Skip to main content

Heap Overflow

1931 CVEs technique

Monthly

CVE-2026-2049 HIGH PATCH This Week

Arbitrary code execution in GIMP via malicious HDR (High Dynamic Range) image files allows attackers to run code in the context of the user opening the file. The flaw is a heap-based buffer overflow (CWE-122) in the HDR parser, requiring the victim to open a crafted file or visit a malicious page that delivers one. No public exploit identified at time of analysis, but the vulnerability was reported through ZDI (ZDI-CAN-28618) indicating verified researcher analysis.

RCE Heap Overflow Buffer Overflow Gimp
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-11884 MEDIUM This Month

Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replication supplier to crash the server or corrupt heap memory by creating objectclass definitions with excessively long SUP (oc_superior) values. The flaw exists in schema serialization functions where the SUP field length is excluded from buffer size calculations yet still written via strcat(), producing an off-by-N heap overwrite. This is explicitly an incomplete fix variant of CVE-2025-14905, meaning organizations that patched that prior CVE may remain exposed if the SUP field code path was not remediated; no public exploit has been identified at time of analysis.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 +5
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45542 HIGH This Week

Heap buffer overflow in Espressif ESP-IDF's protocomm component allows adjacent-network attackers to corrupt heap memory during the SRP6a (Security Scheme 2) session-setup handshake on affected IoT devices running ESP-IDF 5.2.6, 5.3.5, 5.4.4, 5.5.4, or 6.0. The flaw stems from a type-width mismatch in handle_session_command0() that trusts the client-supplied protobuf username length, enabling denial of service and potential integrity impact on provisioning interfaces. No public exploit identified at time of analysis; patches are available in 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.

Heap Overflow Buffer Overflow Esp Idf
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-48292 HIGH This Week

Arbitrary code execution in Adobe Format Plugins 1.1.2 and earlier occurs through a heap-based buffer overflow that executes in the current user's security context when a victim opens a maliciously crafted file. The flaw was reported by Adobe PSIRT and carries a CVSS 7.8 (high) score, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, suggesting it is currently a patching priority rather than an active incident.

Heap Overflow Buffer Overflow RCE Format Plugins
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-48291 HIGH This Week

Arbitrary code execution in Adobe Format Plugins versions 1.1.2 and earlier occurs via a heap-based buffer overflow triggered when a victim opens a malicious file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. The flaw is addressed in Adobe Security Bulletin APSB26-65.

Heap Overflow Buffer Overflow RCE Format Plugins
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-47952 HIGH This Week

Heap-based buffer overflow in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. No public exploit has been identified at time of analysis, but the high CVSS of 7.8 reflects severe local impact, and Acrobat Reader's massive install base makes it a perennial phishing target. Exploitation requires user interaction, which moderates urgency relative to zero-click flaws but does not eliminate risk in document-heavy enterprise environments.

Heap Overflow Adobe Buffer Overflow RCE Acrobat Reader
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-11824 HIGH PATCH This Week

Heap-based buffer overflow in SQLite's FTS5 full-text search extension (versions before 3.53.2) allows attackers to crash the process or execute arbitrary code by supplying a malicious database file that triggers an integer underflow in fts5ChunkIterate() during MATCH query processing. The flaw affects any application compiled with SQLITE_ENABLE_FTS5 that opens an attacker-supplied database and runs an FTS5 query against it; no public exploit identified at time of analysis, though VulnCheck has published an advisory.

Heap Overflow Buffer Overflow RCE Sqlite Suse
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-11822 HIGH POC PATCH This Week

Memory corruption in SQLite versions before 3.53.2 enables attackers to crash processes, exhaust memory, or potentially execute arbitrary code by supplying a crafted database that triggers flaws in the FTS5 full-text search extension when a MATCH query runs. The CVSS 4.0 vector indicates local attack vector with passive user interaction required, and no public exploit identified at time of analysis. Reported by VulnCheck with patches already merged upstream.

Heap Overflow Buffer Overflow RCE Sqlite Suse
NVD VulDB GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-34707 HIGH This Week

Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122). Successful exploitation runs attacker code in the security context of the current user, making this a credible vector for endpoint compromise via social engineering. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Heap Overflow Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34701 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a heap-based buffer overflow triggered when a victim opens a maliciously crafted file. The flaw runs code in the security context of the current user and requires user interaction, with no public exploit identified at time of analysis. Adobe has published advisory APSB26-58 addressing the issue.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34698 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted document file. The flaw runs code in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. Adobe published advisory APSB26-58 addressing the issue.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34699 HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier is possible when a user opens a maliciously crafted document, triggering a heap-based buffer overflow. The flaw runs code in the context of the logged-in user and was reported by Adobe; no public exploit identified at time of analysis and EPSS data is not provided.

Heap Overflow Buffer Overflow RCE Indesign Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-48574 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Windows Media is possible through a heap-based buffer overflow that triggers when a user opens or processes a crafted media file. The flaw (CWE-122) carries a CVSS 7.8 with local attack vector and user interaction required, and no public exploit identified at time of analysis. Successful exploitation yields high impact to confidentiality, integrity, and availability within the user's security context.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-47652 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V stems from an out-of-bounds read condition (CWE-122 heap-based buffer overflow) that an attacker with high privileges on a guest or host context can leverage to break confidentiality, integrity, and availability boundaries. The CVSS 8.2 score is elevated by a scope change (S:C), indicating the flaw enables crossing the hypervisor isolation boundary. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow Windows 11 23h2 Windows 11 24h2 +4
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-47635 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office stems from a type confusion condition (CWE-122 heap-based memory corruption per tags) that allows an unauthorized attacker to run arbitrary code on the host. The CVSS 8.4 vector indicates local attack vector with no privileges or user interaction required, and no public exploit is identified at time of analysis. The flaw was reported by Microsoft's MSRC and disclosed via the official update guide.

Heap Overflow Microsoft Buffer Overflow Office 2024
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-47291 CRITICAL POC PATCH NEWS Exploit Likely Act Now

Remote code execution in Microsoft Windows HTTP.sys allows unauthenticated network attackers to execute arbitrary code by triggering an integer overflow that leads to heap-based memory corruption. The flaw carries a CVSS 9.8 rating reflecting network reachability, no privileges, and no user interaction, and impacts the kernel-mode HTTP listener used by IIS and any Windows service relying on the HTTP Server API. No public exploit has been identified at the time of analysis and CISA KEV does not list it, but the wormable profile of HTTP.sys flaws warrants urgent patching.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-47289 HIGH PATCH NEWS Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.

Heap Overflow Buffer Overflow Windows App Windows 10 1607 Windows 10 1809 +11
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-45657 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in the Windows Kernel allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition (CWE-122 heap-related memory corruption). The flaw was reported by Microsoft (secure@microsoft.com) and carries a critical CVSS 9.8 with no public exploit identified at time of analysis. Tag metadata indicates the bug can also be leveraged for heap overflow and denial-of-service outcomes.

Denial Of Service Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-45653 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-45638 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45475 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthenticated attacker can trigger when a user opens a crafted document. The CVSS 3.1 base score of 7.8 reflects high impact to confidentiality, integrity, and availability, with required user interaction limiting mass exploitation. There is no public exploit identified at time of analysis and the issue is not currently listed on the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45469 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel results from an integer underflow (CWE-122 heap-based) that allows an unauthorized attacker to run arbitrary code in the context of the user opening a crafted spreadsheet. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Microsoft (secure@microsoft.com) is the originating CNA, and the issue is tagged as a buffer/heap overflow class flaw.

Heap Overflow Microsoft Buffer Overflow 365 Apps Excel +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45466 LOW PATCH Monitor

Heap-based buffer overflow in Microsoft Office Word exposes limited local memory contents when a user opens a specially crafted document. Affecting multiple Office product lines including Microsoft 365 Apps for Enterprise, Office LTSC 2021, LTSC 2024, and their Mac counterparts, the vulnerability carries a CVSS score of 3.3 (Low) and is constrained to confidentiality impact only, with no integrity or availability consequences. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +2
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-44824 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that triggers when a user opens or previews a maliciously crafted document. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Successful exploitation yields full confidentiality, integrity, and availability impact in the context of the current user.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44819 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122), allowing the attacker to run arbitrary code in the context of the opened Office process. The CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) reflects a user-interaction-driven local exploit rather than a remote network attack, and no public exploit identified at time of analysis. The flaw was reported through Microsoft Security Response Center (secure@microsoft.com) and is tracked in MSRC's update guide.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44814 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds heap read in the Windows Desktop Window Manager (DWM) Core Library on Windows 11 26H1 enables authenticated local attackers to disclose high-confidence confidentiality data without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms low-complexity local exploitation limited to a single authenticated session, with no integrity or availability impact. No public exploit code has been identified at time of analysis, and the vulnerability does not appear in the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow Windows 11 26h1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44808 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library stems from a use-after-free condition (CWE-122) that lets an authenticated low-privileged user gain elevated rights on affected Windows systems. The flaw was reported by Microsoft (secure@microsoft.com) and tracked via MSRC, with no public exploit identified at time of analysis and no CISA KEV listing. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability once the attacker has local foothold.

Denial Of Service Heap Overflow Microsoft Buffer Overflow Windows 11 26h1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44799 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.

Heap Overflow Buffer Overflow Remote Desktop Client Windows App Windows 10 1607 +12
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42993 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 +5
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42992 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Buffer Overflow Heap Overflow Windows App Windows 10 1607 Windows 10 1809 +10
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42980 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering an integer underflow condition. With a CVSS of 7.8 and no public exploit identified at time of analysis, this issue is primarily a post-compromise escalation vector commonly chained after initial access via phishing or commodity malware. Microsoft has released a patch through MSRC, and given Windows kernel EoP bugs are frequently weaponized by ransomware and APT actors historically, prompt patching is warranted despite the absence of confirmed in-the-wild exploitation.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-42904 CRITICAL PATCH Act Now

Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-41108 HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows DNS allows an authenticated low-privileged user to gain elevated privileges via a heap-based buffer overflow (CWE-122). The CVSS 7.0 score reflects high attack complexity and local-only access, and no public exploit is identified at time of analysis. The flaw was reported privately by Microsoft (MSRC) and is tracked under MSRC advisory CVE-2026-41108.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-40404 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows an authenticated low-privileged user to gain SYSTEM-level code execution by triggering a heap-based buffer overflow (CWE-122). The flaw affects Windows endpoints where the UDFS kernel driver parses attacker-controlled UDF-formatted media (typically optical discs or mounted disc images). No public exploit identified at time of analysis and the issue is not currently listed on CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24180 HIGH This Week

Heap-based buffer overflow in NVIDIA DALI enables local authenticated attackers to achieve code execution, data tampering, denial of service, or information disclosure when a victim user interacts with attacker-supplied input. The flaw affects the Data Loading Library used in GPU-accelerated deep learning data pipelines and carries a CVSS 3.1 score of 7.3 (High). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Heap Overflow RCE Information Disclosure Buffer Overflow +1
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-49841 CRITICAL PATCH Act Now

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt up to ~8 MiB of heap memory by sending a crafted HTTP POST request with an oversized Content-Length header. The flaw is triggered before HTTP basic-auth validation runs, enabling pre-authentication exploitation against any exposed mod_verto HTTP endpoint, with CVSS 9.8 reflecting potential for remote code execution; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-11792 LOW Monitor

Heap buffer overflow in Red Hat Directory Server's audit logging subsystem allows an authenticated high-privilege attacker to corrupt heap memory and tamper with audit log output. The vulnerable function create_masked_entry_string() in auditlog.c writes a fixed-length password mask into a precisely-sized heap buffer without bounds checking, overflowing when a short cleartext password is processed. Exploitation requires two non-default preconditions - audit logging must be enabled AND either CLEAR password storage must be configured or a replication peer must already be compromised - limiting real-world exposure significantly. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 +5
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-41981 MEDIUM This Month

Heap-based buffer overflow in the HarmonyOS IPC (Inter-Process Communication) module allows a local low-privileged attacker to impact confidentiality, integrity, and availability of the affected system. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) confirms exploitation requires local authenticated access with low complexity, limiting but not eliminating real-world risk on consumer and wearable Huawei devices. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Heap Overflow Buffer Overflow
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-43688 HIGH This Week

An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42536 HIGH PATCH This Week

Denial of service in Apache HTTP Server 2.4.0 through 2.4.67 allows remote unauthenticated attackers to crash the server by submitting untrusted XML content processed by the mod_xml2enc module's xml2StartParse function. The flaw is a CWE-122 heap-based buffer overflow with a CVSS 7.5 score reflecting high availability impact only, and no public exploit has been identified at time of analysis.

Heap Overflow Apache Buffer Overflow Apache Http Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34355 HIGH PATCH This Week

Denial of service in Apache HTTP Server 2.4.0 through 2.4.67 stems from a heap buffer overflow in the mod_proxy_html output filter, where a malicious or compromised backend can return crafted HTML that corrupts memory in the proxying httpd worker. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) reflects unauthenticated network exploitation with availability-only impact, and no public exploit was identified at time of analysis.

Heap Overflow Apache Buffer Overflow Apache Http Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34356 HIGH PATCH This Week

Denial of service in Apache HTTP Server versions 2.4.0 through 2.4.67 stems from a heap-based buffer overflow triggered when the server processes responses from a malicious backend while ProxyPassReverseCookieDomain or ProxyPassReverseCookiePath directives are in use. Remote attackers controlling or compromising an upstream backend can crash the front-end Apache process, impacting availability of the reverse proxy without affecting confidentiality or integrity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow Apache Buffer Overflow Suse Apache HTTP Server +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22164 HIGH This Week

Kernel heap memory corruption in Imagination Technologies Graphics DDK allows a non-privileged local user to crash or destabilize the kernel by issuing crafted GPU system calls. The flaw affects Graphics DDK 24.2 RTM, 25.1 RTM through 25.3 RTM, and 26.1 RTM, and impacts any device shipping the affected PowerVR/IMG GPU driver stack. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Heap Overflow Buffer Overflow Graphics Ddk
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-11143 MEDIUM PATCH This Month

Out-of-bounds heap read in Google Chrome's Extensions component on Linux exposes sensitive process memory to a malicious extension author. Affected versions are Chrome on Linux prior to 149.0.7827.53; Windows and macOS are not listed as affected. Exploitation requires convincing a target user to install a crafted malicious extension, limiting exposure compared to the CVSS 6.5 score implies - no public exploit identified at time of analysis, and EPSS of 0.01% (1st percentile) reflects low current exploitation probability.

Heap Overflow Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11124 HIGH PATCH This Week

Heap corruption in Google Chrome versions prior to 149.0.7827.53 stems from an integer overflow in the Skia graphics library that can be triggered by a crafted HTML page. Remote attackers can lure a victim to a malicious web page to potentially achieve arbitrary code execution within the renderer process. No public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.03% (11th percentile), though Chrome rendering bugs historically attract exploit development.

Heap Overflow Google Buffer Overflow Chrome Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10995 HIGH PATCH This Week

Heap corruption in Google Chrome's TabStrip component before 149.0.7827.53 lets a remote attacker who can lure a user into specific UI interactions on a malicious HTML page trigger memory corruption with high impact to confidentiality, integrity, and availability. The flaw carries a CVSS 8.8 due to network reachability and lack of authentication, though user interaction is required; there is no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Heap Overflow Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10993 MEDIUM PATCH This Month

Heap-based buffer overflow in the Skia graphics rendering library within Google Chrome versions prior to 149.0.7827.53 enables remote attackers to read sensitive data from renderer process memory. Exploitation requires no authentication (PR:N) but does require user interaction - a victim must visit a specially crafted HTML page - and yields high confidentiality impact (C:H) with no integrity or availability impact per the CVSS vector. No public exploit has been identified at time of analysis, and the EPSS score of 0.03% (10th percentile) indicates very low current exploitation probability; CISA KEV active exploitation status is not confirmed.

Heap Overflow Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10989 HIGH PATCH This Week

Heap corruption in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution when a user visits a crafted HTML page and performs specific UI interactions. The flaw is rated High severity by Chromium and CVSS 8.8, though no public exploit identified at time of analysis and EPSS scoring places near-term mass exploitation probability at 0.03%. A vendor patch is already available through the Stable Channel update.

Heap Overflow Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10949 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a heap buffer overflow in the Video component, allowing a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Chromium rates the severity as High and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.3 score reflects the scope change (S:C) that occurs when sandbox boundaries are crossed, though the attack requires high complexity and user interaction.

Heap Overflow Google Buffer Overflow
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10946 HIGH PATCH This Week

Heap buffer overflow in the Media component of Google Chrome before 149.0.7827.53 enables remote attackers to achieve arbitrary code execution within the renderer sandbox after luring a user to a crafted HTML page and tricking them into performing specific UI gestures. Google rates the underlying Chromium issue as High severity, and while publicly available exploit code exists is not confirmed, vendor patches have been released through the Stable channel update. No active exploitation has been reported via CISA KEV at time of analysis.

Heap Overflow Google Buffer Overflow RCE
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10929 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. Chromium rates the severity as High, and although no public exploit is identified at time of analysis, the CVSS 8.3 score with scope change reflects the cross-boundary impact when chained with a renderer RCE. This is a classic second-stage bug used in browser exploit chains rather than a standalone one-click compromise.

Heap Overflow Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-0100 HIGH This Week

Local privilege escalation in Android (versions 14, 15, 16, and 16-qpr2) stems from a heap buffer overflow in the LoadedArsc.cpp resource table loader, allowing a low-privileged local process to write out of bounds and gain elevated execution privileges without user interaction. No public exploit identified at time of analysis, and SSVC scoring indicates exploitation has not been observed despite a 'total' technical impact rating. Patches are tracked in the June 2026 Android Security Bulletin.

Privilege Escalation Heap Overflow Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0059 HIGH This Week

Proximity-based remote code execution in Google Android (versions 14, 15, 16, and 16-qpr2) is possible via a heap buffer overflow in multiple functions of sdp_discovery.cc, the Bluetooth Service Discovery Protocol component. An adjacent attacker within Bluetooth range can trigger memory corruption without any user interaction, with no public exploit identified at time of analysis. The flaw resides in the native Bluetooth stack and could yield code execution at the privilege level of the Bluetooth process.

Heap Overflow RCE Buffer Overflow
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-55664 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4's MPEG-2 TS demuxer crashes the application when processing a specially crafted MP4 file, resulting in a Denial of Service. The vulnerable function `m2tsdmx_send_packet` in `filters/dmx_m2ts.c` lacked a minimum packet-length guard before performing heap operations on M2TS packet data. No active exploitation has been identified (not in CISA KEV), and impact is limited to availability - no code execution or data exposure is achievable via this path.

Heap Overflow Denial Of Service Buffer Overflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-10231 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader allows a local authenticated attacker to corrupt memory via a crafted MDL file, potentially achieving limited confidentiality, integrity, and availability impact. Affected versions span all releases up to and including 6.0.4 of the open-source asset import library. No public exploit identified at time of analysis as active exploitation, but a proof-of-concept has been publicly released, and the CVSS temporal vector confirms exploit code existence (E:P).

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10230 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (versions up to 6.0.4) allows a locally authenticated attacker with low privileges to corrupt heap memory via a crafted MDL animation file, producing low-severity but confirmed confidentiality, integrity, and availability impact. The vulnerability resides in the read_animations function of HL1MDLLoader.cpp and is reproducible with publicly available exploit code (POC). This is not confirmed in CISA KEV, and the Assimp project has tagged the report as a bug rather than a security defect, which may slow patch prioritization.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10229 LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (HL1MDLLoader::read_meshes, versions through 6.0.4) allows local attackers with low privileges to trigger memory corruption when a crafted MDL file is processed, yielding partial confidentiality, integrity, and availability impact on the host process. A publicly available proof-of-concept exploit (poc.zip) has been disclosed, raising the urgency for affected deployments that ingest untrusted HL1 model files. No actively exploited status from CISA KEV has been confirmed; the Assimp project has tagged the report as a bug rather than a formal security advisory, and no patched release version has been identified at time of analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-20452 HIGH This Week

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user execution to corrupt memory and achieve remote code execution without user interaction. The flaw affects multiple MediaTek Wi-Fi chipsets commonly embedded in routers and access points (MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993, MT6890). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-10200 LOW POC Monitor

Heap-based buffer overflow in Assimp's glTF 4x4 Matrix Parser (versions up to 6.0.4) can be triggered by a local, low-privileged attacker supplying crafted input to the `glTFCommon::CopyValue` function in `glTFCommon.h`, resulting in partial confidentiality, integrity, and availability impact. A public proof-of-concept exploit archive has been published on GitHub, confirmed by the CVSS temporal modifier E:P (proof-of-concept). No active exploitation has been confirmed (not in CISA KEV), and the CVSS remediation level RL:X indicates no official patch has been defined as of this analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10194 MEDIUM PATCH This Month

Heap-based buffer overflow in OFFIS DCMTK 3.7.0's dcmqrscp component allows remote low-privileged attackers to trigger memory corruption via the deleteOldestImages function in the DICOM Query/Retrieve database backend. Exploitation requires authenticated network access with low complexity and results in partial confidentiality, integrity, and availability impact without crossing privilege boundaries. No public exploit identified at time of analysis; an upstream git commit patch is confirmed available, though a formally tagged release version incorporating the fix has not been independently verified.

Heap Overflow Buffer Overflow Suse
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-44420 HIGH PATCH This Week

Heap buffer overflow write in FreeRDP's server-side clipboard (cliprdr) channel allows a malicious RDP client to crash server processes and potentially achieve remote code execution against FreeRDP versions prior to 3.26.0. The flaw is triggered by a malformed CB_CLIP_CAPS PDU with an undersized capabilitySetLength field, corrupting heap memory after authentication. No public exploit identified at time of analysis, but the CVSS 8.8 rating and heap corruption nature make this a high-priority patch for any RDP server deployment using FreeRDP.

Heap Overflow RCE Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44421 HIGH PATCH This Week

Heap buffer overflow write in FreeRDP client versions prior to 3.26.0 allows a malicious RDP server to corrupt client memory and potentially achieve code execution when the victim connects with RDPGFX enabled. The flaw resides in gdi_CacheToSurface, where validation uses a clamped destination rectangle while the actual copy uses unclamped cacheEntry width/height values, enabling a large out-of-bounds heap write. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9940 HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows remote attackers to potentially achieve code execution within the renderer process when a victim visits a crafted HTML page. Google rated the issue High severity and has shipped a stable-channel fix; no public exploit identified at time of analysis and EPSS is currently 0.03% (10th percentile), indicating low observed exploitation interest despite the strong technical impact.

Google Heap Overflow Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9939 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by tricking a user into visiting a crafted HTML page that triggers a heap buffer overflow in the WebCodecs component. Chromium rates this severity High and a vendor patch is available, though EPSS exploitation probability is currently very low (0.03%, 9th percentile) and there is no public exploit identified at time of analysis.

Google Heap Overflow RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9926 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 leverages a heap buffer overflow in the ANGLE graphics translation layer, enabling attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Chromium rates the severity as High and CVSS scores it at 8.3, though EPSS remains very low at 0.03% and no public exploit has been identified at time of analysis.

Google Heap Overflow Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9924 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 148.0.7778.216 lets a remote attacker who has already compromised the renderer process break out of the Chrome sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. The flaw carries CVSS 8.3 (High) and is rated Chromium-severity High, but EPSS is only 0.03% and there is no public exploit identified at time of analysis. Patched in the Stable channel update announced by Google on the Chrome Releases blog.

Google Heap Overflow Microsoft Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9915 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium with CVSS 8.3 (scope-changed) and CWE-122 heap buffer overflow; no public exploit identified at time of analysis and EPSS is very low (0.03%), but the vulnerability is in the second-stage chain typically combined with a renderer RCE.

Google Heap Overflow Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-48065 MEDIUM PATCH This Month

Heap buffer overflow in pam_usb prior to 0.9.1 allows a local attacker with high privileges to corrupt heap memory on 32-bit Linux platforms (armv7l, i686) by supplying a crafted configuration file with an excessive device count. The root cause is an unchecked integer multiplication in src/conf.c where n_devices * sizeof(t_pusb_device) wraps around size_t on 32-bit targets, causing xmalloc() to receive a drastically undersized allocation that is silently accepted, enabling out-of-bounds writes into heap memory. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, successful exploitation yields full confidentiality, integrity, and availability impact on the affected host.

Heap Overflow Buffer Overflow Pam Usb
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-70103 HIGH POC PATCH This Week

Heap buffer overflow in libjxl 0.12.0 lets remote attackers corrupt heap memory by feeding a crafted PBM/PNM image to the jxl::extras::DecodeImagePNM routine, which writes decoded rows into an output buffer without first checking that the buffer is large enough for the header-declared dimensions. The CVSS vector (AV:N/AC:L/PR:N/UI:N) describes unauthenticated, low-complexity exploitation with no user interaction, and CISA's SSVC framework rates it automatable with partial technical impact. Publicly available exploit code exists, though it is not listed in CISA KEV and no public exploit has been tied to active exploitation.

Heap Overflow Buffer Overflow Red Hat
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-8175 CRITICAL Act Now

Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Transfer Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1) through a heap-based buffer overflow in the asperahttpd component. An unauthenticated network attacker can corrupt memory to crash the service (denial of service) and, in the worst case, hijack execution flow to run arbitrary code or bypass authentication. There is no public exploit identified at time of analysis and SSVC lists exploitation as none, but the CVSS 9.8 rating and 'Automatable: yes' assessment mark this as a high-priority patching target.

RCE Denial Of Service Buffer Overflow Heap Overflow Authentication Bypass +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-38427 HIGH This Week

Heap buffer overflow in Tasmota IoT firmware (through version 15.3.0.3) lets a remote attacker corrupt heap memory by manipulating the Content-Length of a JPEG stream processed by the fetch_jpg() routine in the scripter driver. Because the length is stored in a 16-bit integer, values above 65535 wrap to a small number, so the firmware allocates an undersized buffer and then reads the full, larger payload into it. Publicly available exploit code exists (a dedicated GitHub repository), CISA's SSVC framework rates exploitation as proof-of-concept and automatable, but the issue is not in CISA KEV and no public active exploitation is identified.

Heap Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-9605 MEDIUM POC PATCH This Month

Heap-based buffer overflow in GNU LibreDWG through version 0.13.4.8160 lets an attacker corrupt heap memory by getting the library to parse a malicious DWG file, specifically a 2004-format file with a crafted compressed section processed via the dwgbmp thumbnail-extraction utility. The flaw stems from missing bounds validation in the decompression routine and is reachable without authentication or user privileges per its CVSS vector; impact is rated low across confidentiality, integrity, and availability (CVSS 7.3). Publicly available exploit code exists (a proof-of-concept DWG sample), but the issue is not listed in CISA KEV, and an official upstream fix has been committed.

Buffer Overflow Heap Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8834 HIGH PATCH This Week

Heap-based buffer overflow in IBM HTTP Server 8.5 and 9.0 allows an attacker already authenticated to the Administration Server to execute arbitrary code or crash the service. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis despite the high CVSS 8.0 rating. EPSS probability is negligible (0.01%) and SSVC marks exploitation as 'none,' indicating the issue is currently a patch-and-move-on item rather than an emergency.

Denial Of Service Heap Overflow IBM Buffer Overflow Http Server
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-40033 HIGH PATCH This Week

Heap buffer overflow in FreeRDP versions prior to 3.26.0 allows a malicious RDP server to write out-of-bounds heap memory on connecting clients through the gdi_CacheToSurface function, potentially leading to remote code execution or client crash. The flaw stems from inconsistent rectangle validation where coordinates are clamped to UINT16_MAX but copy operations use unclamped cache entry dimensions. Publicly available exploit code exists per SSVC, though EPSS exploitation probability remains low at 0.06%.

Heap Overflow Buffer Overflow RCE Freerdp
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-48135 MEDIUM This Month

Heap-based buffer overflow in Check Point Quantum Security Gateway's HTTP-based service allows unauthenticated remote attackers to cause availability disruption by sending crafted malformed HTTP requests requiring no authentication or user interaction. Affected deployments span all R81.10 releases and below, R81.20 through Jumbo Hotfix Take 127, R82 through Jumbo Hotfix Take 91, and R82.10 through Jumbo Hotfix Take 19. No public exploit identified at time of analysis, though SSVC classifies the attack as automatable with total technical impact - a meaningful tension with the CVSS A:L rating that security teams should scrutinize before deprioritizing.

Heap Overflow Checkpoint Buffer Overflow Quantum Security Gateway
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-48131 HIGH This Week

Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to terminate the VPN service by sending a malformed IKE fragment to UDP port 500 during the early phase of a connection attempt. The flaw affects multiple R81.x, R82, and R82.10 release trains running below specific Jumbo Hotfix Takes; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Heap Overflow Buffer Overflow Quantum Security Gateway
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-9541 LOW POC Monitor

Heap-based buffer overflow in Squirrel versions 3.0 through 3.2 allows a locally authenticated low-privilege attacker to corrupt heap memory by supplying a malicious Cnut file to the ReadObject function in sqobject.cpp. The impact is limited to partial confidentiality, integrity, and availability effects with no scope change, as confirmed by the CVSS 4.0 score of 1.9. A public proof-of-concept exploit exists on GitHub, but this vulnerability has not been confirmed actively exploited by CISA KEV, and EPSS places exploitation probability at just 0.01% (2nd percentile), indicating very low real-world exploitation activity.

Heap Overflow Buffer Overflow Squirrel
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-7310 MEDIUM PATCH CISA This Month

Heap-based buffer overflow in Hitachi Energy MACH HiDraw's XML parser allows a low-privileged, locally authenticated attacker to corrupt heap memory by inducing a victim to open a specially crafted XML file, with a primary impact of high availability loss (application crash) and limited confidentiality and integrity compromise. Affected versions span MACH HiDraw 9.0 through versions prior to 9.22 per EUVD-2026-31812. No public exploit identified at time of analysis, and an EPSS score of 0.01% (3rd percentile) combined with an SSVC exploitation status of 'none' confirm minimal current real-world exploitation activity.

Denial Of Service Heap Overflow Buffer Overflow RCE Mach Hidraw
NVD
CVSS 4.0
4.4
EPSS
0.0%
CVE-2026-25713 HIGH This Week

Heap buffer overflow in MediaArea MediaInfoLib's ID3v2 metadata parser allows local attackers to achieve arbitrary code execution when a victim opens a crafted media file. The flaw affects MediaInfoLib 26.01 and requires user interaction to trigger, with no public exploit identified at time of analysis. While CVSS rates it 7.8 (High), the very low EPSS score (0.01%) and SSVC 'Exploitation: none' signal suggest no widespread targeting is occurring.

Heap Overflow Buffer Overflow Mediainfolib
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-48690 HIGH This Week

Heap corruption in FastNetMon Community Edition through 1.2.9 allows authenticated local users to trigger an integer overflow in the packet capture buffer allocation routine, resulting in undersized allocations followed by out-of-bounds heap writes during packet storage. The flaw stems from 32-bit unsigned arithmetic in allocate_buffer() in src/packet_storage.hpp, where a sufficiently large ban_details_records_count configuration value causes the memory size calculation to wrap. No public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.01%.

Heap Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-9502 LOW POC PATCH Monitor

Heap-based buffer overflow in GNU LibreDWG's dwgread utility (versions 0.1 through 0.14) allows a local attacker with low privileges to corrupt heap memory by supplying a specially crafted R2004-format DWG file. The vulnerable function decompress_R2004_section in src/decode.c fails to validate decompression offset and size parameters before writing, enabling out-of-bounds heap writes with partial confidentiality, integrity, and availability impact. Publicly available exploit code exists as a crafted DWG file; however, no active exploitation is confirmed (not in CISA KEV), EPSS is 0.01% (2nd percentile), and the local-only attack vector sharply constrains real-world risk.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9500 LOW POC Monitor

Heap-based buffer overflow in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) exposes users of the dwgread utility to partial confidentiality, integrity, and availability compromise when processing a maliciously crafted DWG file. All released versions from 0.1 through 0.14 are affected, and a publicly available proof-of-concept exploit file exists on GitHub. No vendor patch has been issued; the project has not responded to the responsible disclosure despite early notification via issue report.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9365 LOW POC PATCH Monitor

Heap-based buffer overflow in Ettercap's GG protocol dissector (versions up to 0.8.3) allows remote attackers to potentially achieve limited confidentiality, integrity, and availability compromise through crafted network traffic. The vulnerability exists in the ec_gg.c dissector when processing Gadu-Gadu instant messaging protocol packets. Publicly available exploit code exists (GitHub issue #1306), and vendor has released patch version 0.8.4 (commit feeae6fa). Despite network attack vector, exploitation difficulty is high (AC:H) with low EPSS risk, suggesting specialized targeting rather than mass exploitation.

Buffer Overflow Heap Overflow Ettercap
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.1%
CVE-2026-9256 CRITICAL POC PATCH Act Now

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module can be triggered by unauthenticated remote attackers sending crafted HTTP requests that target rewrite directives using overlapping PCRE captures (e.g., $1$2 referencing ^/((.*))$) in redirect or arguments contexts. Impact ranges from worker process crash/restart to arbitrary code execution where ASLR is disabled or bypassed; publicly available exploit code exists, though EPSS exploitation probability is low (0.15%, 35th percentile) and the issue is not in CISA KEV.

Buffer Overflow Nginx Heap Overflow Nginx Plus Nginx Open Source
NVD VulDB GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-8997 MEDIUM PATCH This Week

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the history to cause memory corruption or application crashes. Releases from 0.12.1 to 0.14.3 (including) are considered vulnerable. This issue was fixed in commit 23063c7

Buffer Overflow Heap Overflow Vifm Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-46692 NuGet MEDIUM PATCH GHSA This Month

Heap buffer over-write in ImageMagick's distributed pixel cache server (`magick -distribute-cache`) allows an attacker who can connect to the service to corrupt the server process's heap memory, resulting in a high-severity denial-of-service condition. All Magick.NET NuGet package variants (Q16, HDRI, OpenMP, across arm64/x64/x86/AnyCPU architectures) prior to version 14.12.0 are confirmed affected. No public exploit has been identified at time of analysis and the vulnerability does not appear in CISA KEV; however, a notable discrepancy exists between the CVSS attack vector (AV:L, local) and the description's implication of service-level connectivity, which warrants independent verification before fully trusting the low CVSS score.

Buffer Overflow Heap Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-45252 MEDIUM This Month

FreeBSD's fusefs kernel module mishandles extended attribute list responses from FUSE userspace daemons by calling strlen() on daemon-supplied buffers without first verifying NUL-termination, enabling a malicious daemon operator to read up to 253 bytes of kernel heap memory or inject up to 250 attacker-controlled bytes into unallocated kernel heap space. Affected releases are FreeBSD 14.3-RELEASE prior to p14, 14.4-RELEASE prior to p5, and 15.0-RELEASE prior to p9 per FreeBSD-SA-26:20.fusefs and EUVD-2026-31254. No public exploit code exists and EPSS sits at 0.02% (5th percentile), though the heap write primitive carries local privilege escalation potential beyond what the CVSS integrity score reflects.

Buffer Overflow Heap Overflow Freebsd
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-44050 CRITICAL PATCH Act Now

Heap buffer overflow in the Netatalk cnid_metad daemon's comm_rcv() function allows remote attackers with low-level privileges to corrupt memory across versions 2.0.0 through 4.4.2. Given the CVSS 9.9 score with scope change and high impact across confidentiality, integrity, and availability, successful exploitation likely leads to code execution in the daemon's context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Heap Overflow Suse
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-9149 MEDIUM PATCH This Month

Heap-based buffer overflow in libsolv's repo_add_solv() function enables a remote unauthenticated attacker to crash the parsing process by delivering a specially crafted .solv repository metadata file containing negative values in the maxsize or allsize header fields. The malformed values bypass allocation sizing logic, producing an undersized heap buffer that is subsequently written past its bounds, yielding a denial of service. No public exploit identified at time of analysis; however, an upstream fix has been submitted via openSUSE/libsolv GitHub PR #617, and Red Hat has acknowledged the issue via a dedicated security advisory.

Denial Of Service Buffer Overflow Heap Overflow Libsolv Hardened Images +4
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8631 CRITICAL PATCH Act Now

Heap-based integer overflow in the hpcups component of HP Linux Imaging and Printing Software (HPLIP) allows attackers to achieve arbitrary code execution and/or privilege escalation by submitting crafted print data. The CVSS 4.0 base score of 9.3 reflects network-reachable exploitation against the printing subsystem with no authentication or user interaction required, though no public exploit identified at time of analysis and the issue has not been added to CISA KEV.

HP Buffer Overflow RCE Heap Overflow Linux Imaging And Printing
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in GIMP via malicious HDR (High Dynamic Range) image files allows attackers to run code in the context of the user opening the file. The flaw is a heap-based buffer overflow (CWE-122) in the HDR parser, requiring the victim to open a crafted file or visit a malicious page that delivers one. No public exploit identified at time of analysis, but the vulnerability was reported through ZDI (ZDI-CAN-28618) indicating verified researcher analysis.

RCE Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replication supplier to crash the server or corrupt heap memory by creating objectclass definitions with excessively long SUP (oc_superior) values. The flaw exists in schema serialization functions where the SUP field length is excluded from buffer size calculations yet still written via strcat(), producing an off-by-N heap overwrite. This is explicitly an incomplete fix variant of CVE-2025-14905, meaning organizations that patched that prior CVE may remain exposed if the SUP field code path was not remediated; no public exploit has been identified at time of analysis.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 +7
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Heap buffer overflow in Espressif ESP-IDF's protocomm component allows adjacent-network attackers to corrupt heap memory during the SRP6a (Security Scheme 2) session-setup handshake on affected IoT devices running ESP-IDF 5.2.6, 5.3.5, 5.4.4, 5.5.4, or 6.0. The flaw stems from a type-width mismatch in handle_session_command0() that trusts the client-supplied protobuf username length, enabling denial of service and potential integrity impact on provisioning interfaces. No public exploit identified at time of analysis; patches are available in 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.

Heap Overflow Buffer Overflow Esp Idf
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Format Plugins 1.1.2 and earlier occurs through a heap-based buffer overflow that executes in the current user's security context when a victim opens a maliciously crafted file. The flaw was reported by Adobe PSIRT and carries a CVSS 7.8 (high) score, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, suggesting it is currently a patching priority rather than an active incident.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Format Plugins versions 1.1.2 and earlier occurs via a heap-based buffer overflow triggered when a victim opens a malicious file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. The flaw is addressed in Adobe Security Bulletin APSB26-65.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. No public exploit has been identified at time of analysis, but the high CVSS of 7.8 reflects severe local impact, and Acrobat Reader's massive install base makes it a perennial phishing target. Exploitation requires user interaction, which moderates urgency relative to zero-click flaws but does not eliminate risk in document-heavy enterprise environments.

Heap Overflow Adobe Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Heap-based buffer overflow in SQLite's FTS5 full-text search extension (versions before 3.53.2) allows attackers to crash the process or execute arbitrary code by supplying a malicious database file that triggers an integer underflow in fts5ChunkIterate() during MATCH query processing. The flaw affects any application compiled with SQLITE_ENABLE_FTS5 that opens an attacker-supplied database and runs an FTS5 query against it; no public exploit identified at time of analysis, though VulnCheck has published an advisory.

Heap Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Memory corruption in SQLite versions before 3.53.2 enables attackers to crash processes, exhaust memory, or potentially execute arbitrary code by supplying a crafted database that triggers flaws in the FTS5 full-text search extension when a MATCH query runs. The CVSS 4.0 vector indicates local attack vector with passive user interaction required, and no public exploit identified at time of analysis. Reported by VulnCheck with patches already merged upstream.

Heap Overflow Buffer Overflow RCE +2
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122). Successful exploitation runs attacker code in the security context of the current user, making this a credible vector for endpoint compromise via social engineering. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a heap-based buffer overflow triggered when a victim opens a maliciously crafted file. The flaw runs code in the security context of the current user and requires user interaction, with no public exploit identified at time of analysis. Adobe has published advisory APSB26-58 addressing the issue.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted document file. The flaw runs code in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. Adobe published advisory APSB26-58 addressing the issue.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier is possible when a user opens a maliciously crafted document, triggering a heap-based buffer overflow. The flaw runs code in the context of the logged-in user and was reported by Adobe; no public exploit identified at time of analysis and EPSS data is not provided.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media is possible through a heap-based buffer overflow that triggers when a user opens or processes a crafted media file. The flaw (CWE-122) carries a CVSS 7.8 with local attack vector and user interaction required, and no public exploit identified at time of analysis. Successful exploitation yields high impact to confidentiality, integrity, and availability within the user's security context.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V stems from an out-of-bounds read condition (CWE-122 heap-based buffer overflow) that an attacker with high privileges on a guest or host context can leverage to break confidentiality, integrity, and availability boundaries. The CVSS 8.2 score is elevated by a scope change (S:C), indicating the flaw enables crossing the hypervisor isolation boundary. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office stems from a type confusion condition (CWE-122 heap-based memory corruption per tags) that allows an unauthorized attacker to run arbitrary code on the host. The CVSS 8.4 vector indicates local attack vector with no privileges or user interaction required, and no public exploit is identified at time of analysis. The flaw was reported by Microsoft's MSRC and disclosed via the official update guide.

Heap Overflow Microsoft Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Exploit Likely Act Now

Remote code execution in Microsoft Windows HTTP.sys allows unauthenticated network attackers to execute arbitrary code by triggering an integer overflow that leads to heap-based memory corruption. The flaw carries a CVSS 9.8 rating reflecting network reachability, no privileges, and no user interaction, and impacts the kernel-mode HTTP listener used by IIS and any Windows service relying on the HTTP Server API. No public exploit has been identified at the time of analysis and CISA KEV does not list it, but the wormable profile of HTTP.sys flaws warrants urgent patching.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.

Heap Overflow Buffer Overflow Windows App +13
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Windows Kernel allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition (CWE-122 heap-related memory corruption). The flaw was reported by Microsoft (secure@microsoft.com) and carries a critical CVSS 9.8 with no public exploit identified at time of analysis. Tag metadata indicates the bug can also be leveraged for heap overflow and denial-of-service outcomes.

Denial Of Service Heap Overflow Microsoft +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.

Denial Of Service Heap Overflow Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.

Denial Of Service Heap Overflow Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthenticated attacker can trigger when a user opens a crafted document. The CVSS 3.1 base score of 7.8 reflects high impact to confidentiality, integrity, and availability, with required user interaction limiting mass exploitation. There is no public exploit identified at time of analysis and the issue is not currently listed on the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel results from an integer underflow (CWE-122 heap-based) that allows an unauthorized attacker to run arbitrary code in the context of the user opening a crafted spreadsheet. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Microsoft (secure@microsoft.com) is the originating CNA, and the issue is tagged as a buffer/heap overflow class flaw.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Heap-based buffer overflow in Microsoft Office Word exposes limited local memory contents when a user opens a specially crafted document. Affecting multiple Office product lines including Microsoft 365 Apps for Enterprise, Office LTSC 2021, LTSC 2024, and their Mac counterparts, the vulnerability carries a CVSS score of 3.3 (Low) and is constrained to confidentiality impact only, with no integrity or availability consequences. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Heap Overflow Microsoft Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that triggers when a user opens or previews a maliciously crafted document. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Successful exploitation yields full confidentiality, integrity, and availability impact in the context of the current user.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122), allowing the attacker to run arbitrary code in the context of the opened Office process. The CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) reflects a user-interaction-driven local exploit rather than a remote network attack, and no public exploit identified at time of analysis. The flaw was reported through Microsoft Security Response Center (secure@microsoft.com) and is tracked in MSRC's update guide.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds heap read in the Windows Desktop Window Manager (DWM) Core Library on Windows 11 26H1 enables authenticated local attackers to disclose high-confidence confidentiality data without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms low-complexity local exploitation limited to a single authenticated session, with no integrity or availability impact. No public exploit code has been identified at time of analysis, and the vulnerability does not appear in the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library stems from a use-after-free condition (CWE-122) that lets an authenticated low-privileged user gain elevated rights on affected Windows systems. The flaw was reported by Microsoft (secure@microsoft.com) and tracked via MSRC, with no public exploit identified at time of analysis and no CISA KEV listing. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability once the attacker has local foothold.

Denial Of Service Heap Overflow Microsoft +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client arises from a heap-based buffer overflow (CWE-122) that an unauthenticated network attacker can trigger when a victim connects to or interacts with a malicious server. Microsoft (secure@microsoft.com) is the originating reporter and has published an advisory in the MSRC update guide, with no public exploit identified at time of analysis. The CVSS 7.5 (High) rating reflects high attack complexity and required user interaction, but successful exploitation yields full confidentiality, integrity, and availability impact on the client host.

Heap Overflow Buffer Overflow Remote Desktop Client +14
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is lured into connecting to an attacker-controlled RDP server, where a heap-based buffer overflow (CWE-122) can be triggered to run arbitrary code on the client machine. The flaw was reported by Microsoft (secure@microsoft.com) and carries a CVSS 3.1 score of 7.5, reflecting high attack complexity and the requirement for user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 21h2 +7
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a user is enticed to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow (CWE-122). The flaw scores CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and, while no public exploit is identified at time of analysis, the network-reachable nature and full CIA impact make it a meaningful client-side risk for users connecting to untrusted endpoints.

Buffer Overflow Heap Overflow Windows App +12
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows NT OS Kernel allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering an integer underflow condition. With a CVSS of 7.8 and no public exploit identified at time of analysis, this issue is primarily a post-compromise escalation vector commonly chained after initial access via phishing or commodity malware. Microsoft has released a patch through MSRC, and given Windows kernel EoP bugs are frequently weaponized by ransomware and APT actors historically, prompt patching is warranted despite the absence of confirmed in-the-wild exploitation.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Act Now

Local privilege escalation in Microsoft Windows DNS allows an authenticated low-privileged user to gain elevated privileges via a heap-based buffer overflow (CWE-122). The CVSS 7.0 score reflects high attack complexity and local-only access, and no public exploit is identified at time of analysis. The flaw was reported privately by Microsoft (MSRC) and is tracked under MSRC advisory CVE-2026-41108.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Universal Disk Format File System (UDFS) driver allows an authenticated low-privileged user to gain SYSTEM-level code execution by triggering a heap-based buffer overflow (CWE-122). The flaw affects Windows endpoints where the UDFS kernel driver parses attacker-controlled UDF-formatted media (typically optical discs or mounted disc images). No public exploit identified at time of analysis and the issue is not currently listed on CISA KEV.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in NVIDIA DALI enables local authenticated attackers to achieve code execution, data tampering, denial of service, or information disclosure when a victim user interacts with attacker-supplied input. The flaw affects the Data Loading Library used in GPU-accelerated deep learning data pipelines and carries a CVSS 3.1 score of 7.3 (High). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Heap Overflow RCE +3
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt up to ~8 MiB of heap memory by sending a crafted HTTP POST request with an oversized Content-Length header. The flaw is triggered before HTTP basic-auth validation runs, enabling pre-authentication exploitation against any exposed mod_verto HTTP endpoint, with CVSS 9.8 reflecting potential for remote code execution; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Freeswitch
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

Heap buffer overflow in Red Hat Directory Server's audit logging subsystem allows an authenticated high-privilege attacker to corrupt heap memory and tamper with audit log output. The vulnerable function create_masked_entry_string() in auditlog.c writes a fixed-length password mask into a precisely-sized heap buffer without bounds checking, overflowing when a short cleartext password is processed. Exploitation requires two non-default preconditions - audit logging must be enabled AND either CLEAR password storage must be configured or a replication peer must already be compromised - limiting real-world exposure significantly. No public exploit identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 +7
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Heap-based buffer overflow in the HarmonyOS IPC (Inter-Process Communication) module allows a local low-privileged attacker to impact confidentiality, integrity, and availability of the affected system. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) confirms exploitation requires local authenticated access with low complexity, limiting but not eliminating real-world risk on consumer and wearable Huawei devices. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Heap Overflow Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache HTTP Server 2.4.0 through 2.4.67 allows remote unauthenticated attackers to crash the server by submitting untrusted XML content processed by the mod_xml2enc module's xml2StartParse function. The flaw is a CWE-122 heap-based buffer overflow with a CVSS 7.5 score reflecting high availability impact only, and no public exploit has been identified at time of analysis.

Heap Overflow Apache Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache HTTP Server 2.4.0 through 2.4.67 stems from a heap buffer overflow in the mod_proxy_html output filter, where a malicious or compromised backend can return crafted HTML that corrupts memory in the proxying httpd worker. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) reflects unauthenticated network exploitation with availability-only impact, and no public exploit was identified at time of analysis.

Heap Overflow Apache Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache HTTP Server versions 2.4.0 through 2.4.67 stems from a heap-based buffer overflow triggered when the server processes responses from a malicious backend while ProxyPassReverseCookieDomain or ProxyPassReverseCookiePath directives are in use. Remote attackers controlling or compromising an upstream backend can crash the front-end Apache process, impacting availability of the reverse proxy without affecting confidentiality or integrity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow Apache Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Kernel heap memory corruption in Imagination Technologies Graphics DDK allows a non-privileged local user to crash or destabilize the kernel by issuing crafted GPU system calls. The flaw affects Graphics DDK 24.2 RTM, 25.1 RTM through 25.3 RTM, and 26.1 RTM, and impacts any device shipping the affected PowerVR/IMG GPU driver stack. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Heap Overflow Buffer Overflow Graphics Ddk
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds heap read in Google Chrome's Extensions component on Linux exposes sensitive process memory to a malicious extension author. Affected versions are Chrome on Linux prior to 149.0.7827.53; Windows and macOS are not listed as affected. Exploitation requires convincing a target user to install a crafted malicious extension, limiting exposure compared to the CVSS 6.5 score implies - no public exploit identified at time of analysis, and EPSS of 0.01% (1st percentile) reflects low current exploitation probability.

Heap Overflow Google Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome versions prior to 149.0.7827.53 stems from an integer overflow in the Skia graphics library that can be triggered by a crafted HTML page. Remote attackers can lure a victim to a malicious web page to potentially achieve arbitrary code execution within the renderer process. No public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.03% (11th percentile), though Chrome rendering bugs historically attract exploit development.

Heap Overflow Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's TabStrip component before 149.0.7827.53 lets a remote attacker who can lure a user into specific UI interactions on a malicious HTML page trigger memory corruption with high impact to confidentiality, integrity, and availability. The flaw carries a CVSS 8.8 due to network reachability and lack of authentication, though user interaction is required; there is no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Heap Overflow Google Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Heap-based buffer overflow in the Skia graphics rendering library within Google Chrome versions prior to 149.0.7827.53 enables remote attackers to read sensitive data from renderer process memory. Exploitation requires no authentication (PR:N) but does require user interaction - a victim must visit a specially crafted HTML page - and yields high confidentiality impact (C:H) with no integrity or availability impact per the CVSS vector. No public exploit has been identified at time of analysis, and the EPSS score of 0.03% (10th percentile) indicates very low current exploitation probability; CISA KEV active exploitation status is not confirmed.

Heap Overflow Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution when a user visits a crafted HTML page and performs specific UI interactions. The flaw is rated High severity by Chromium and CVSS 8.8, though no public exploit identified at time of analysis and EPSS scoring places near-term mass exploitation probability at 0.03%. A vendor patch is already available through the Stable Channel update.

Heap Overflow Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a heap buffer overflow in the Video component, allowing a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Chromium rates the severity as High and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.3 score reflects the scope change (S:C) that occurs when sandbox boundaries are crossed, though the attack requires high complexity and user interaction.

Heap Overflow Google Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap buffer overflow in the Media component of Google Chrome before 149.0.7827.53 enables remote attackers to achieve arbitrary code execution within the renderer sandbox after luring a user to a crafted HTML page and tricking them into performing specific UI gestures. Google rates the underlying Chromium issue as High severity, and while publicly available exploit code exists is not confirmed, vendor patches have been released through the Stable channel update. No active exploitation has been reported via CISA KEV at time of analysis.

Heap Overflow Google Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. Chromium rates the severity as High, and although no public exploit is identified at time of analysis, the CVSS 8.3 score with scope change reflects the cross-boundary impact when chained with a renderer RCE. This is a classic second-stage bug used in browser exploit chains rather than a standalone one-click compromise.

Heap Overflow Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Android (versions 14, 15, 16, and 16-qpr2) stems from a heap buffer overflow in the LoadedArsc.cpp resource table loader, allowing a low-privileged local process to write out of bounds and gain elevated execution privileges without user interaction. No public exploit identified at time of analysis, and SSVC scoring indicates exploitation has not been observed despite a 'total' technical impact rating. Patches are tracked in the June 2026 Android Security Bulletin.

Privilege Escalation Heap Overflow Buffer Overflow
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Proximity-based remote code execution in Google Android (versions 14, 15, 16, and 16-qpr2) is possible via a heap buffer overflow in multiple functions of sdp_discovery.cc, the Bluetooth Service Discovery Protocol component. An adjacent attacker within Bluetooth range can trigger memory corruption without any user interaction, with no public exploit identified at time of analysis. The flaw resides in the native Bluetooth stack and could yield code execution at the privilege level of the Bluetooth process.

Heap Overflow RCE Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4's MPEG-2 TS demuxer crashes the application when processing a specially crafted MP4 file, resulting in a Denial of Service. The vulnerable function `m2tsdmx_send_packet` in `filters/dmx_m2ts.c` lacked a minimum packet-length guard before performing heap operations on M2TS packet data. No active exploitation has been identified (not in CISA KEV), and impact is limited to availability - no code execution or data exposure is achievable via this path.

Heap Overflow Denial Of Service Buffer Overflow
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader allows a local authenticated attacker to corrupt memory via a crafted MDL file, potentially achieving limited confidentiality, integrity, and availability impact. Affected versions span all releases up to and including 6.0.4 of the open-source asset import library. No public exploit identified at time of analysis as active exploitation, but a proof-of-concept has been publicly released, and the CVSS temporal vector confirms exploit code existence (E:P).

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (versions up to 6.0.4) allows a locally authenticated attacker with low privileges to corrupt heap memory via a crafted MDL animation file, producing low-severity but confirmed confidentiality, integrity, and availability impact. The vulnerability resides in the read_animations function of HL1MDLLoader.cpp and is reproducible with publicly available exploit code (POC). This is not confirmed in CISA KEV, and the Assimp project has tagged the report as a bug rather than a security defect, which may slow patch prioritization.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's Half-Life 1 MDL Loader (HL1MDLLoader::read_meshes, versions through 6.0.4) allows local attackers with low privileges to trigger memory corruption when a crafted MDL file is processed, yielding partial confidentiality, integrity, and availability impact on the host process. A publicly available proof-of-concept exploit (poc.zip) has been disclosed, raising the urgency for affected deployments that ingest untrusted HL1 model files. No actively exploited status from CISA KEV has been confirmed; the Assimp project has tagged the report as a bug rather than a formal security advisory, and no patched release version has been identified at time of analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user execution to corrupt memory and achieve remote code execution without user interaction. The flaw affects multiple MediaTek Wi-Fi chipsets commonly embedded in routers and access points (MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993, MT6890). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Assimp's glTF 4x4 Matrix Parser (versions up to 6.0.4) can be triggered by a local, low-privileged attacker supplying crafted input to the `glTFCommon::CopyValue` function in `glTFCommon.h`, resulting in partial confidentiality, integrity, and availability impact. A public proof-of-concept exploit archive has been published on GitHub, confirmed by the CVSS temporal modifier E:P (proof-of-concept). No active exploitation has been confirmed (not in CISA KEV), and the CVSS remediation level RL:X indicates no official patch has been defined as of this analysis.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap-based buffer overflow in OFFIS DCMTK 3.7.0's dcmqrscp component allows remote low-privileged attackers to trigger memory corruption via the deleteOldestImages function in the DICOM Query/Retrieve database backend. Exploitation requires authenticated network access with low complexity and results in partial confidentiality, integrity, and availability impact without crossing privilege boundaries. No public exploit identified at time of analysis; an upstream git commit patch is confirmed available, though a formally tagged release version incorporating the fix has not been independently verified.

Heap Overflow Buffer Overflow Suse
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow write in FreeRDP's server-side clipboard (cliprdr) channel allows a malicious RDP client to crash server processes and potentially achieve remote code execution against FreeRDP versions prior to 3.26.0. The flaw is triggered by a malformed CB_CLIP_CAPS PDU with an undersized capabilitySetLength field, corrupting heap memory after authentication. No public exploit identified at time of analysis, but the CVSS 8.8 rating and heap corruption nature make this a high-priority patch for any RDP server deployment using FreeRDP.

Heap Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow write in FreeRDP client versions prior to 3.26.0 allows a malicious RDP server to corrupt client memory and potentially achieve code execution when the victim connects with RDPGFX enabled. The flaw resides in gdi_CacheToSurface, where validation uses a clamped destination rectangle while the actual copy uses unclamped cacheEntry width/height values, enabling a large out-of-bounds heap write. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow RCE Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows remote attackers to potentially achieve code execution within the renderer process when a victim visits a crafted HTML page. Google rated the issue High severity and has shipped a stable-channel fix; no public exploit identified at time of analysis and EPSS is currently 0.03% (10th percentile), indicating low observed exploitation interest despite the strong technical impact.

Google Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by tricking a user into visiting a crafted HTML page that triggers a heap buffer overflow in the WebCodecs component. Chromium rates this severity High and a vendor patch is available, though EPSS exploitation probability is currently very low (0.03%, 9th percentile) and there is no public exploit identified at time of analysis.

Google Heap Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 leverages a heap buffer overflow in the ANGLE graphics translation layer, enabling attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Chromium rates the severity as High and CVSS scores it at 8.3, though EPSS remains very low at 0.03% and no public exploit has been identified at time of analysis.

Google Heap Overflow Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 148.0.7778.216 lets a remote attacker who has already compromised the renderer process break out of the Chrome sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. The flaw carries CVSS 8.3 (High) and is rated Chromium-severity High, but EPSS is only 0.03% and there is no public exploit identified at time of analysis. Patched in the Stable channel update announced by Google on the Chrome Releases blog.

Google Heap Overflow Microsoft +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium with CVSS 8.3 (scope-changed) and CWE-122 heap buffer overflow; no public exploit identified at time of analysis and EPSS is very low (0.03%), but the vulnerability is in the second-stage chain typically combined with a renderer RCE.

Google Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Heap buffer overflow in pam_usb prior to 0.9.1 allows a local attacker with high privileges to corrupt heap memory on 32-bit Linux platforms (armv7l, i686) by supplying a crafted configuration file with an excessive device count. The root cause is an unchecked integer multiplication in src/conf.c where n_devices * sizeof(t_pusb_device) wraps around size_t on 32-bit targets, causing xmalloc() to receive a drastically undersized allocation that is silently accepted, enabling out-of-bounds writes into heap memory. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, successful exploitation yields full confidentiality, integrity, and availability impact on the affected host.

Heap Overflow Buffer Overflow Pam Usb
NVD GitHub
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Heap buffer overflow in libjxl 0.12.0 lets remote attackers corrupt heap memory by feeding a crafted PBM/PNM image to the jxl::extras::DecodeImagePNM routine, which writes decoded rows into an output buffer without first checking that the buffer is large enough for the header-declared dimensions. The CVSS vector (AV:N/AC:L/PR:N/UI:N) describes unauthenticated, low-complexity exploitation with no user interaction, and CISA's SSVC framework rates it automatable with partial technical impact. Publicly available exploit code exists, though it is not listed in CISA KEV and no public exploit has been tied to active exploitation.

Heap Overflow Buffer Overflow Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Transfer Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1) through a heap-based buffer overflow in the asperahttpd component. An unauthenticated network attacker can corrupt memory to crash the service (denial of service) and, in the worst case, hijack execution flow to run arbitrary code or bypass authentication. There is no public exploit identified at time of analysis and SSVC lists exploitation as none, but the CVSS 9.8 rating and 'Automatable: yes' assessment mark this as a high-priority patching target.

RCE Denial Of Service Buffer Overflow +3
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Heap buffer overflow in Tasmota IoT firmware (through version 15.3.0.3) lets a remote attacker corrupt heap memory by manipulating the Content-Length of a JPEG stream processed by the fetch_jpg() routine in the scripter driver. Because the length is stored in a 16-bit integer, values above 65535 wrap to a small number, so the firmware allocates an undersized buffer and then reads the full, larger payload into it. Publicly available exploit code exists (a dedicated GitHub repository), CISA's SSVC framework rates exploitation as proof-of-concept and automatable, but the issue is not in CISA KEV and no public active exploitation is identified.

Heap Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Heap-based buffer overflow in GNU LibreDWG through version 0.13.4.8160 lets an attacker corrupt heap memory by getting the library to parse a malicious DWG file, specifically a 2004-format file with a crafted compressed section processed via the dwgbmp thumbnail-extraction utility. The flaw stems from missing bounds validation in the decompression routine and is reachable without authentication or user privileges per its CVSS vector; impact is rated low across confidentiality, integrity, and availability (CVSS 7.3). Publicly available exploit code exists (a proof-of-concept DWG sample), but the issue is not listed in CISA KEV, and an official upstream fix has been committed.

Buffer Overflow Heap Overflow Libredwg
NVD VulDB GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Heap-based buffer overflow in IBM HTTP Server 8.5 and 9.0 allows an attacker already authenticated to the Administration Server to execute arbitrary code or crash the service. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis despite the high CVSS 8.0 rating. EPSS probability is negligible (0.01%) and SSVC marks exploitation as 'none,' indicating the issue is currently a patch-and-move-on item rather than an emergency.

Denial Of Service Heap Overflow IBM +2
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Heap buffer overflow in FreeRDP versions prior to 3.26.0 allows a malicious RDP server to write out-of-bounds heap memory on connecting clients through the gdi_CacheToSurface function, potentially leading to remote code execution or client crash. The flaw stems from inconsistent rectangle validation where coordinates are clamped to UINT16_MAX but copy operations use unclamped cache entry dimensions. Publicly available exploit code exists per SSVC, though EPSS exploitation probability remains low at 0.06%.

Heap Overflow Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Heap-based buffer overflow in Check Point Quantum Security Gateway's HTTP-based service allows unauthenticated remote attackers to cause availability disruption by sending crafted malformed HTTP requests requiring no authentication or user interaction. Affected deployments span all R81.10 releases and below, R81.20 through Jumbo Hotfix Take 127, R82 through Jumbo Hotfix Take 91, and R82.10 through Jumbo Hotfix Take 19. No public exploit identified at time of analysis, though SSVC classifies the attack as automatable with total technical impact - a meaningful tension with the CVSS A:L rating that security teams should scrutinize before deprioritizing.

Heap Overflow Checkpoint Buffer Overflow +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to terminate the VPN service by sending a malformed IKE fragment to UDP port 500 during the early phase of a connection attempt. The flaw affects multiple R81.x, R82, and R82.10 release trains running below specific Jumbo Hotfix Takes; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Squirrel versions 3.0 through 3.2 allows a locally authenticated low-privilege attacker to corrupt heap memory by supplying a malicious Cnut file to the ReadObject function in sqobject.cpp. The impact is limited to partial confidentiality, integrity, and availability effects with no scope change, as confirmed by the CVSS 4.0 score of 1.9. A public proof-of-concept exploit exists on GitHub, but this vulnerability has not been confirmed actively exploited by CISA KEV, and EPSS places exploitation probability at just 0.01% (2nd percentile), indicating very low real-world exploitation activity.

Heap Overflow Buffer Overflow Squirrel
NVD VulDB GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Heap-based buffer overflow in Hitachi Energy MACH HiDraw's XML parser allows a low-privileged, locally authenticated attacker to corrupt heap memory by inducing a victim to open a specially crafted XML file, with a primary impact of high availability loss (application crash) and limited confidentiality and integrity compromise. Affected versions span MACH HiDraw 9.0 through versions prior to 9.22 per EUVD-2026-31812. No public exploit identified at time of analysis, and an EPSS score of 0.01% (3rd percentile) combined with an SSVC exploitation status of 'none' confirm minimal current real-world exploitation activity.

Denial Of Service Heap Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap buffer overflow in MediaArea MediaInfoLib's ID3v2 metadata parser allows local attackers to achieve arbitrary code execution when a victim opens a crafted media file. The flaw affects MediaInfoLib 26.01 and requires user interaction to trigger, with no public exploit identified at time of analysis. While CVSS rates it 7.8 (High), the very low EPSS score (0.01%) and SSVC 'Exploitation: none' signal suggest no widespread targeting is occurring.

Heap Overflow Buffer Overflow Mediainfolib
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Heap corruption in FastNetMon Community Edition through 1.2.9 allows authenticated local users to trigger an integer overflow in the packet capture buffer allocation routine, resulting in undersized allocations followed by out-of-bounds heap writes during packet storage. The flaw stems from 32-bit unsigned arithmetic in allocate_buffer() in src/packet_storage.hpp, where a sufficiently large ban_details_records_count configuration value causes the memory size calculation to wrap. No public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.01%.

Heap Overflow Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in GNU LibreDWG's dwgread utility (versions 0.1 through 0.14) allows a local attacker with low privileges to corrupt heap memory by supplying a specially crafted R2004-format DWG file. The vulnerable function decompress_R2004_section in src/decode.c fails to validate decompression offset and size parameters before writing, enabling out-of-bounds heap writes with partial confidentiality, integrity, and availability impact. Publicly available exploit code exists as a crafted DWG file; however, no active exploitation is confirmed (not in CISA KEV), EPSS is 0.01% (2nd percentile), and the local-only attack vector sharply constrains real-world risk.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) exposes users of the dwgread utility to partial confidentiality, integrity, and availability compromise when processing a maliciously crafted DWG file. All released versions from 0.1 through 0.14 are affected, and a publicly available proof-of-concept exploit file exists on GitHub. No vendor patch has been issued; the project has not responded to the responsible disclosure despite early notification via issue report.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

Heap-based buffer overflow in Ettercap's GG protocol dissector (versions up to 0.8.3) allows remote attackers to potentially achieve limited confidentiality, integrity, and availability compromise through crafted network traffic. The vulnerability exists in the ec_gg.c dissector when processing Gadu-Gadu instant messaging protocol packets. Publicly available exploit code exists (GitHub issue #1306), and vendor has released patch version 0.8.4 (commit feeae6fa). Despite network attack vector, exploitation difficulty is high (AC:H) with low EPSS risk, suggesting specialized targeting rather than mass exploitation.

Buffer Overflow Heap Overflow Ettercap
NVD VulDB GitHub
EPSS 0% CVSS 9.2
CRITICAL POC PATCH Act Now

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module can be triggered by unauthenticated remote attackers sending crafted HTTP requests that target rewrite directives using overlapping PCRE captures (e.g., $1$2 referencing ^/((.*))$) in redirect or arguments contexts. Impact ranges from worker process crash/restart to arbitrary code execution where ASLR is disabled or bypassed; publicly available exploit code exists, though EPSS exploitation probability is low (0.15%, 35th percentile) and the issue is not in CISA KEV.

Buffer Overflow Nginx Heap Overflow +2
NVD VulDB GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Week

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the history to cause memory corruption or application crashes. Releases from 0.12.1 to 0.14.3 (including) are considered vulnerable. This issue was fixed in commit 23063c7

Buffer Overflow Heap Overflow Vifm +1
NVD GitHub VulDB
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Heap buffer over-write in ImageMagick's distributed pixel cache server (`magick -distribute-cache`) allows an attacker who can connect to the service to corrupt the server process's heap memory, resulting in a high-severity denial-of-service condition. All Magick.NET NuGet package variants (Q16, HDRI, OpenMP, across arm64/x64/x86/AnyCPU architectures) prior to version 14.12.0 are confirmed affected. No public exploit has been identified at time of analysis and the vulnerability does not appear in CISA KEV; however, a notable discrepancy exists between the CVSS attack vector (AV:L, local) and the description's implication of service-level connectivity, which warrants independent verification before fully trusting the low CVSS score.

Buffer Overflow Heap Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

FreeBSD's fusefs kernel module mishandles extended attribute list responses from FUSE userspace daemons by calling strlen() on daemon-supplied buffers without first verifying NUL-termination, enabling a malicious daemon operator to read up to 253 bytes of kernel heap memory or inject up to 250 attacker-controlled bytes into unallocated kernel heap space. Affected releases are FreeBSD 14.3-RELEASE prior to p14, 14.4-RELEASE prior to p5, and 15.0-RELEASE prior to p9 per FreeBSD-SA-26:20.fusefs and EUVD-2026-31254. No public exploit code exists and EPSS sits at 0.02% (5th percentile), though the heap write primitive carries local privilege escalation potential beyond what the CVSS integrity score reflects.

Buffer Overflow Heap Overflow Freebsd
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Heap buffer overflow in the Netatalk cnid_metad daemon's comm_rcv() function allows remote attackers with low-level privileges to corrupt memory across versions 2.0.0 through 4.4.2. Given the CVSS 9.9 score with scope change and high impact across confidentiality, integrity, and availability, successful exploitation likely leads to code execution in the daemon's context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Heap Overflow Suse
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Heap-based buffer overflow in libsolv's repo_add_solv() function enables a remote unauthenticated attacker to crash the parsing process by delivering a specially crafted .solv repository metadata file containing negative values in the maxsize or allsize header fields. The malformed values bypass allocation sizing logic, producing an undersized heap buffer that is subsequently written past its bounds, yielding a denial of service. No public exploit identified at time of analysis; however, an upstream fix has been submitted via openSUSE/libsolv GitHub PR #617, and Red Hat has acknowledged the issue via a dedicated security advisory.

Denial Of Service Buffer Overflow Heap Overflow +6
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Heap-based integer overflow in the hpcups component of HP Linux Imaging and Printing Software (HPLIP) allows attackers to achieve arbitrary code execution and/or privilege escalation by submitting crafted print data. The CVSS 4.0 base score of 9.3 reflects network-reachable exploitation against the printing subsystem with no authentication or user interaction required, though no public exploit identified at time of analysis and the issue has not been added to CISA KEV.

HP Buffer Overflow RCE +2
NVD VulDB
Prev Page 3 of 22 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy