely with no privileges required per the CVSS PR:N designation. No public exploit identified at time of analysis, and the EPSS score of 0.19% (8th percentile) reflects minimal current exploitation activity; however, operational impact in OT environments can exceed what the CVSS Availability score alone suggests.

Heap Overflow Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-51221 HIGH This Week

Denial of service in EIPStackGroup OpENer (commit 76b95c), an open-source EtherNet/IP stack, allows remote attackers to crash the device by sending a crafted Common Packet Format (CPF) packet that triggers a buffer overflow in the Get_Attribute_List handler. The flaw is network-reachable without authentication or user interaction (CVSS 7.5, availability-only impact), and SSVC indicates proof-of-concept exploit code exists and that exploitation is automatable. EPSS is low (0.17%, 7th percentile) and the CVE is not on CISA KEV, so there is no public evidence of active exploitation yet.

Authentication Bypass Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-10646 HIGH PATCH This Week

Memory corruption and denial of service in Zephyr RTOS (v4.0.0 through v4.4.0) arises in the BSD-sockets getaddrinfo() implementation, where a timed-out DNS query is retried without cancelling the prior query, leaving a callback holding a pointer into a stack frame that goes out of scope after getaddrinfo() returns. A network-delivered DNS response matched by its spoofable 16-bit transaction id, or the resolver's own delayed timeout work, then writes through that stale pointer, enabling crashes or reused-stack corruption. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; exploitation is gated by a timing/race window reflected in CVSS AC:H.

Memory Corruption Buffer Overflow Denial Of Service Use After Free Zephyr
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.3%
CVE-2026-10644 LOW PATCH Monitor

Out-of-bounds write in Zephyr RTOS's Microchip SERCOM-G1 UART driver (introduced in v4.4.0) allows an adjacent attacker who can send serial data to corrupt one byte of memory immediately beyond the caller-supplied RX buffer, potentially causing a crash or denial of service. The flaw exists only when CONFIG_UART_MCHP_ASYNC is enabled (non-default on in-tree PIC32CM-JH board configs) and the consuming application calls uart_rx_enable() with a one-byte buffer - a narrow but real embedded firmware scenario. No exploit code is publicly available and this vulnerability is not listed in CISA KEV; the upstream fix has been committed but a tagged patched release version has not been independently confirmed.

Memory Corruption Denial Of Service Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.1%
CVE-2026-58050 HIGH POC PATCH This Week

Heap buffer overflow in the libssh2 SSH client library (all versions through 1.11.1) lets a malicious or compromised SSH server corrupt memory in any connecting client on 32-bit platforms. The publickey subsystem reads an attacker-supplied 32-bit attribute count and multiplies it by the attribute structure size without bounds checking, so the allocation integer-overflows to an undersized buffer that the parsing loop then writes past. Publicly available exploit code exists; this is a CWE-190 integer overflow with no public exploit identified in CISA KEV, so it is not confirmed actively exploited.

Integer Overflow Buffer Overflow Libssh2
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.3%
CVE-2026-58049 HIGH POC PATCH This Week

Out-of-bounds heap write in FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) allows attackers to corrupt memory when libavcodec decodes a crafted stream using the RASC FourCC. The decoder performs 32-bit reads/writes at the row cursor before the NEXT_LINE boundary check and validates DLTA regions in pixel rather than byte units, letting a DLTA run on a PAL8 frame write and read several bytes past the row allocation. Publicly available exploit code exists (reported by VulnCheck); no public active exploitation has been identified at time of analysis.

Memory Corruption Buffer Overflow Ffmpeg
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.3%
CVE-2026-10643 HIGH PATCH This Week

Out-of-bounds heap write in the Zephyr RTOS IP socket stack (recvmsg/insert_pktinfo) lets an unprivileged local userspace thread corrupt kernel-heap memory on builds using CONFIG_USERSPACE. Affecting Zephyr v3.6.0 through v4.4.0, the flaw is triggered when an application calls recvmsg() with an undersized ancillary (msg_control) buffer on a UDP/IP socket that has IP_PKTINFO/IPV6_RECVPKTINFO (or hoplimit/timestamping) enabled and a datagram arrives. There is no public exploit identified at time of analysis and EPSS is low (0.12%), but the memory-corruption primitive gives full C/I/A impact locally.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-49416 HIGH This Week

Local privilege escalation in the FreeBSD kernel's vt(4) console driver stems from an integer overflow in the CONS_HISTORY ioctl handler, where an unvalidated history-size value undersizes a heap allocation and a subsequent buffer initialization writes past its end. Any unprivileged local user with access to a vt(4) terminal device can corrupt kernel heap memory and potentially escalate to root. Exploitation is local (PR:L) with no public exploit identified at time of analysis and a low EPSS of 0.18% (8th percentile).

Integer Overflow Buffer Overflow Freebsd
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49414 HIGH This Week

Local ASLR bypass in the FreeBSD ELF image activator (kernel) lets an unprivileged user neutralize address-space layout randomization for setuid PIE binaries. By calling procctl(2) to request ASLR disablement before execve(2), the per-process disable flag remains active when the PIE base address is computed, because the activator clears the flag too late. This is a mitigation-weakening flaw that materially eases exploitation of any separate memory-corruption bug in those privileged binaries; there is no public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile).

Buffer Overflow Freebsd
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-45258 HIGH This Week

Local privilege escalation in the FreeBSD kernel sound subsystem lets an unprivileged user map kernel memory outside the audio buffer via an integer-overflow flaw in dsp_mmap_single(). Because /dev/dsp device nodes are world-accessible by default, any local user on a system with an audio device can read and write arbitrary kernel memory, enabling full system compromise or a kernel panic (DoS). No public exploit identified at time of analysis; EPSS is low (0.19%, 9th percentile), and FreeBSD has released errata patches.

Denial Of Service Buffer Overflow Information Disclosure Freebsd
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-46604 Go HIGH PATCH This Week

Denial of service in the Go golang.org/x/image/tiff decoder allows remote attackers to crash any application that parses untrusted TIFF images. A maliciously crafted image with an out-of-bounds strip offset triggers a panic in the decoder, terminating the goroutine or process (CVSS 7.5, availability-only impact). There is no public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile), indicating no observed mass exploitation, but the bug is trivially triggerable wherever the library decodes attacker-supplied images.

Buffer Overflow Golang Org X Image Tiff Memory Corruption
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-48770 MEDIUM PATCH This Month

Notepad++ versions prior to 8.9.6.1 can be crashed by any local process sharing the same interactive Windows session via a malformed WM_COPYDATA message. The COPYDATA_FULL_CMDLINE handler in NppBigSwitch.cpp dereferences COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* without validating against the COPYDATASTRUCT.cbData length field, enabling an out-of-bounds read that results in process termination. No active exploitation has been confirmed (no CISA KEV listing, no public POC), and the fix is available in the vendor-released patch 8.9.6.1.

Microsoft Buffer Overflow Information Disclosure Notepad Plus Plus
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.3%
CVE-2026-53303 HIGH PATCH This Week

Out-of-bounds read (CWE-125) in the Linux kernel F2FS filesystem lets a local user trigger inconsistent access to the mount extension list by racing a sysfs read against a concurrent update. The f2fs_sbi_show() handler reads extension_list, extension_count and hot_ext_count without holding sbi->sb_lock, so a simultaneous f2fs_update_extension_list() store can yield a mismatched count/array pair and drive an out-of-bounds read that leaks stale kernel data or crashes the system. No public exploit identified at time of analysis; EPSS is low (0.17%, 7th percentile) and the issue is not in CISA KEV.

Linux Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-53300 HIGH PATCH This Week

Local memory corruption in the Linux kernel's NXP ENETC (enetc) network driver stems from a DMA use-after-free in the NTMP command path: when netc_xmit_ntmp_cmd() times out, the pending hardware command is not aborted yet ntmp_free_data_mem() frees the associated DMA buffer, so the device later DMA-writes its response into the freed (possibly reallocated) physical address, producing silent kernel memory corruption. Only systems running NXP ENETC networking hardware on kernels from 6.16 through the fixed stable releases are affected. There is no public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.17%, 6th percentile).

Linux Buffer Overflow Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.47) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) but no authentication, and the flaw carries a CVSS 8.8 with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and EPSS is low (0.30%, 22nd percentile), indicating no evidence of widespread exploitation despite the high CVSS.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Buffer Overflow Google Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome's Codecs component (prior to 150.0.7871.47) enables remote attackers to leak sensitive data from renderer process memory by delivering a crafted HTML page. The CVSS C:H rating reflects meaningful exposure of in-process data such as session tokens or credentials, though Chromium's own team assessed this as Medium severity, and the sandbox boundary (S:U) limits blast radius to the renderer. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in the Chromecast component of Google Chrome prior to 150.0.7871.47 enables a remote attacker, who has already achieved renderer process compromise, to exfiltrate potentially sensitive data from process memory via a crafted HTML page. This is a second-stage, chained vulnerability - it cannot be exploited in isolation and requires a prior renderer compromise as a prerequisite. Google has released a patch in Chrome 150.0.7871.47; no public exploit code or CISA KEV listing has been identified at time of analysis.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based integer overflow in Google Chrome's Chromecast component allows an adjacent-network attacker to achieve arbitrary code execution against browsers running versions prior to 150.0.7871.47. The flaw is reachable via crafted malicious network traffic and carries a high CVSS of 8.8; Google has shipped a stable-channel fix, and no public exploit has been identified at time of analysis. Chromium rates the underlying issue as Medium severity despite the high CVSS, reflecting the adjacency and interaction constraints.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Chrome's Layout engine prior to 150.0.7871.47 allows remote attackers to leak potentially sensitive data from the renderer process memory by serving a crafted HTML page. User interaction is required - the victim must visit the malicious page - limiting automated mass exploitation. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation status as none with partial technical impact, placing real-world urgency below what the CVSS 6.5 score alone might suggest.

Memory Corruption Buffer Overflow Google +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Chrome's bundled FFmpeg video decoding component (all versions prior to 150.0.7871.47) allows a remote attacker to leak renderer process memory contents via a crafted video file. The CVSS vector confirms network reachability with no required privileges (PR:N) but mandates user interaction (UI:R), meaning the victim must process the malicious video. SSVC assessment rates exploitation as none and the attack non-automatable, and no public exploit has been identified at time of analysis; Google has released a patched build at 150.0.7871.47.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Suse
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read/write (use-after-free) in Google Chrome's GPU component lets a remote attacker who has already compromised the renderer process run arbitrary code - though still confined inside the sandbox - by serving a crafted HTML page to a Chrome build prior to 150.0.7871.47. Google rates the Chromium severity High and has shipped a fixed Stable-channel build; there is no public exploit identified at time of analysis and EPSS puts near-term exploitation probability at just 0.26%.

Memory Corruption Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out of bounds read in Skia in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Suse
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 stems from a heap buffer overflow in the Chromecast component, letting an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 9.6, but it is a second-stage bug requiring prior renderer control, and there is no public exploit identified at time of analysis (SSVC exploitation: none, EPSS 0.22%). No CISA KEV listing exists, indicating no confirmed active exploitation.

Heap Overflow Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Chromecast component before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page, escalating from renderer-level code execution to the more privileged browser process. Google rates the Chromium severity High and the CVSS is 9.6 due to the scope change; however, EPSS is only 0.21% (11th percentile) and there is no public exploit identified at time of analysis. A vendor patch is available.

Buffer Overflow Google Suse
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the msgpack-python serialization library (versions prior to 1.2.1) lets remote attackers crash a process via an out-of-bounds read when an application reuses an Unpacker instance after a previously raised error was caught. Sending malformed MessagePack data that triggers an error, then feeding further data to the same Unpacker, can drive the process to a SEGV. No public exploit has been identified at time of analysis, and EPSS data was not provided, but the CVSS 3.1 score of 7.5 (availability-only) reflects a straightforward, unauthenticated crash condition.

Memory Corruption Python Use After Free +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets a remote, unauthenticated attacker crash the device by triggering a buffer overflow in the gohead web-service function sub_416f28 (FUN_00416f28). Publicly available exploit code exists (referenced PoC on GitHub), though the flaw is not listed in CISA KEV and EPSS scores it at just 0.22% (13th percentile), indicating low observed exploitation activity. Impact is limited to availability - no code execution or data exposure is claimed in the source data.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Heap buffer out-of-bounds read in ImageMagick before 7.1.2-19 via off-by-one error in morphology validation allows local attackers with user interaction to trigger denial of service. The vulnerability stems from incorrect morphology parameters causing single pixel memory access violations within heap buffers, potentially leading to application crashes or information disclosure through controlled reads of adjacent heap memory.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW Monitor

Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash via attacker-controlled serialized data. When applications invoke `JSON.dump(obj, io)` or `JSON::State#generate(obj, io)` to stream JSON to an IO object, the C-level generator can write past its internal buffer if the serialized object contains a string near 16 KB in size. Impact is confined to denial of service - reliable process termination - with no evidence of confidentiality or integrity impact. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS score of 3.7 (Low) appropriately reflects the constrained attack conditions.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Use-after-free in Zephyr's asynchronous SNTP client (sntp_close_async, v4.2.0-v4.4.0) can be triggered remotely by any network peer or off-path attacker capable of dropping or delaying UDP NTP responses, exploiting a race between the system workqueue thread and the socket-service poll thread. The most probable outcome is a crash of the networking subsystem thread (denial of service); where the freed net_context pool slot is rapidly reallocated, memory corruption is possible. The vulnerability is on the normal SNTP timeout path, making it reliably and periodically triggerable when NET_CONFIG_SNTP_INIT_RESYNC is enabled. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS Bluetooth controller's ISO Adaptation Layer (isoal.c) lets an adjacent attacker leak controller memory to the HCI host and potentially crash the device. A malicious CIS peer or a broadcaster the device is BIS-synced to sends a framed ISO PDU whose start-segment length field is 0-2, causing a uint8_t underflow (len-3 → 253-255) that copies up to ~255 bytes past the received PDU into an HCI ISO packet. Publicly available exploit code exists (SSVC: poc); it is not listed in CISA KEV, and EPSS is low at 0.17%, indicating no evidence of widespread active exploitation.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS DNS resolver (subsys/net/lib/dns) lets a malicious, spoofed, or on-path DNS server - or any LAN node when mDNS/LLMNR is enabled - return crafted truncated TXT or SRV records that leak residual receive-pool memory to the application, and in some configurations crash the device. It affects Zephyr v4.3.0 and v4.4.0; the SSVC framework records a proof-of-concept, so publicly available exploit code exists, though EPSS is low (0.20%, 10th percentile) and there is no public evidence of active exploitation. The disclosed data is bounded (~64 bytes for TXT, ~6 for SRV) and read-only, but can expose stale contents of prior DNS packets.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Memory-corruption weaknesses in Mozilla Firefox 152.0.3 could allow remote attackers to potentially execute arbitrary code within the browser process. Mozilla graded the collected memory-safety bugs as critical (MFSA2026-62) and states some showed evidence of memory corruption that, with sufficient effort, could be exploited for code execution; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.14%, 4th percentile). The issue is resolved in Firefox 152.0.4.

Memory Corruption Mozilla Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Oracle Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Citrix Denial Of Service Buffer Overflow +2
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the appliance is configured as a SAML identity provider (IDP), enabling disclosure of sensitive in-memory data such as tokens, session material, or other process memory. The CVSS 4.0 score of 8.8 reflects network-reachable, unauthenticated exploitation (PR:N) with high confidentiality and availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The flaw belongs to the same class of NetScaler appliance vulnerabilities (e.g., Citrix Bleed-style memory disclosure) that have historically drawn aggressive exploitation, making prompt patching advisable.

Citrix Information Disclosure Buffer Overflow +2
NVD VulDB GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthenticated attacker within wireless range crash the access-point daemon by sending a crafted Wi-Fi 7 (802.11be) Multi-Link association request. A malformed Multi-Link Element or Per-STA Profile subelement supplies a link_id of 15 that overruns the 15-entry (0-14) links[] array, causing an out-of-bounds write before the 4-way handshake. No public exploit identified at time of analysis; EPSS is low (0.29%, 20th percentile) and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Hostapd
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-Bus introspection XML that nests a <node> element inside <method>, <signal>, <property>, or <arg>. This state-confusion bug triggers an unsigned integer underflow/overflow (CWE-191) and a subsequent out-of-bounds read, crashing any application or service that parses attacker-influenced introspection data. No public exploit identified at time of analysis, EPSS is low (0.34%), and CISA SSVC rates exploitation as none with only partial technical impact.

Integer Overflow Denial Of Service Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library prior to version 2.88.1, where an application that configures a multi-byte custom line terminator triggers memcmp to read past the end of the internal GString buffer. Depending on memory layout, this leaks up to 7 bytes of adjacent heap memory (minor information disclosure) or crashes the process when the over-read crosses an unmapped page boundary (denial of service). There is no public exploit identified at time of analysis, EPSS is low (0.27%), and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. There is no public exploit identified at time of analysis and EPSS is low (0.26%, 18th percentile), but the flaw is broadly reachable because GLib underpins the GNOME stack and ships across Red Hat Enterprise Linux 6-10.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output and trigger logic errors that may cause denial of service when an application processes an invalid GDateTime produced by g_date_time_add_full(). It affects the GNOME GLib core utility library shipped across Red Hat Enterprise Linux 6 through 10, with fixes in GLib 2.88.1 and 2.86.5. There is publicly available exploit code exists per SSVC (proof-of-concept), no confirmed active exploitation, and EPSS is low at 0.27% (19th percentile).

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory and to crash applications that deserialise untrusted GVariant data. The flaw sits in gvs_tuple_is_normal() in glib/gvariant-serialiser.c, where an alignment-padding bounds check uses '>' instead of '>=', reading one byte past the buffer; when that byte falls across a page boundary the process faults, producing a denial of service. No public exploit identified at time of analysis, and EPSS is low (0.26%), but GLib's near-universal presence on Linux systems makes the exposure broad.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Memory overread in Citrix NetScaler ADC and NetScaler Gateway exposes low-confidence partial memory contents to unauthenticated remote attackers when TCP TimeStamp processing is triggered against a misconfigured or specifically configured TCP Profile. The vulnerability is rooted in insufficient input validation (CWE-125) within the TCP TimeStamp handling code path, affecting virtual servers of type Load Balancer, Content Switching, and VPN, as well as configured services. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, though the network-accessible, zero-privilege attack vector warrants prompt patching given NetScaler's broad enterprise deployment.

Citrix Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3 v3.2.7-210919-161313) allows a remote, unauthenticated attacker to crash the device by triggering a buffer overflow in the gohead web-service handler at function sub_472f08 (FUN_00472f08). The CVSS 3.1 score of 7.5 reflects availability-only impact (A:H, C:N/I:N) over the network with no privileges or user interaction. EPSS is low (0.22%, 13th percentile) and the CVE is not in CISA KEV; a third-party technical write-up exists on GitHub, but no active exploitation is confirmed.

Denial Of Service Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

USB CDC-NCM network driver in Zephyr RTOS through v4.4.0 permanently deadlocks the shared network egress thread when a USB bus suspend coincides with outbound device traffic, requiring a reboot to recover. The defect in `cdc_ncm_send()` ignores the return value of `usbd_ep_enqueue()` and unconditionally blocks on a completion semaphore that only the (never-fired) bulk-IN ISR can signal - halting not just CDC-NCM traffic but all egress on other interfaces sharing the TX thread. No public exploit code or active exploitation has been identified; the trigger is routine USB host power management, making this an availability risk for any embedded Zephyr device using USB virtual Ethernet.

Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory corruption (CWE-119) in Apple Safari's web content processing engine causes an unexpected application crash when rendering maliciously crafted web content. Affected across Safari, iOS 26, iPadOS 26, and macOS Tahoe - all versions prior to 26.5.2. An unauthenticated remote attacker can trigger a denial-of-service against any user who visits a hostile page, though no code execution is indicated by current data. No public exploit code and no CISA KEV listing are identified at time of analysis; exploitation probability (EPSS) was not provided in source data.

Apple Buffer Overflow Ios And Ipados
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Processing maliciously crafted web content in Apple Safari, iOS/iPadOS, and macOS Tahoe (all versions prior to 26.5.2) triggers an improper memory handling flaw (CWE-119 buffer overflow) in the web content processing pipeline, resulting in an unexpected process crash. The attack vector is network-based requiring user interaction (UI:R per CVSS), and impact is confined to availability - no confidentiality or integrity compromise is described. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari, iOS/iPadOS, and macOS Tahoe expose process memory when the browser engine processes maliciously crafted web content, rooted in a CWE-119 improper memory buffer restriction (tagged Buffer Overflow). The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H) indicates a network-reachable, low-complexity attack requiring only that the victim visit or render attacker-controlled content, resulting in high confidentiality impact through memory leakage. No active exploitation has been confirmed in CISA KEV and no public proof-of-concept has been identified at the time of analysis; Apple has released patched versions (26.5.2) across all affected platforms.

Apple Buffer Overflow Ios And Ipados
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory corruption in Apple's WebKit-based web content processing allows an unauthenticated remote attacker to crash the affected process by luring a user to visit a maliciously crafted webpage. Affected platforms include Safari, iOS, iPadOS, and macOS Tahoe, all prior to version 26.5.2. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog; impact is limited to availability (process crash) with no confirmed confidentiality or integrity exposure.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial-of-service memory corruption in Apple's WebKit engine affects Safari, iOS/iPadOS, and macOS Tahoe before version 26.5.2, where processing maliciously crafted web content triggers an unexpected process crash. The CVSS vector scores only availability impact (A:H) with no confidentiality or integrity loss, indicating a crash rather than code execution. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.16%), consistent with a browser-rendering DoS reported internally by Apple rather than an actively exploited threat.

Apple Buffer Overflow Ios And Ipados
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption via use-after-free in Apple's WebKit browser engine allows remote attackers to corrupt memory when a victim processes maliciously crafted web content on Safari, iOS/iPadOS, or macOS prior to 26.5.2. The CVSS 3.1 score of 8.8 reflects network-reachable exploitation requiring only that a user open a malicious page; no public exploit is identified at time of analysis and the issue is not listed in CISA KEV. Successful exploitation typically serves as the initial stage of a browser-based attack chain (often paired with a sandbox escape) to achieve code execution in the renderer.

Memory Corruption Buffer Overflow Apple +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Apple's web content processing engine (WebKit) causes a browser process crash when a user visits a maliciously crafted webpage, affecting Safari, iOS/iPadOS, and macOS Tahoe. All versions prior to the 26.5.2 releases across those platforms are affected, making this a broad-surface denial-of-service vulnerability against Apple's default browser ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the low attack complexity and zero-authentication requirement lower the bar for opportunistic abuse once a malicious page is visited.

Apple Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Safari's web content processing engine on iOS, iPadOS, and macOS Tahoe contains an out-of-bounds write (CWE-787) that causes an unexpected crash when rendering maliciously crafted web content. All Safari versions prior to 26.5.2 - and the underlying WebKit engine shipping with iOS/iPadOS and macOS Tahoe prior to 26.5.2 - are affected. Apple has released patched versions across all three platforms; no public exploit code or CISA KEV listing has been identified at time of analysis, and available impact is limited to a denial-of-service crash with no confirmed code execution path.

Memory Corruption Apple Buffer Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption via type confusion in Apple's WebKit browser engine allows attackers to corrupt memory by luring a victim to maliciously crafted web content, affecting Safari, iOS/iPadOS, and macOS before version 26.5.2. The flaw (CWE-843) is network-reachable but requires user interaction (visiting a page), and no public exploit has been identified at time of analysis. Apple has shipped patches across Safari 26.5.2, iOS/iPadOS 26.5.2, and macOS Tahoe 26.5.2.

Memory Corruption Apple Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Safari's web content processing engine causes an unexpected application crash when rendering maliciously crafted web content. Affected are Safari prior to 26.5.2, iOS and iPadOS prior to 26.5.2, and macOS Tahoe prior to 26.5.2. An unauthenticated remote attacker (per PR:N/AV:N in the CVSS vector) can trigger a denial-of-service condition by enticing a user to visit a crafted page; no public exploit or CISA KEV listing has been identified at time of analysis.

Apple Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Stack-based buffer overflow in Apple Safari's web content processing engine causes an unexpected application crash across Safari, iOS/iPadOS, and macOS Tahoe platforms. All versions prior to 26.5.2 are affected; an attacker can trigger the overflow by luring a victim to a maliciously crafted web page, resulting in a denial-of-service through a Safari crash. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, keeping real-world risk moderate despite the broad install base.

Buffer Overflow Apple Stack Overflow +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Apple's WebKit rendering engine crashes the browser process when parsing maliciously crafted web content, affecting Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2. The vulnerability requires only that a user visit or be redirected to an attacker-controlled page, making it trivially deliverable via phishing or malicious advertising. Impact is limited to a denial-of-service process crash per vendor disclosure; no public exploit or CISA KEV listing has been identified at time of analysis.

Apple Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Apple's web content processing engine crashes the rendering process across iOS, iPadOS, and macOS Tahoe when a user visits or opens maliciously crafted web content. All iOS and iPadOS versions prior to 26.5.2 and macOS Tahoe versions prior to 26.5.2 are affected per EUVD-2026-40185 and Apple's own advisories. No active exploitation is confirmed in CISA KEV and no public exploit code has been identified; however, the zero-privilege, low-complexity attack path makes denial-of-service accessible to any attacker who can deliver a malicious web page to a victim.

Apple Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in Apple's WebKit browser engine (Safari and the system WebView on iOS, iPadOS, and macOS before 26.5.2) allows a remote attacker to corrupt process memory when a victim loads maliciously crafted web content. The flaw is a use-after-free (CWE-416) and carries a CVSS 8.8 with required user interaction; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, though Apple reported and patched it in coordinated releases on 2026 advisories.

Memory Corruption Buffer Overflow Apple +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Out-of-bounds write in CIPster's EtherNet/IP Message Handler exposes industrial automation devices to remote memory corruption through the BufWriter::append function. Unauthenticated remote attackers reachable on the EtherNet/IP network can send crafted protocol messages to corrupt adjacent memory, with potential for service disruption or, with further research, arbitrary code execution on embedded OT devices. A public proof-of-concept exploit (poc.zip) has been released, materially increasing risk for OT/ICS operators running this open-source CIP stack despite the moderate CVSS 4.0 score of 5.5.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 2.9
LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05 allows remote, unauthenticated attackers to corrupt heap memory by sending a crafted Modbus TCP packet containing a malformed `length` field to applications using the library's `pcpp::ModbusLayer::getLength()` parser. The CVSS 4.0 score of 2.9 reflects the high attack complexity (AC:H) required to exploit the flaw reliably, with impact capped at low across confidentiality, integrity, and availability. Publicly available exploit code exists (poc.zip), though no active exploitation has been confirmed by CISA KEV at time of analysis.

Buffer Overflow
NVD GitHub VulDB
EPSS 1% CVSS 2.9
LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05's Telnet subnegotiation packet parser allows remote attackers to corrupt heap memory by sending a specially crafted Telnet subnegotiation packet to any application embedding this library. The flaw in `pcpp::TelnetLayer::getSubCommand` (Packet++/src/TelnetLayer.cpp) results in low-level confidentiality, integrity, and availability impact against the parsing process. A proof-of-concept exploit (poc.zip) is publicly available on GitHub, but no active exploitation has been confirmed via CISA KEV, and the high attack complexity (AC:H in the provided CVSS 4.0 vector) keeps the overall score at a low 2.9.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 2.9
LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05's TLS Hello Handler allows remote unauthenticated attackers to trigger memory corruption via a crafted handshakeVersion argument in the SSLClientHelloMessage::getHandshakeVersion function of SSLHandshake.cpp. Successful exploitation requires high attack complexity, limiting practical impact, but a public proof-of-concept (poc.zip) has been disclosed via GitHub. This vulnerability is not confirmed in CISA KEV, and its CVSS 4.0 score of 2.9 reflects the constrained, low-impact nature of the flaw despite the public exploit availability.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Heap-based buffer overflow in libtiff's PixarLog codec decoder lets attackers crash or potentially execute code in any application that decodes a maliciously crafted PixarLog-compressed TIFF using the PIXARLOGDATAFMT_8BITABGR output format with a specific stride value. Any software linking libtiff for TIFF decoding is exposed, with impact ranging from denial of service to potential arbitrary code execution. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, so exploitation is theoretical rather than observed.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Stack-based buffer overflow in the TP-Link TL-WR841N v14 web management interface allows an authenticated attacker on the same local network segment to crash the embedded web server via crafted HTTP requests, forcing the device to automatically reboot. The impact is limited exclusively to availability - no confidentiality or integrity exposure has been identified. No public exploit code or CISA KEV listing exists at time of analysis; the constrained attack prerequisites (adjacent network, administrative credentials) significantly bound real-world risk.

TP-Link Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 2.9
LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05 allows remote attackers to crash applications that parse attacker-controlled pcapng files via a crafted `captured_packet_length` value in the `parse_by_block_type` function of the LightPcapNg Parser. A publicly available proof-of-concept exploit (poc.zip) exists, though confirmed impact is limited to availability - application crash/denial-of-service - with no confidentiality or integrity impact indicated by the CVSS 4.0 vector. No active exploitation is confirmed, and no patch has been identified at time of analysis.

Heap Overflow Buffer Overflow Pcapplusplus
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers corrupt memory by sending an oversized ShareName or SelectName argument to the formUSBFolder handler at /goform/formUSBFolder. The flaw is reachable over the network and publicly available exploit code exists, though no active exploitation has been reported. Per the CVSS 4.0 vector it requires low-level authentication (PR:L) but yields full confidentiality, integrity, and availability impact on the device.

Buffer Overflow Ew 7478Apc
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets an authenticated attacker corrupt memory through the formUSBAccount handler at /goform/formUSBAccount by supplying oversized UserName or Password values in a POST request, enabling likely code execution or device crash. The flaw is remotely reachable and publicly available exploit code exists (proof-of-concept, CVSS 4.0 base 7.4), though there is no public exploit identified as actively used in the wild. The vendor was notified but did not respond, so no fix is expected.

Buffer Overflow Ew 7478Apc
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers overflow a buffer by manipulating the selSSID parameter in a POST request to the /goform/formQoS endpoint, potentially crashing the device or executing code on it. The flaw is network-reachable and publicly available exploit code exists (disclosed via VulDB and a Notion writeup), but it is not listed in CISA KEV and no active exploitation has been confirmed. The vendor was notified but did not respond, and no patched firmware has been published.

Buffer Overflow Ew 7478Apc
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in LLVM llvm-project through version 22.1.6 allows a local low-privilege attacker to crash affected LLVM tooling by supplying a crafted bitcode file that triggers an out-of-bounds heap write in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. The LLVM project was notified via a GitHub issue report but has not yet responded or released a patch. A proof-of-concept exploit has been publicly disclosed, and no active exploitation is confirmed in CISA KEV.

Heap Overflow Buffer Overflow Llvm Project
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Stack-based buffer overflow in LLVM's ValueSymbolTable module (llvm-project versions up to 22.1.6) allows a local, low-privileged attacker to crash the LLVM process by triggering a malformed invocation of llvm::StringMap::insert in /lib/IR/ValueSymbolTable.cpp, resulting in limited availability impact only - no confidentiality or integrity compromise is indicated by the CVSS 4.0 vector. A proof-of-concept exploit has been publicly released, lowering the barrier to triggering the crash in affected developer or CI/CD environments. No active exploitation has been confirmed by CISA KEV, and the LLVM project had not issued a patch or public response as of disclosure.

Buffer Overflow Stack Overflow Llvm Project
NVD VulDB GitHub
EPSS 0% CVSS 1.8
LOW PATCH Monitor

Stack-based buffer overflows in libxml2's xmlcatalog utility enable memory corruption and potential arbitrary code execution when the tool is invoked in its interactive --shell mode. The usershell() function writes user-supplied input into fixed-size stack buffers (command, arg, argv) without any length validation, allowing overflow of adjacent stack memory including return addresses. Real-world risk is very low: exploitation requires local access, deliberate user invocation of a non-default shell mode, and an attack precondition - reflected in the CVSS 4.0 score of 1.8 - with no public exploit or active exploitation identified. Notably, libxml2 maintainers disputed the security classification, treating this as a bug rather than a vulnerability.

Buffer Overflow Stack Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Out-of-bounds read in GNU gzip's LZH decompression logic allows an unprivileged local attacker to disclose memory contents by supplying two specially crafted archives - an LZW file followed by an LZH file - in a single gzip -d invocation. The shared global decompression array, never reinitialized between files in the same process invocation, is poisoned by the LZW pass and subsequently causes the LZH decoder to read past the end of the allocated buffer, yielding high confidentiality impact per the CVSS 4.0 vector (VC:H). No public exploit or CISA KEV listing has been identified at time of analysis; the fix exists as an upstream source commit only, with no confirmed packaged release.

Buffer Overflow Gzip
NVD VulDB
EPSS 1% CVSS 7.4
HIGH This Week

Stack-based buffer overflow in the Edimax EW-7478APC wireless access point (firmware 1.04) lets remote attackers corrupt memory via an oversized pppUserName parameter sent to the formPPPoESetup handler at /goform/formPPPoESetup, potentially leading to crash or arbitrary code execution on the device. Publicly available exploit code exists, but there is no public exploit identified as actively used in the wild. The CVSS 4.0 vector indicates network reach with low privileges required (PR:L), and the vendor did not respond to disclosure, so no fix is available.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Stack-based buffer overflow in the Edimax EW-7478APC (firmware 1.04) wireless access point lets an authenticated remote attacker corrupt memory by sending an oversized L2TPUserName argument to the formL2TPSetup handler at /goform/formL2TPSetup. Publicly available exploit code exists, though it is not listed in CISA KEV and carries a CVSS 4.0 base score of 7.4. The vendor was notified but did not respond, leaving the flaw unpatched.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Memory corruption in the Edimax EW-7478APC wireless access point (firmware 1.04) lets a remote, low-privileged user overflow a buffer by submitting an oversized selSSID value to the /goform/formiNICSiteSurvey POST handler. Publicly available exploit code exists, and the vendor did not respond to disclosure, leaving deployed devices without an official fix. Successful exploitation can crash the device or potentially run attacker-controlled code on the embedded firmware; there is no public exploit identified as actively exploited (not in CISA KEV) and no EPSS score was provided.

Buffer Overflow
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Out-of-bounds read in Eclipse tinydtls prior to commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 allows unauthenticated network attackers to crash memory-constrained IoT devices by sending a specially crafted Certificate handshake message during DTLS epoch 0. The vulnerable check_server_certificate() function omits buffer length validation before uint24 reads, memcmp, and memcpy operations, enabling reads beyond valid buffer boundaries on both client and server code paths. No public exploit code or active exploitation has been identified at time of analysis; however, the unauthenticated, network-reachable nature makes this straightforward to trigger against any exposed tinydtls endpoint.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Integer overflow in spice-vdagent's message parsing allows a malicious or compromised SPICE host to crash the guest VM's vdagent daemon by delivering a specially crafted message that triggers a downstream heap buffer overflow. Affected deployments span spice-vdagent as packaged in Red Hat Enterprise Linux 6 through 10, where the daemon runs inside guests handling host-to-guest SPICE protocol communications. No public exploit code or CISA KEV listing exists at time of analysis; exploitation is structurally constrained by the requirement that the attacking SPICE host itself be untrusted or already compromised prior to the attack.

Integer Overflow Denial Of Service Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

Stack-based buffer overflow in the Wavlink WL-NU516U1-A wireless range extender (firmware M16U1_V240425) lets a remote, low-privileged attacker corrupt memory by sending an oversized Guest_ssid POST parameter to the sub_407504 function in /cgi-bin/wireless.cgi. The flaw was reported by VulDB, publicly available exploit code exists, and it carries a CVSS 4.0 base score of 7.4; there is no evidence of active exploitation in CISA KEV at this time.

Buffer Overflow Stack Overflow Wl Nu516U1 A
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Out-of-bounds read in Investintech SlimPDFReader through version 2.0.14 exposes users to application crashes when processing maliciously crafted PDF files, exploitable remotely with passive user interaction. The vulnerable function `SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0` within `SlimPDFReader.exe` fails to validate buffer boundaries during PDF parsing, resulting in a low-severity availability impact (application crash/DoS) with no confirmed confidentiality or integrity effect despite the 'Information Disclosure' tag in source metadata. No public exploit identified at time of analysis beyond the CVSS 4.0 E:P maturity indicator, and no patch will ever be released as the product is confirmed end-of-life.

Buffer Overflow Information Disclosure Slimpdfreader
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory via the 'page' parameter handled by the fromNatStaticSetting function at the /goform/NatStaticSetting endpoint. Publicly available exploit code exists, and the CVSS 4.0 vector (PR:L) indicates an authenticated user on the device's web interface can trigger high confidentiality, integrity and availability impact. There is no public exploit identified as actively used in the wild - exploitation is proof-of-concept only at this time.

Buffer Overflow Tenda Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote, low-privileged attackers corrupt memory by supplying an oversized shareSpeed value to the fromSetWifiGusetBasic handler at /goform/WifiGuestSet, enabling denial of service and potential remote code execution on the device. Publicly available exploit code exists, though there is no public exploit identified as actively used in the wild. The EPSS-style risk is moderate per the CVSS 4.0 base score of 7.4 (HIGH), and CISA KEV does not list it.

Tenda Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory by sending an oversized startIp argument to the formSetPPTPServer handler at /goform/SetPptpServerCfg, potentially achieving denial of service or arbitrary code execution on the device. The flaw is reachable over the network and publicly available exploit code exists, though it is not listed in CISA KEV and the CVSS 4.0 vector indicates low-privilege (authenticated) access is required. EPSS data was not provided, so widespread automated exploitation cannot be confirmed.

Tenda Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets a remote attacker corrupt memory by manipulating the 'page' parameter handled by the fromAddressNat function at the /goform/addressNat endpoint, potentially achieving code execution or device crash. Publicly available exploit code exists and the issue was disclosed by VulDB, though there is no public exploit identified as actively exploited in the wild. With a CVSS 4.0 base score of 7.4 and PR:L, exploitation requires some level of authenticated access to the web management interface.

Buffer Overflow Tenda Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) allows remote attackers to corrupt memory by manipulating the security_5g argument sent to the formWifiBasicSet handler at /goform/WifiBasicSet, potentially achieving denial of service or arbitrary code execution on the device. The flaw is network-reachable but, per the CVSS 4.0 vector, requires low-level authentication (PR:L), and publicly available exploit code exists. There is no public exploit identified as actively exploited in CISA KEV, and the EPSS score was not provided.

Buffer Overflow Tenda Stack Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Denial Of Service Buffer Overflow N A +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Heap buffer overflow in snap7 v1.4.3 crashes the embedded S7 server when processing a specially crafted write function packet targeting TS7Worker::PerformFunctionWrite() in /core/s7_server.cpp. Systems deploying snap7 as an S7-compatible communication server - common in industrial SCADA, HMI, and IoT gateway applications bridging to Siemens S7-series PLCs - can be disrupted remotely with no privileges required per the CVSS PR:N designation. No public exploit identified at time of analysis, and the EPSS score of 0.19% (8th percentile) reflects minimal current exploitation activity; however, operational impact in OT environments can exceed what the CVSS Availability score alone suggests.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in EIPStackGroup OpENer (commit 76b95c), an open-source EtherNet/IP stack, allows remote attackers to crash the device by sending a crafted Common Packet Format (CPF) packet that triggers a buffer overflow in the Get_Attribute_List handler. The flaw is network-reachable without authentication or user interaction (CVSS 7.5, availability-only impact), and SSVC indicates proof-of-concept exploit code exists and that exploitation is automatable. EPSS is low (0.17%, 7th percentile) and the CVE is not on CISA KEV, so there is no public evidence of active exploitation yet.

Authentication Bypass Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Memory corruption and denial of service in Zephyr RTOS (v4.0.0 through v4.4.0) arises in the BSD-sockets getaddrinfo() implementation, where a timed-out DNS query is retried without cancelling the prior query, leaving a callback holding a pointer into a stack frame that goes out of scope after getaddrinfo() returns. A network-delivered DNS response matched by its spoofable 16-bit transaction id, or the resolver's own delayed timeout work, then writes through that stale pointer, enabling crashes or reused-stack corruption. There is no public exploit identified at time of analysis and the issue is not in CISA KEV; exploitation is gated by a timing/race window reflected in CVSS AC:H.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Out-of-bounds write in Zephyr RTOS's Microchip SERCOM-G1 UART driver (introduced in v4.4.0) allows an adjacent attacker who can send serial data to corrupt one byte of memory immediately beyond the caller-supplied RX buffer, potentially causing a crash or denial of service. The flaw exists only when CONFIG_UART_MCHP_ASYNC is enabled (non-default on in-tree PIC32CM-JH board configs) and the consuming application calls uart_rx_enable() with a one-byte buffer - a narrow but real embedded firmware scenario. No exploit code is publicly available and this vulnerability is not listed in CISA KEV; the upstream fix has been committed but a tagged patched release version has not been independently confirmed.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH POC PATCH This Week

Heap buffer overflow in the libssh2 SSH client library (all versions through 1.11.1) lets a malicious or compromised SSH server corrupt memory in any connecting client on 32-bit platforms. The publickey subsystem reads an attacker-supplied 32-bit attribute count and multiplies it by the attribute structure size without bounds checking, so the allocation integer-overflows to an undersized buffer that the parsing loop then writes past. Publicly available exploit code exists; this is a CWE-190 integer overflow with no public exploit identified in CISA KEV, so it is not confirmed actively exploited.

Integer Overflow Buffer Overflow Libssh2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Out-of-bounds heap write in FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) allows attackers to corrupt memory when libavcodec decodes a crafted stream using the RASC FourCC. The decoder performs 32-bit reads/writes at the row cursor before the NEXT_LINE boundary check and validates DLTA regions in pixel rather than byte units, letting a DLTA run on a PAL8 frame write and read several bytes past the row allocation. Publicly available exploit code exists (reported by VulnCheck); no public active exploitation has been identified at time of analysis.

Memory Corruption Buffer Overflow Ffmpeg
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds heap write in the Zephyr RTOS IP socket stack (recvmsg/insert_pktinfo) lets an unprivileged local userspace thread corrupt kernel-heap memory on builds using CONFIG_USERSPACE. Affecting Zephyr v3.6.0 through v4.4.0, the flaw is triggered when an application calls recvmsg() with an undersized ancillary (msg_control) buffer on a UDP/IP socket that has IP_PKTINFO/IPV6_RECVPKTINFO (or hoplimit/timestamping) enabled and a datagram arrives. There is no public exploit identified at time of analysis and EPSS is low (0.12%), but the memory-corruption primitive gives full C/I/A impact locally.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in the FreeBSD kernel's vt(4) console driver stems from an integer overflow in the CONS_HISTORY ioctl handler, where an unvalidated history-size value undersizes a heap allocation and a subsequent buffer initialization writes past its end. Any unprivileged local user with access to a vt(4) terminal device can corrupt kernel heap memory and potentially escalate to root. Exploitation is local (PR:L) with no public exploit identified at time of analysis and a low EPSS of 0.18% (8th percentile).

Integer Overflow Buffer Overflow Freebsd
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local ASLR bypass in the FreeBSD ELF image activator (kernel) lets an unprivileged user neutralize address-space layout randomization for setuid PIE binaries. By calling procctl(2) to request ASLR disablement before execve(2), the per-process disable flag remains active when the PIE base address is computed, because the activator clears the flag too late. This is a mitigation-weakening flaw that materially eases exploitation of any separate memory-corruption bug in those privileged binaries; there is no public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile).

Buffer Overflow Freebsd
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in the FreeBSD kernel sound subsystem lets an unprivileged user map kernel memory outside the audio buffer via an integer-overflow flaw in dsp_mmap_single(). Because /dev/dsp device nodes are world-accessible by default, any local user on a system with an audio device can read and write arbitrary kernel memory, enabling full system compromise or a kernel panic (DoS). No public exploit identified at time of analysis; EPSS is low (0.19%, 9th percentile), and FreeBSD has released errata patches.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Go golang.org/x/image/tiff decoder allows remote attackers to crash any application that parses untrusted TIFF images. A maliciously crafted image with an out-of-bounds strip offset triggers a panic in the decoder, terminating the goroutine or process (CVSS 7.5, availability-only impact). There is no public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile), indicating no observed mass exploitation, but the bug is trivially triggerable wherever the library decodes attacker-supplied images.

Buffer Overflow Golang Org X Image Tiff Memory Corruption
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Notepad++ versions prior to 8.9.6.1 can be crashed by any local process sharing the same interactive Windows session via a malformed WM_COPYDATA message. The COPYDATA_FULL_CMDLINE handler in NppBigSwitch.cpp dereferences COPYDATASTRUCT.lpData as an unbounded NUL-terminated wchar_t* without validating against the COPYDATASTRUCT.cbData length field, enabling an out-of-bounds read that results in process termination. No active exploitation has been confirmed (no CISA KEV listing, no public POC), and the fix is available in the vendor-released patch 8.9.6.1.

Microsoft Buffer Overflow Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read (CWE-125) in the Linux kernel F2FS filesystem lets a local user trigger inconsistent access to the mount extension list by racing a sysfs read against a concurrent update. The f2fs_sbi_show() handler reads extension_list, extension_count and hot_ext_count without holding sbi->sb_lock, so a simultaneous f2fs_update_extension_list() store can yield a mismatched count/array pair and drive an out-of-bounds read that leaks stale kernel data or crashes the system. No public exploit identified at time of analysis; EPSS is low (0.17%, 7th percentile) and the issue is not in CISA KEV.

Linux Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local memory corruption in the Linux kernel's NXP ENETC (enetc) network driver stems from a DMA use-after-free in the NTMP command path: when netc_xmit_ntmp_cmd() times out, the pending hardware command is not aborted yet ntmp_free_data_mem() frees the associated DMA buffer, so the device later DMA-writes its response into the freed (possibly reallocated) physical address, producing silent kernel memory corruption. Only systems running NXP ENETC networking hardware on kernels from 6.16 through the fixed stable releases are affected. There is no public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.17%, 6th percentile).

Linux Buffer Overflow Use After Free +1
NVD VulDB
Prev Page 7 of 402 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy