Skip to main content

Memory Corruption

15288 CVEs technique

Monthly

CVE-2026-23319 HIGH PATCH This Week

A use-after-free (UAF) vulnerability exists in the Linux kernel's BPF subsystem within the bpf_trampoline_link_cgroup_shim function, where a race condition allows a process to reference memory after it has been freed. An attacker with CAP_BPF or CAP_PERFMON capabilities can trigger this vulnerability to cause a kernel crash (denial of service). A proof-of-concept has been demonstrated by the reporter, showing the bug can be reliably reproduced; the vulnerability is not listed on the CISA KEV catalog but affects all Linux kernel versions until patched.

Linux Use After Free Denial Of Service Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23306 HIGH PATCH This Week

A use-after-free vulnerability exists in the Linux kernel's pm8001 SCSI driver where the pm8001_queue_command() function incorrectly returns -ENODEV after already freeing a SAS task, causing the upper-layer libsas driver to attempt a second free operation. This affects all Linux kernel versions with the vulnerable pm8001 driver code, and while not remotely exploitable by default, it can lead to kernel memory corruption and denial of service on systems using PM8001-compatible SCSI controllers. No CVSS score, EPSS data, or active KEV status is currently available, but multiple stable kernel patches have been released across multiple branches.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23281 HIGH PATCH This Week

Use-after-free in the Linux kernel's libertas wireless driver (lbs_free_adapter()) allows local privileged users to corrupt memory when a timer callback races with adapter teardown. The flaw stems from using non-synchronous timer_delete() instead of timer_delete_sync() on command_timer and tx_lockup_timer, leaving callbacks free to dereference freed driver_lock, cur_cmd, and dev fields. EPSS is very low (0.02%, 7th percentile) and there is no public exploit identified at time of analysis, but the bug has existed since the driver's introduction and on stable trees through 6.18.x.

Linux Use After Free Memory Corruption Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28825 HIGH PATCH This Week

Improper bounds checking in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) permits a local attacker to write out-of-bounds memory through a malicious application, potentially allowing modification of protected filesystem areas. The vulnerability requires user interaction to execute the malicious app and affects the file system's integrity rather than confidentiality. No patch is currently available for this out-of-bounds write condition.

Apple Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-20687 HIGH PATCH This Week

Apple's iOS, iPadOS, macOS, tvOS, and watchOS contain a use-after-free vulnerability that could allow a local attacker to corrupt kernel memory or cause unexpected system crashes. An installed application can trigger this memory corruption flaw through user interaction, potentially leading to denial of service or unauthorized kernel-level modifications. No patch is currently available for this vulnerability (CVSS 7.1).

Apple Use After Free Memory Corruption Denial Of Service macOS +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-20664 MEDIUM PATCH This Month

Memory corruption in Apple Safari, iOS, iPadOS, macOS, and visionOS allows remote attackers to crash affected processes by delivering maliciously crafted web content to users. The vulnerability requires user interaction to view the malicious content and does not enable code execution or information disclosure. A patch is currently unavailable for this issue.

Apple Memory Corruption Buffer Overflow Ios And Ipados Visionos
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28835 MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 or earlier, Sonoma 14.8.4 or earlier, and Tahoe 26.3 or earlier contain a use-after-free vulnerability in SMB share handling that could allow an attacker to crash the operating system by mounting a specially crafted network share. The vulnerability requires user interaction to mount the malicious share and results in denial of service rather than code execution or data compromise. No patch is currently available for this vulnerability.

Apple Use After Free Memory Corruption Information Disclosure macOS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28822 MEDIUM PATCH This Month

Type confusion in Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows local attackers to trigger unexpected application termination through memory corruption. The vulnerability affects multiple OS versions and currently lacks a publicly available patch. An attacker with local access can exploit this to cause denial of service by crashing targeted applications.

Apple Memory Corruption Information Disclosure macOS iOS
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28879 MEDIUM PATCH This Month

Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS contain a use-after-free vulnerability that could allow remote attackers to crash affected applications by processing maliciously crafted web content. The vulnerability stems from improper memory management and requires user interaction to exploit. No patch is currently available, leaving users vulnerable until official updates are released.

Apple Use After Free Denial Of Service Memory Corruption macOS +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20637 MEDIUM PATCH This Month

Denial of service in Apple iOS, iPadOS, and macOS due to a use-after-free memory corruption vulnerability allows local attackers to trigger unexpected system termination. The flaw affects multiple Apple platforms including iOS 18.x, macOS Sequoia, Sonoma, and Tahoe versions. No patch is currently available.

Apple Use After Free Denial Of Service Memory Corruption macOS +1
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-20698 HIGH PATCH This Week

This vulnerability is a memory handling flaw in Apple's operating systems (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) that allows a malicious application to trigger unexpected system termination or corrupt kernel memory. The vulnerability affects all versions prior to the version 26.4 releases across Apple's entire ecosystem. An attacker can exploit this by crafting a malicious app that triggers improper memory handling, potentially leading to denial of service or privilege escalation through kernel memory corruption.

Apple Memory Corruption Buffer Overflow macOS iOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33215 MEDIUM This Month

NVIDIA SNAP-4 Container contains a use-of-out-of-range pointer offset vulnerability in the VIRTIO-BLK component that allows a malicious guest VM to trigger memory corruption and denial of service. The vulnerability affects NVIDIA SNAP-4 Container across all versions as indicated by the CPE string. A successful exploit results in denial of service to the DPA (Data Processing Appliance) and impacts storage availability to other VMs, though no code execution or information disclosure is possible. There is no evidence of active exploitation in the wild (KEV status indicates none), and the CVSS score of 6.8 reflects moderate severity with high availability impact but limited exploitability due to requiring adjacent network access and user privileges.

Denial Of Service Nvidia Memory Corruption
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-4725 CRITICAL PATCH Act Now

Unauthenticated remote attackers can escape the Firefox sandbox through a use-after-free vulnerability in the Canvas2D graphics component, allowing arbitrary code execution on affected systems running Firefox versions prior to 149. The vulnerability requires no user interaction and impacts the entire system due to its critical severity and CVSS score of 10.0. No patch is currently available for this actively exploitable flaw.

Information Disclosure Memory Corruption Mozilla Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-4711 CRITICAL PATCH Act Now

A use-after-free vulnerability in Firefox's Cocoa widget component allows remote code execution without user interaction or special privileges, affecting Firefox versions below 149 and ESR below 140.9. An attacker can exploit this memory corruption flaw over the network to achieve complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available.

Information Disclosure Memory Corruption Mozilla Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4723 CRITICAL PATCH Act Now

Firefox versions prior to 149 contain a use-after-free vulnerability in the JavaScript engine that allows unauthenticated remote attackers to achieve arbitrary code execution with no user interaction required. The vulnerability affects all Firefox users and can be exploited over the network to gain complete control over an affected system. No patch is currently available.

Information Disclosure Memory Corruption Mozilla Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4702 CRITICAL PATCH Act Now

A JIT (Just-In-Time) compilation miscompilation vulnerability exists in Firefox's JavaScript Engine that can lead to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this vulnerability through malicious JavaScript code to potentially disclose sensitive information from the browser's memory or process space.

Mozilla Memory Corruption Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4701 CRITICAL PATCH Act Now

Mozilla Firefox versions below 149 (and ESR versions below 140.9) contain a use-after-free vulnerability in the JavaScript Engine that enables unauthenticated remote attackers to achieve arbitrary code execution without user interaction. The memory corruption flaw allows complete compromise of affected systems through network-based attacks. No patch is currently available for this critical vulnerability.

Mozilla Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4698 CRITICAL PATCH Act Now

A JIT miscompilation vulnerability exists in Firefox's JavaScript engine that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw through malicious JavaScript to extract sensitive information from the browser's memory, potentially compromising user data and system security.

Mozilla Memory Corruption Information Disclosure Firefox Esr
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4696 CRITICAL PATCH Act Now

Unauthenticated remote attackers can achieve arbitrary code execution through a use-after-free memory corruption vulnerability in Firefox's text and font rendering engine, affecting Firefox versions below 149, ESR below 115.34, and ESR below 140.9. The vulnerability requires no user interaction or special privileges and allows complete compromise of confidentiality, integrity, and availability. No patch is currently available.

Information Disclosure Memory Corruption Mozilla Use After Free Firefox Esr
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4691 CRITICAL PATCH Act Now

Critical use-after-free in Mozilla Firefox's CSS parsing engine enables unauthenticated remote code execution with no user interaction required, affecting Firefox versions below 149, ESR 115.34, and ESR 140.9. An attacker can exploit this memory corruption vulnerability by crafting a malicious web page that triggers the vulnerability when rendered, achieving full system compromise. No patch is currently available.

Information Disclosure Memory Corruption Mozilla Use After Free Firefox Esr
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-4688 CRITICAL PATCH Act Now

Sandbox escape in Mozilla Firefox's Disability Access APIs component due to a use-after-free memory vulnerability allows unauthenticated remote attackers to execute arbitrary code with full system compromise. Firefox versions below 149 and Firefox ESR below 140.9 are affected, with no patch currently available. The vulnerability is exploitable over the network without user interaction, presenting critical risk to all affected users.

Information Disclosure Memory Corruption Mozilla Use After Free Firefox Esr
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2019-25646 CRITICAL POC Act Now

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Mail Carrier
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2019-25644 MEDIUM POC This Month

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Winmpg Video Convert Local Dos Exploit
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25637 HIGH POC This Week

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Netstat Pro
NVD Exploit-DB VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2019-25634 HIGH POC This Week

Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.

Buffer Overflow Memory Corruption RCE Base64 Decoder
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25633 HIGH POC This Week

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Aida64 Extreme
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25631 HIGH POC This Week

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Aida64 Business
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25629 HIGH POC This Week

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Aida64 Extreme
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25628 CRITICAL POC Act Now

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Download Accelerator Plus Dap
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-4756 HIGH PATCH This Week

Memory corruption through out-of-bounds writes in Android-ImageMagick7 prior to version 7.1.2-11 enables local attackers to achieve arbitrary code execution with user interaction. The vulnerability affects Google's implementation of ImageMagick and carries a CVSS score of 7.8, indicating high severity with complete confidentiality, integrity, and availability impact. A patch is available for affected users.

Buffer Overflow Google Memory Corruption Android
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33854 HIGH PATCH This Week

Memory corruption through out-of-bounds write in Android-ImageMagick7 before version 7.1.2-10 enables remote code execution when a user processes a malicious image file. An attacker can exploit this vulnerability over the network without authentication to achieve complete system compromise including data theft, modification, and denial of service. A patch is available for affected Android devices running vulnerable versions of the ImageMagick library.

Google Buffer Overflow Memory Corruption Android
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33850 HIGH PATCH This Week

WujekFoliarz DualSenseY-v2 versions prior to 54 contain an out-of-bounds write vulnerability that allows local attackers with user interaction to achieve arbitrary code execution with full system compromise. The CVSS 7.8 rating reflects the high impact on confidentiality, integrity, and availability through memory corruption exploitation. A patch is available for affected users to mitigate this local privilege escalation risk.

Buffer Overflow Memory Corruption Dualsensey V2
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-4752 MEDIUM PATCH This Month

A Use After Free (UAF) vulnerability exists in No-Chicken Echo-Mate prior to version V250329, allowing an attacker with high privileges to cause memory corruption that may lead to information disclosure, data integrity violations, or denial of service. The vulnerability is classified as CWE-416 and carries a CVSS score of 6.4; a security patch is available from the vendor via GitHub pull request.

Use After Free Denial Of Service Memory Corruption Echo Mate
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-4737 HIGH PATCH This Week

A Use After Free vulnerability exists in the No-Chicken Echo-Mate SDK, specifically within the kernel memory management modules (rmap.C file), that can lead to denial of service and memory corruption. This vulnerability affects Echo-Mate versions prior to V250329 and has been reported by GovTech CSG. An attacker exploiting this flaw could trigger a crash or potentially achieve code execution through memory corruption, though the specific attack vector complexity remains dependent on the exposure of the affected kernel module.

Use After Free Denial Of Service Memory Corruption Echo Mate
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-4680 HIGH PATCH This Week

Remote code execution in Google Chrome's Federated Credential Management (FedCM) prior to version 146.0.7680.165 enables unauthenticated attackers to execute arbitrary code within the browser sandbox through a malicious HTML page. This use-after-free vulnerability in memory management affects Chrome on all supported platforms and requires only user interaction to trigger. A patch is available in Chrome 146.0.7680.165 and later.

Google RCE Use After Free Debian Memory Corruption +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4678 HIGH PATCH This Week

Sandboxed code execution in Google Chrome's WebGPU implementation (prior to 146.0.7680.165) stems from a use-after-free memory vulnerability that can be triggered via malicious HTML pages. An unauthenticated remote attacker can exploit this to execute arbitrary code within the Chrome sandbox without user interaction beyond viewing a crafted webpage. A patch is available for affected users.

Google RCE Use After Free Debian Memory Corruption +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-4676 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to version 146.0.7680.165 via a use-after-free vulnerability in the Dawn graphics component enables remote attackers to execute arbitrary code when users visit malicious HTML pages. The vulnerability affects multiple platforms including Debian systems and requires only user interaction to trigger, bypassing Chrome's sandbox isolation. A patch is available to remediate this high-severity memory corruption flaw.

Debian Google Use After Free Denial Of Service Memory Corruption +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-30007 MEDIUM This Month

XnSoft NConvert version 7.230 contains a Use-After-Free vulnerability triggered by processing specially crafted TIFF files, which can lead to information disclosure and potential code execution. The vulnerability affects NConvert image conversion software and has been publicly documented with proof-of-concept code available on GitHub. An attacker can exploit this by providing a malicious TIFF file to an NConvert user or service, potentially causing a crash or unauthorized memory access.

Information Disclosure Memory Corruption Use After Free
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25619 HIGH POC This Week

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Ftp Shell Server
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25615 HIGH POC This Week

Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field.

Memory Corruption Buffer Overflow RCE Lavavo Cd Ripper
NVD Exploit-DB VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25614 CRITICAL POC Act Now

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Free Float Ftp
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2019-25612 HIGH POC This Week

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field.

Memory Corruption Buffer Overflow RCE Admin Express
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2019-25611 HIGH POC This Week

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values.

Memory Corruption Buffer Overflow RCE Miniftp
NVD Exploit-DB GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25609 HIGH POC This Week

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers.

Memory Corruption Buffer Overflow RCE Server
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25607 HIGH POC This Week

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename.

Memory Corruption Buffer Overflow RCE Axessh
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25606 MEDIUM POC This Month

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Fast Avi Mpeg Joiner
NVD Exploit-DB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2019-25604 HIGH POC This Week

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files.

Memory Corruption Buffer Overflow RCE Dvdxplayer
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25603 HIGH POC This Week

TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string.

Memory Corruption Buffer Overflow RCE Tuneclone
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25601 MEDIUM POC This Month

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Ultravnc Launcher
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25600 HIGH POC This Week

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field.

Memory Corruption Buffer Overflow Denial Of Service Ultravnc Viewer
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2019-25598 MEDIUM POC This Month

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft Denial Of Service
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25597 MEDIUM POC This Month

NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Nsauditor
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25591 MEDIUM POC This Month

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Dnss Domain Name Search Software
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25589 MEDIUM POC This Month

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zoc Terminal
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25584 MEDIUM POC This Month

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rarmaradio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25569 MEDIUM POC This Month

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Realterm
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25567 MEDIUM POC This Month

Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Valentina Studio
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25566 MEDIUM POC This Month

TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Transmac
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25565 MEDIUM POC This Month

Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Magic Iso Maker
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25564 MEDIUM POC This Month

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Pchelpwarev2
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2019-25562 MEDIUM POC This Month

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Convert Video Jetaudio
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2019-25561 MEDIUM POC This Month

Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Lyric Maker
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25558 MEDIUM POC This Month

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Selfie Studio
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25556 MEDIUM POC This Month

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Twistedbrush Pro Studio
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25554 MEDIUM POC This Month

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Mp4 Converter
NVD Exploit-DB VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2019-25550 MEDIUM POC This Month

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Encrypt Pdf
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25549 MEDIUM POC This Month

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Verypdf Pcl Converter
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2019-25547 MEDIUM POC This Month

NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netaware
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25546 MEDIUM POC This Month

NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Netaware
NVD Exploit-DB VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2019-25545 MEDIUM POC This Month

Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Terminal Services Manager
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-21732 CRITICAL Act Now

GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.

Buffer Overflow Memory Corruption Graphics Ddk
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-33165 MEDIUM PATCH This Month

A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33150 HIGH POC PATCH This Week

libfuse versions 3.18.0 through 3.18.1 contain a use-after-free vulnerability in the io_uring subsystem that allows local attackers to crash FUSE filesystem processes or execute arbitrary code when thread creation fails under resource constraints. The flaw occurs when io_uring initialization fails (e.g., due to cgroup limits), leaving a dangling pointer in session state that is dereferenced during shutdown. Public exploit code exists for this vulnerability, and no patch is currently available.

Memory Corruption RCE Denial Of Service Use After Free Libfuse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33144 MEDIUM PATCH This Month

Heap-based buffer overflow in GPAC MP4Box's XML parsing function allows local attackers to corrupt memory and potentially crash the application or achieve code execution by crafting malicious NHML files with specially formatted BitSequence elements. The vulnerability affects systems processing untrusted multimedia files and remains unpatched as of this advisory. Exploitation requires user interaction to open a malicious file.

Memory Corruption Buffer Overflow Gpac
NVD GitHub VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-32701 npm HIGH PATCH This Week

Qwik, a performance-focused JavaScript framework, contains an array prototype pollution vulnerability in its FormData parsing logic that affects versions prior to 1.19.2. Attackers can submit specially crafted form field names using mixed array-index and object-property keys (e.g., items.0 alongside items.toString or items.length) to inject malicious properties into objects the application expects to be arrays, leading to denial of service through malformed array states, oversized lengths, or request handling failures. The vulnerability has a CVSS score of 7.5 (High severity) with network-based exploitation requiring no authentication or user interaction, and a patch is available in version 1.19.2.

Memory Corruption Denial Of Service Qwik
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23273 HIGH PATCH This Week

A use-after-free race condition exists in the Linux kernel's macvlan driver within the macvlan_common_newlink() error handling path. When a macvlan device creation fails after the network device becomes visible to the RCU (Read-Copy-Update) subsystem, the caller's subsequent free_netdev(dev) can race with ongoing packet forwarding operations, causing kernel memory corruption and potential information disclosure. This vulnerability affects Linux kernel versions 5.10 through 6.19 and later, and while no public exploit exists, the issue is reproducible via crafted netlink commands that trigger concurrent device creation and packet transmission.

Linux Information Disclosure Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33055 Cargo HIGH PATCH This Week

The tar-rs Rust library versions 0.4.44 and below contain a logic flaw where PAX (POSIX.1-2001) size headers are conditionally skipped when the base tar header size is nonzero, causing the library to parse tar archives differently than other standard tar implementations like Go's archive/tar. This discrepancy allows an attacker to craft malicious tar archives that appear different when unpacked by tar-rs versus other parsers, potentially leading to information disclosure or file confusion attacks. The vulnerability affects any application using tar-rs to parse untrusted archives and expecting consistent behavior with other tar parsers, with a moderate CVSS score of 5.1 indicating low attack complexity and network accessibility.

Information Disclosure Memory Corruption Tar Rs
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32942 HIGH PATCH This Week

PJSIP versions 2.16 and earlier contain a heap use-after-free vulnerability in ICE session handling caused by race conditions between session destruction and callback execution, enabling memory corruption and potential code execution. This flaw affects all systems using vulnerable PJSIP versions for multimedia communication and currently has no available patch. With a CVSS score of 8.1, the vulnerability is remotely exploitable without authentication or user interaction.

Information Disclosure Use After Free Memory Corruption Pjsip
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-4458 HIGH PATCH This Week

Heap memory corruption in Google Chrome prior to version 146.0.7680.153 can be triggered through malicious browser extensions, affecting Chrome users on Google, Ubuntu, and Debian systems. An attacker must convince a user to install a compromised extension to exploit this use-after-free vulnerability and potentially achieve code execution. A patch is available.

Google Use After Free Memory Corruption Denial Of Service Ubuntu +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4457 HIGH PATCH This Week

Heap memory corruption in Google Chrome's V8 engine (versions prior to 146.0.7680.153) stems from type confusion vulnerabilities that can be triggered through malicious HTML pages without user privileges. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution or crash the browser. The vulnerability affects Chrome, Ubuntu, and Debian systems, with patches now available.

Google Memory Corruption Information Disclosure Ubuntu Debian +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4456 HIGH PATCH This Week

A use-after-free vulnerability in Google Chrome's Digital Credentials API prior to version 146.0.7680.153 enables attackers with a compromised renderer process to escape the sandbox and potentially achieve code execution through a specially crafted HTML page. The vulnerability affects Chrome on multiple platforms including Ubuntu and Debian systems, requiring user interaction to trigger but presenting high impact across confidentiality, integrity, and availability. A patch is available in Chrome 146.0.7680.153 and later versions.

Denial Of Service Google Memory Corruption Use After Free Ubuntu +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4454 HIGH PATCH This Week

Heap memory corruption in Google Chrome versions prior to 146.0.7680.153 can be triggered through a use-after-free vulnerability in the Network component when a user visits a malicious HTML page. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution with high integrity and confidentiality impact. A patch is available for Chrome, Ubuntu, and Debian users.

Google Use After Free Memory Corruption Denial Of Service Ubuntu +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4450 HIGH PATCH This Week

Heap corruption in Google Chrome's V8 engine prior to version 146.0.7680.153 can be triggered through out-of-bounds memory writes when a user visits a malicious webpage. An unauthenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with high integrity and confidentiality impact. A security patch is available for affected users on Chrome, Ubuntu, and Debian systems.

Google Memory Corruption Buffer Overflow Ubuntu Debian +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4449 HIGH PATCH This Week

Heap memory corruption in Google Chrome's Blink rendering engine prior to version 146.0.7680.153 can be triggered through a malicious HTML page, potentially enabling remote code execution. An unauthenticated attacker requires only user interaction to exploit this use-after-free vulnerability across network boundaries. A patch is available for affected Chrome, Ubuntu, and Debian users.

Google Use After Free Memory Corruption Denial Of Service Ubuntu +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4446 HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's WebRTC implementation (versions prior to 146.0.7680.153) enables remote attackers to achieve arbitrary code execution through malicious HTML pages, requiring only user interaction. The vulnerability affects Chrome, Ubuntu, and Debian systems with a CVSS score of 8.8, though a patch is available.

Google Use After Free Memory Corruption Denial Of Service Ubuntu +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4445 HIGH PATCH This Week

Heap memory corruption in Google Chrome's WebRTC implementation prior to version 146.0.7680.153 enables remote attackers to execute arbitrary code by tricking users into visiting malicious websites. The use-after-free vulnerability requires only user interaction and affects Chrome on multiple platforms including Ubuntu and Debian systems. A patch is available to address this high-severity flaw.

Google Use After Free Memory Corruption Denial Of Service Ubuntu +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4441 HIGH PATCH This Week

Heap corruption in Google Chrome versions before 146.0.7680.153 results from a use-after-free vulnerability in the Base component, enabling remote attackers to execute arbitrary code through malicious HTML pages. The attack requires user interaction but no authentication, affecting Chrome on multiple platforms including Linux distributions. A patch is available to remediate this critical-severity vulnerability.

Google Use After Free Memory Corruption Denial Of Service Ubuntu +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4440 HIGH PATCH This Week

This is a critical out-of-bounds read and write vulnerability in the WebGL implementation of Google Chrome prior to version 146.0.7680.153. The vulnerability allows a remote attacker to perform arbitrary memory read and write operations by crafting a malicious HTML page, potentially leading to information disclosure, code execution, or complete system compromise. The vulnerability affects multiple Debian releases and has been assigned ENISA EUVD ID EUVD-2026-13447; a vendor patch is available.

Google Buffer Overflow Memory Corruption Ubuntu Debian +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-4439 HIGH PATCH This Week

Out-of-bounds memory corruption in Google Chrome's WebGL implementation on Android prior to version 146.0.7680.153 enables remote attackers to escape the browser sandbox by delivering a malicious HTML page, requiring only user interaction. This critical vulnerability affects Chrome users on Android devices and could lead to complete system compromise if successfully exploited. A patch is available in Chrome 146.0.7680.153 and later versions.

Google Buffer Overflow Memory Corruption Ubuntu Debian +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3849 MEDIUM This Month

Stack buffer overflow in wolfSSL 5.8.4's ECH (Encrypted Client Hello) implementation allows remote attackers to crash TLS clients or achieve code execution by sending a maliciously crafted ECH configuration. The vulnerability affects clients that have explicitly enabled ECH support, which is disabled by default. An attacker controlling a TLS server can exploit this remotely without authentication or user interaction.

Buffer Overflow Memory Corruption Wolfssl
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free (UAF) vulnerability exists in the Linux kernel's BPF subsystem within the bpf_trampoline_link_cgroup_shim function, where a race condition allows a process to reference memory after it has been freed. An attacker with CAP_BPF or CAP_PERFMON capabilities can trigger this vulnerability to cause a kernel crash (denial of service). A proof-of-concept has been demonstrated by the reporter, showing the bug can be reliably reproduced; the vulnerability is not listed on the CISA KEV catalog but affects all Linux kernel versions until patched.

Linux Use After Free Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability exists in the Linux kernel's pm8001 SCSI driver where the pm8001_queue_command() function incorrectly returns -ENODEV after already freeing a SAS task, causing the upper-layer libsas driver to attempt a second free operation. This affects all Linux kernel versions with the vulnerable pm8001 driver code, and while not remotely exploitable by default, it can lead to kernel memory corruption and denial of service on systems using PM8001-compatible SCSI controllers. No CVSS score, EPSS data, or active KEV status is currently available, but multiple stable kernel patches have been released across multiple branches.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's libertas wireless driver (lbs_free_adapter()) allows local privileged users to corrupt memory when a timer callback races with adapter teardown. The flaw stems from using non-synchronous timer_delete() instead of timer_delete_sync() on command_timer and tx_lockup_timer, leaving callbacks free to dereference freed driver_lock, cur_cmd, and dev fields. EPSS is very low (0.02%, 7th percentile) and there is no public exploit identified at time of analysis, but the bug has existed since the driver's introduction and on stable trees through 6.18.x.

Linux Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Improper bounds checking in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) permits a local attacker to write out-of-bounds memory through a malicious application, potentially allowing modification of protected filesystem areas. The vulnerability requires user interaction to execute the malicious app and affects the file system's integrity rather than confidentiality. No patch is currently available for this out-of-bounds write condition.

Apple Buffer Overflow Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Apple's iOS, iPadOS, macOS, tvOS, and watchOS contain a use-after-free vulnerability that could allow a local attacker to corrupt kernel memory or cause unexpected system crashes. An installed application can trigger this memory corruption flaw through user interaction, potentially leading to denial of service or unauthorized kernel-level modifications. No patch is currently available for this vulnerability (CVSS 7.1).

Apple Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Memory corruption in Apple Safari, iOS, iPadOS, macOS, and visionOS allows remote attackers to crash affected processes by delivering maliciously crafted web content to users. The vulnerability requires user interaction to view the malicious content and does not enable code execution or information disclosure. A patch is currently unavailable for this issue.

Apple Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

macOS systems running Sequoia 15.7.4 or earlier, Sonoma 14.8.4 or earlier, and Tahoe 26.3 or earlier contain a use-after-free vulnerability in SMB share handling that could allow an attacker to crash the operating system by mounting a specially crafted network share. The vulnerability requires user interaction to mount the malicious share and results in denial of service rather than code execution or data compromise. No patch is currently available for this vulnerability.

Apple Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Type confusion in Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows local attackers to trigger unexpected application termination through memory corruption. The vulnerability affects multiple OS versions and currently lacks a publicly available patch. An attacker with local access can exploit this to cause denial of service by crashing targeted applications.

Apple Memory Corruption Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Apple's iOS, iPadOS, macOS, tvOS, visionOS, and watchOS contain a use-after-free vulnerability that could allow remote attackers to crash affected applications by processing maliciously crafted web content. The vulnerability stems from improper memory management and requires user interaction to exploit. No patch is currently available, leaving users vulnerable until official updates are released.

Apple Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial of service in Apple iOS, iPadOS, and macOS due to a use-after-free memory corruption vulnerability allows local attackers to trigger unexpected system termination. The flaw affects multiple Apple platforms including iOS 18.x, macOS Sequoia, Sonoma, and Tahoe versions. No patch is currently available.

Apple Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

This vulnerability is a memory handling flaw in Apple's operating systems (iOS, iPadOS, macOS, tvOS, visionOS, and watchOS) that allows a malicious application to trigger unexpected system termination or corrupt kernel memory. The vulnerability affects all versions prior to the version 26.4 releases across Apple's entire ecosystem. An attacker can exploit this by crafting a malicious app that triggers improper memory handling, potentially leading to denial of service or privilege escalation through kernel memory corruption.

Apple Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA SNAP-4 Container contains a use-of-out-of-range pointer offset vulnerability in the VIRTIO-BLK component that allows a malicious guest VM to trigger memory corruption and denial of service. The vulnerability affects NVIDIA SNAP-4 Container across all versions as indicated by the CPE string. A successful exploit results in denial of service to the DPA (Data Processing Appliance) and impacts storage availability to other VMs, though no code execution or information disclosure is possible. There is no evidence of active exploitation in the wild (KEV status indicates none), and the CVSS score of 6.8 reflects moderate severity with high availability impact but limited exploitability due to requiring adjacent network access and user privileges.

Denial Of Service Nvidia Memory Corruption
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated remote attackers can escape the Firefox sandbox through a use-after-free vulnerability in the Canvas2D graphics component, allowing arbitrary code execution on affected systems running Firefox versions prior to 149. The vulnerability requires no user interaction and impacts the entire system due to its critical severity and CVSS score of 10.0. No patch is currently available for this actively exploitable flaw.

Information Disclosure Memory Corruption Mozilla +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A use-after-free vulnerability in Firefox's Cocoa widget component allows remote code execution without user interaction or special privileges, affecting Firefox versions below 149 and ESR below 140.9. An attacker can exploit this memory corruption flaw over the network to achieve complete system compromise with high confidentiality, integrity, and availability impact. No patch is currently available.

Information Disclosure Memory Corruption Mozilla +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Firefox versions prior to 149 contain a use-after-free vulnerability in the JavaScript engine that allows unauthenticated remote attackers to achieve arbitrary code execution with no user interaction required. The vulnerability affects all Firefox users and can be exploited over the network to gain complete control over an affected system. No patch is currently available.

Information Disclosure Memory Corruption Mozilla +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A JIT (Just-In-Time) compilation miscompilation vulnerability exists in Firefox's JavaScript Engine that can lead to information disclosure. This affects Firefox versions below 149 and Firefox ESR versions below 140.9. An attacker can exploit this vulnerability through malicious JavaScript code to potentially disclose sensitive information from the browser's memory or process space.

Mozilla Memory Corruption Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Mozilla Firefox versions below 149 (and ESR versions below 140.9) contain a use-after-free vulnerability in the JavaScript Engine that enables unauthenticated remote attackers to achieve arbitrary code execution without user interaction. The memory corruption flaw allows complete compromise of affected systems through network-based attacks. No patch is currently available for this critical vulnerability.

Mozilla Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A JIT miscompilation vulnerability exists in Firefox's JavaScript engine that can lead to information disclosure. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw through malicious JavaScript to extract sensitive information from the browser's memory, potentially compromising user data and system security.

Mozilla Memory Corruption Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated remote attackers can achieve arbitrary code execution through a use-after-free memory corruption vulnerability in Firefox's text and font rendering engine, affecting Firefox versions below 149, ESR below 115.34, and ESR below 140.9. The vulnerability requires no user interaction or special privileges and allows complete compromise of confidentiality, integrity, and availability. No patch is currently available.

Information Disclosure Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Critical use-after-free in Mozilla Firefox's CSS parsing engine enables unauthenticated remote code execution with no user interaction required, affecting Firefox versions below 149, ESR 115.34, and ESR 140.9. An attacker can exploit this memory corruption vulnerability by crafting a malicious web page that triggers the vulnerability when rendered, achieving full system compromise. No patch is currently available.

Information Disclosure Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape in Mozilla Firefox's Disability Access APIs component due to a use-after-free memory vulnerability allows unauthenticated remote attackers to execute arbitrary code with full system compromise. Firefox versions below 149 and Firefox ESR below 140.9 are affected, with no patch currently available. The vulnerability is exploitable over the network without user interaction, presenting critical risk to all affected users.

Information Disclosure Memory Corruption Mozilla +2
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Local arbitrary code execution in 4mhz Base64 Decoder 1.1.2 occurs when the application processes a maliciously crafted input file, causing a stack-based buffer overflow that overwrites the Structured Exception Handler (SEH) chain. Publicly available exploit code exists (Exploit-DB 46625) demonstrating an SEH overwrite chained with a POP-POP-RET gadget and an egghunter payload to reach attacker-supplied shellcode. Despite CVSS 8.6 and a working PoC, EPSS is only 0.01% (2nd percentile), reflecting the niche Windows utility and local-only attack vector.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption through out-of-bounds writes in Android-ImageMagick7 prior to version 7.1.2-11 enables local attackers to achieve arbitrary code execution with user interaction. The vulnerability affects Google's implementation of ImageMagick and carries a CVSS score of 7.8, indicating high severity with complete confidentiality, integrity, and availability impact. A patch is available for affected users.

Buffer Overflow Google Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption through out-of-bounds write in Android-ImageMagick7 before version 7.1.2-10 enables remote code execution when a user processes a malicious image file. An attacker can exploit this vulnerability over the network without authentication to achieve complete system compromise including data theft, modification, and denial of service. A patch is available for affected Android devices running vulnerable versions of the ImageMagick library.

Google Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

WujekFoliarz DualSenseY-v2 versions prior to 54 contain an out-of-bounds write vulnerability that allows local attackers with user interaction to achieve arbitrary code execution with full system compromise. The CVSS 7.8 rating reflects the high impact on confidentiality, integrity, and availability through memory corruption exploitation. A patch is available for affected users to mitigate this local privilege escalation risk.

Buffer Overflow Memory Corruption Dualsensey V2
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A Use After Free (UAF) vulnerability exists in No-Chicken Echo-Mate prior to version V250329, allowing an attacker with high privileges to cause memory corruption that may lead to information disclosure, data integrity violations, or denial of service. The vulnerability is classified as CWE-416 and carries a CVSS score of 6.4; a security patch is available from the vendor via GitHub pull request.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A Use After Free vulnerability exists in the No-Chicken Echo-Mate SDK, specifically within the kernel memory management modules (rmap.C file), that can lead to denial of service and memory corruption. This vulnerability affects Echo-Mate versions prior to V250329 and has been reported by GovTech CSG. An attacker exploiting this flaw could trigger a crash or potentially achieve code execution through memory corruption, though the specific attack vector complexity remains dependent on the exposure of the affected kernel module.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Federated Credential Management (FedCM) prior to version 146.0.7680.165 enables unauthenticated attackers to execute arbitrary code within the browser sandbox through a malicious HTML page. This use-after-free vulnerability in memory management affects Chrome on all supported platforms and requires only user interaction to trigger. A patch is available in Chrome 146.0.7680.165 and later.

Google RCE Use After Free +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandboxed code execution in Google Chrome's WebGPU implementation (prior to 146.0.7680.165) stems from a use-after-free memory vulnerability that can be triggered via malicious HTML pages. An unauthenticated remote attacker can exploit this to execute arbitrary code within the Chrome sandbox without user interaction beyond viewing a crafted webpage. A patch is available for affected users.

Google RCE Use After Free +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to version 146.0.7680.165 via a use-after-free vulnerability in the Dawn graphics component enables remote attackers to execute arbitrary code when users visit malicious HTML pages. The vulnerability affects multiple platforms including Debian systems and requires only user interaction to trigger, bypassing Chrome's sandbox isolation. A patch is available to remediate this high-severity memory corruption flaw.

Debian Google Use After Free +5
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

XnSoft NConvert version 7.230 contains a Use-After-Free vulnerability triggered by processing specially crafted TIFF files, which can lead to information disclosure and potential code execution. The vulnerability affects NConvert image conversion software and has been publicly documented with proof-of-concept code available on GitHub. An attacker can exploit this by providing a malicious TIFF file to an NConvert user or service, potentially causing a crash or unauthorized memory access.

Information Disclosure Memory Corruption Use After Free
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC This Week

TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string.

Memory Corruption Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Zoc Terminal
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rarmaradio
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Transmac
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Encrypt Pdf
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netaware
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 9.6
CRITICAL Act Now

GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.

Buffer Overflow Memory Corruption Graphics Ddk
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

libfuse versions 3.18.0 through 3.18.1 contain a use-after-free vulnerability in the io_uring subsystem that allows local attackers to crash FUSE filesystem processes or execute arbitrary code when thread creation fails under resource constraints. The flaw occurs when io_uring initialization fails (e.g., due to cgroup limits), leaving a dangling pointer in session state that is dereferenced during shutdown. Public exploit code exists for this vulnerability, and no patch is currently available.

Memory Corruption RCE Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Heap-based buffer overflow in GPAC MP4Box's XML parsing function allows local attackers to corrupt memory and potentially crash the application or achieve code execution by crafting malicious NHML files with specially formatted BitSequence elements. The vulnerability affects systems processing untrusted multimedia files and remains unpatched as of this advisory. Exploitation requires user interaction to open a malicious file.

Memory Corruption Buffer Overflow Gpac
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Qwik, a performance-focused JavaScript framework, contains an array prototype pollution vulnerability in its FormData parsing logic that affects versions prior to 1.19.2. Attackers can submit specially crafted form field names using mixed array-index and object-property keys (e.g., items.0 alongside items.toString or items.length) to inject malicious properties into objects the application expects to be arrays, leading to denial of service through malformed array states, oversized lengths, or request handling failures. The vulnerability has a CVSS score of 7.5 (High severity) with network-based exploitation requiring no authentication or user interaction, and a patch is available in version 1.19.2.

Memory Corruption Denial Of Service Qwik
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free race condition exists in the Linux kernel's macvlan driver within the macvlan_common_newlink() error handling path. When a macvlan device creation fails after the network device becomes visible to the RCU (Read-Copy-Update) subsystem, the caller's subsequent free_netdev(dev) can race with ongoing packet forwarding operations, causing kernel memory corruption and potential information disclosure. This vulnerability affects Linux kernel versions 5.10 through 6.19 and later, and while no public exploit exists, the issue is reproducible via crafted netlink commands that trigger concurrent device creation and packet transmission.

Linux Information Disclosure Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The tar-rs Rust library versions 0.4.44 and below contain a logic flaw where PAX (POSIX.1-2001) size headers are conditionally skipped when the base tar header size is nonzero, causing the library to parse tar archives differently than other standard tar implementations like Go's archive/tar. This discrepancy allows an attacker to craft malicious tar archives that appear different when unpacked by tar-rs versus other parsers, potentially leading to information disclosure or file confusion attacks. The vulnerability affects any application using tar-rs to parse untrusted archives and expecting consistent behavior with other tar parsers, with a moderate CVSS score of 5.1 indicating low attack complexity and network accessibility.

Information Disclosure Memory Corruption Tar Rs
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

PJSIP versions 2.16 and earlier contain a heap use-after-free vulnerability in ICE session handling caused by race conditions between session destruction and callback execution, enabling memory corruption and potential code execution. This flaw affects all systems using vulnerable PJSIP versions for multimedia communication and currently has no available patch. With a CVSS score of 8.1, the vulnerability is remotely exploitable without authentication or user interaction.

Information Disclosure Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap memory corruption in Google Chrome prior to version 146.0.7680.153 can be triggered through malicious browser extensions, affecting Chrome users on Google, Ubuntu, and Debian systems. An attacker must convince a user to install a compromised extension to exploit this use-after-free vulnerability and potentially achieve code execution. A patch is available.

Google Use After Free Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap memory corruption in Google Chrome's V8 engine (versions prior to 146.0.7680.153) stems from type confusion vulnerabilities that can be triggered through malicious HTML pages without user privileges. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution or crash the browser. The vulnerability affects Chrome, Ubuntu, and Debian systems, with patches now available.

Google Memory Corruption Information Disclosure +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A use-after-free vulnerability in Google Chrome's Digital Credentials API prior to version 146.0.7680.153 enables attackers with a compromised renderer process to escape the sandbox and potentially achieve code execution through a specially crafted HTML page. The vulnerability affects Chrome on multiple platforms including Ubuntu and Debian systems, requiring user interaction to trigger but presenting high impact across confidentiality, integrity, and availability. A patch is available in Chrome 146.0.7680.153 and later versions.

Denial Of Service Google Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap memory corruption in Google Chrome versions prior to 146.0.7680.153 can be triggered through a use-after-free vulnerability in the Network component when a user visits a malicious HTML page. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution with high integrity and confidentiality impact. A patch is available for Chrome, Ubuntu, and Debian users.

Google Use After Free Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's V8 engine prior to version 146.0.7680.153 can be triggered through out-of-bounds memory writes when a user visits a malicious webpage. An unauthenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with high integrity and confidentiality impact. A security patch is available for affected users on Chrome, Ubuntu, and Debian systems.

Google Memory Corruption Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap memory corruption in Google Chrome's Blink rendering engine prior to version 146.0.7680.153 can be triggered through a malicious HTML page, potentially enabling remote code execution. An unauthenticated attacker requires only user interaction to exploit this use-after-free vulnerability across network boundaries. A patch is available for affected Chrome, Ubuntu, and Debian users.

Google Use After Free Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's WebRTC implementation (versions prior to 146.0.7680.153) enables remote attackers to achieve arbitrary code execution through malicious HTML pages, requiring only user interaction. The vulnerability affects Chrome, Ubuntu, and Debian systems with a CVSS score of 8.8, though a patch is available.

Google Use After Free Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap memory corruption in Google Chrome's WebRTC implementation prior to version 146.0.7680.153 enables remote attackers to execute arbitrary code by tricking users into visiting malicious websites. The use-after-free vulnerability requires only user interaction and affects Chrome on multiple platforms including Ubuntu and Debian systems. A patch is available to address this high-severity flaw.

Google Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome versions before 146.0.7680.153 results from a use-after-free vulnerability in the Base component, enabling remote attackers to execute arbitrary code through malicious HTML pages. The attack requires user interaction but no authentication, affecting Chrome on multiple platforms including Linux distributions. A patch is available to remediate this critical-severity vulnerability.

Google Use After Free Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

This is a critical out-of-bounds read and write vulnerability in the WebGL implementation of Google Chrome prior to version 146.0.7680.153. The vulnerability allows a remote attacker to perform arbitrary memory read and write operations by crafting a malicious HTML page, potentially leading to information disclosure, code execution, or complete system compromise. The vulnerability affects multiple Debian releases and has been assigned ENISA EUVD ID EUVD-2026-13447; a vendor patch is available.

Google Buffer Overflow Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory corruption in Google Chrome's WebGL implementation on Android prior to version 146.0.7680.153 enables remote attackers to escape the browser sandbox by delivering a malicious HTML page, requiring only user interaction. This critical vulnerability affects Chrome users on Android devices and could lead to complete system compromise if successfully exploited. A patch is available in Chrome 146.0.7680.153 and later versions.

Google Buffer Overflow Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Stack buffer overflow in wolfSSL 5.8.4's ECH (Encrypted Client Hello) implementation allows remote attackers to crash TLS clients or achieve code execution by sending a maliciously crafted ECH configuration. The vulnerability affects clients that have explicitly enabled ECH support, which is disabled by default. An attacker controlling a TLS server can exploit this remotely without authentication or user interaction.

Buffer Overflow Memory Corruption Wolfssl
NVD GitHub VulDB
Prev Page 20 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy