Skip to main content

Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (36137)

EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in WebKit across Apple's ecosystem enables confidentiality breach via malicious web content without user interaction. Affects iOS/iPadOS versions prior to 18.7.9 and 26.5, macOS Tahoe prior to 26.5, and all Apple operating systems (tvOS, visionOS, watchOS) prior to 26.5. Despite CVSS 7.5 (High), the EPSS score of 0.03% (10th percentile) indicates minimal real-world exploitation likelihood at time of analysis. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified. Apple has released patches across all affected platforms.

Apple Buffer Overflow Ios And Ipados +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Apple WebKit's web content processing engine allows remote attackers to read sensitive memory contents via maliciously crafted web pages. This buffer overflow vulnerability (CWE-119) affects all major Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS prior to their respective patched versions. The CVSS vector AV:N/AC:L/PR:N/UI:N indicates trivial network-based exploitation requiring no authentication or user interaction, though the impact is limited to confidentiality (C:H/I:N/A:N) rather than the process crash described by Apple. EPSS score of 0.03% (10th percentile) suggests low observed exploitation probability despite the ease of exploitation. No CISA KEV listing or public POC identified at time of analysis. Apple has released patches across all affected platforms.

Apple Buffer Overflow Ios And Ipados +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory corruption in Apple's WebKit web content processing engine causes an unexpected process crash (denial-of-service) across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS when a victim processes attacker-controlled web content. The CVSS vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H confirms network-reachable, unauthenticated exploitation limited to availability impact within the affected process - no code execution or data exfiltration is indicated. No public exploit code has been identified at time of analysis, and EPSS scoring at 0.03% (10th percentile) combined with SSVC Exploitation status of 'none' signal low current exploitation pressure.

Apple Buffer Overflow Ios And Ipados +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in Apple operating systems allows remote attackers to trigger application denial of service without authentication. Affects iOS/iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS across multiple versions. Vendor-released patches available for all affected platforms. No public exploit identified at time of analysis, with EPSS score of 0.12% (30th percentile) indicating low probability of widespread exploitation attempts. CVSS 7.5 reflects network-accessible unauthenticated attack causing high availability impact but limited to app termination rather than system-wide denial of service.

Stack Overflow Apple Buffer Overflow
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Out-of-bounds write in Apple operating systems allows local network attackers to cause denial-of-service via improved bounds checking bypass. Affects iOS/iPadOS (18.7.9+, 26.5+), macOS Sequoia (15.7.7+), Sonoma (14.8.7+), Tahoe (26.5+), tvOS (26.5+), visionOS (26.5+), and watchOS (26.5+). EPSS score of 0.02% indicates very low real-world exploitation probability despite local attack vector.

Apple Memory Corruption Buffer Overflow
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Web content processing across all major Apple platforms is vulnerable to a memory mismanagement flaw (CWE-119) that causes an unexpected process crash when a user visits or renders attacker-controlled web content. Affected platforms include iOS/iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS - all versions prior to the 26.5 release line. The impact is limited to availability (A:H), with no confidentiality or integrity exposure per the CVSS vector, and no active exploitation is confirmed - EPSS sits at 0.02% (5th percentile) and SSVC rates exploitation as none, making this a moderate-priority patch rather than an emergency response item.

Apple Buffer Overflow Ios And Ipados +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory-corruption crash in Apple's WebKit web-content engine lets a malicious website terminate the content-rendering process across iOS/iPadOS, macOS, tvOS, visionOS and watchOS prior to the 26.5 (and 18.7.9) releases. The flaw is triggered simply by viewing attacker-controlled web content, requiring no authentication but one user action (opening a page). There is no public exploit identified at time of analysis and SSVC rates exploitation as none, though the assigned CVSS 8.8 reflects worst-case memory-corruption potential rather than the crash-only behavior Apple documents.

Apple Buffer Overflow Ios And Ipados +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Apple Buffer Overflow Ios And Ipados +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.

Apple Information Disclosure Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process memory.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.

Apple Buffer Overflow
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Stack buffer overflow in ImageMagick display tool prior to versions 7.1.2-21 and 6.9.13-46 allows local attackers to cause denial of service by crafting a malicious MIFF file that triggers memory corruption when a user opens the file and invokes the Load/Update menu via right-click interaction. CVSS score of 5.5 reflects local attack vector and requirement for user interaction, with impact limited to availability (denial of service) rather than code execution.

Stack Overflow Buffer Overflow Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution and denial of service in Neat VNC library version <0.9.6 allows unauthenticated network attackers to overflow a 1024-byte stack buffer during RSA-AES security handshake. An attacker sends a crafted VNC security type 5 or 129 message with an oversized client RSA public key, triggering a stack buffer overflow in rsa_aes_send_challenge() when the server encrypts its challenge response. CVSS 8.1 (High) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the vulnerability is trivial to trigger based on the patch diff showing a simple size validation check addition.

Denial Of Service Buffer Overflow Neatvnc
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Buffer overflow in jq 1.8.1 and earlier allows local attackers to cause denial of service by providing a crafted JSON number literal with INT_MAX-1 (2147483646) digits, triggering integer overflow in the D2U() macro that bypasses heap-allocation checks and writes approximately 1.4 GiB of attacker-controlled data to the stack, corrupting memory far below the stack frame.

Integer Overflow Buffer Overflow Jq
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Integer overflow in jq's bytecode VM data stack allocation tracking allows local attackers to corrupt heap memory and achieve arbitrary code execution or denial of service by crafting deeply nested JSON generator expressions that exceed ~1 GiB stack size. Affected versions: jq 1.8.1 and earlier. The vulnerability requires local file access and user interaction to trigger malicious jq expressions, but carries high impact potential due to memory corruption exploitability.

Integer Overflow Buffer Overflow Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Remote denial-of-service and limited information disclosure in dnsmasq's extract_addresses() function allows attackers controlling or able to inject DNS responses to crash the daemon by sending a malformed DNS record whose declared rdlen pushes extract_name() past the record boundary, triggering a heap out-of-bounds read. The flaw affects dnsmasq 2.93 and downstream packages from Red Hat, SUSE, Ubuntu, and Pi-hole FTL. No public exploit identified at time of analysis, EPSS exploitation probability is 0.03% (9th percentile), and CISA SSVC rates exploitation as 'none' with only partial technical impact.

Buffer Overflow Dnsmasq Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Heap-based buffer overflow in dnsmasq's DHCPv6 implementation enables local attackers to execute arbitrary code with root privileges. Affects dnsmasq 2.93 (and potentially earlier 2.92 branch based on NixOS patching activity). CERT/CC issued VU#471747, and upstream published CVE-specific advisory at thekelleys.org.uk/dnsmasq/CVE/. NixOS patch activity (PR #519082, #519093) indicates real-world remediation effort. No CISA KEV listing or public POC identified at time of analysis, suggesting limited active exploitation despite high CVSS 8.4 score.

RCE Buffer Overflow Heap Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap-based out-of-bounds read in dnsmasq DNSSEC validation allows remote unauthenticated attackers to trigger a denial of service by sending a crafted DNS packet. The vulnerability affects dnsmasq 2.93 and potentially earlier versions; CVSS 5.3 with network-based access vector indicates moderate severity. No public exploit code or active exploitation confirmed at time of analysis.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Heap buffer overflow in dnsmasq's extract_name() function allows remote attackers to write out-of-bounds on the heap, enabling DNS cache poisoning that redirects lookups to attacker-controlled IP addresses or causes denial of service. The flaw stems from a bigname namebuffer sized for wire-form domain names (MAXDNAME) instead of the larger escaped internal representation (MAXDNAME*2 + 1). EPSS is low (0.03%, 9th percentile) with no public exploit identified at time of analysis, but multiple major distributions (Red Hat, SUSE, Ubuntu) have shipped patches reflecting widespread downstream exposure.

Buffer Overflow Dnsmasq
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH Act Now

Buffer overflow in Linux kernel rxrpc subsystem allows local authenticated attackers to achieve arbitrary code execution with kernel privileges. The vulnerability stems from improper handling of shared fragment memory in DATA and RESPONSE packet processing, where the kernel fails to unshare externally-owned page fragments before in-place decryption operations. This creates a buffer overflow condition (CWE-787) exploitable by local users with low privileges. Patches are available for kernel versions 6.18.29, 7.0.6, and 7.1-rc3. EPSS and KEV status not provided in available data.

Memory Corruption Buffer Overflow Linux
NVD VulDB GitHub Exploit-DB
EPSS 0% CVSS 2.0
LOW POC Monitor

Heap-based buffer overflow in Squirrel up to version 3.2 within the SQFunctionProto::Load function allows local attackers to cause memory corruption with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists for this vulnerability, and the vulnerability exhibits low CVSS score (2.0) due to local-only attack vector and minimal scope, though the disclosure and POC availability increase practical risk for embedded and scripting environments using Squirrel.

Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in D-Link DCS-935L camera firmware versions up to 1.10.01 allows authenticated remote attackers to achieve complete system compromise via crafted AdminPassword parameter to the HNAP service. Public exploit code exists on GitHub (0xcc12138/DCS-935L-HNAP-Service-CVE), demonstrating weaponization of this vulnerability. CVSS 4.0 score of 7.4 with CVSS:4.0/E:P confirms proof-of-concept exploitation. While authentication is required (PR:L), the low attack complexity (AC:L) and network attack vector (AV:N) combined with publicly available exploit code make this a practical remote exploitation risk for devices exposed to untrusted networks or compromised accounts.

D-Link Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Stack-based buffer overflow in Squirrel up to version 3.2 within the validate_format function of sqstdlib/sqstdstring.cpp allows local authenticated attackers to corrupt stack memory, potentially achieving code execution or denial of service. Public exploit code is available, and the vulnerability has been reported to the project with no vendor response documented at time of analysis.

Stack Overflow Buffer Overflow Squirrel
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds heap read in XML::LibXML for Perl (all versions through 2.0210) allows remote attackers to trigger denial-of-service crashes by supplying XML node names with truncated UTF-8 sequences. The parser fails to validate multi-byte UTF-8 boundaries in node names, reading past allocated memory into adjacent heap regions. No public exploit identified at time of analysis, with EPSS score of 0.01% indicating very low observed exploitation probability. Vendor-released patch available via upstream commit 15652bd9.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in ipTIME A8004T router firmware 14.18.2 enables authenticated remote attackers to achieve complete system compromise via malformed WiFi configuration requests. The vulnerability exists in the formWifiBasicSet function's handling of the security_5g parameter. Public exploit code (GitHub POC) increases exploitation risk, though EPSS data and active exploitation status are not available. Vendor (EFM Networks) has not responded to disclosure or released a patch.

Stack Overflow Buffer Overflow Iptime A8004T
NVD VulDB GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Out-of-bounds read in PHP's mbstring extension allows remote attackers to trigger information disclosure or denial of service via specially crafted encoding names containing NUL bytes passed to mb_convert_encoding() and related functions. Affected versions: PHP 8.4.0-8.4.20 and 8.5.0-8.5.5. The vulnerability stems from unsafe string length comparison logic that misinterprets strncasecmp() return values when NUL bytes are present, potentially exposing global memory contents or crashing the application. No public exploit code identified at time of analysis.

PHP Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in OSGeo GDAL's Grid File Handler (GDSDfldsrch function in frmts/hdf4/hdf-eos/GDapi.c) affects versions up to 3.13.0dev-4, allowing authenticated local attackers to cause memory corruption through malformed HDF4 grid files. The vulnerability results from unsafe string manipulation that fails to validate metadata field list format before performing memory operations. Publicly available exploit code exists; vendor-released patch available in version 3.13.0RC1.

Buffer Overflow Gdal
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticated attackers to cause memory corruption through manipulation of malformed HDF4 files. The vulnerability stems from unsafe string manipulation that fails to validate metadata field list format before stripping quotes, enabling out-of-bounds writes. Affects GDAL up to version 3.13.0dev-4; patch available in version 3.13.0RC1. Publicly available exploit code exists.

Heap Overflow Buffer Overflow Gdal
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Out-of-bounds read in Open5GS up to version 2.7.7 allows remote attackers to trigger information disclosure via manipulation of the ogs_sbi_client_send_via_scp_or_sepp function in lib/sbi/client.c during Service-Based Interface (SBI) communication. The vulnerability exploits improper bounds checking when extracting paths from URIs, affecting the Network Function (NF) component. CVSS 6.9 (network-accessible, low complexity, no privileges required) with availability impact. Upstream patch commit d5bc487fcf9ea87d2b03f2ef95123af344773bfb available.

Information Disclosure Buffer Overflow Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Stack overflow in PgBouncer before 1.25.2 enables malicious PostgreSQL backend servers to trigger remote code execution via SCRAM authentication nonce manipulation. The flaw stems from incorrect strlcat() return value checking during SCRAM client-final-message construction. Remote unauthenticated exploitation is possible (CVSS 8.1, AV:N/PR:N) but requires high attack complexity - specifically, the attacker must control or compromise the backend PostgreSQL server PgBouncer connects to. No public exploit identified at time of analysis; EPSS and KEV data not available in this assessment.

Stack Overflow Buffer Overflow Pgbouncer
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Integer overflow in Rust crate smallbitvec allows heap buffer overflow through safe API calls when capacity values approach usize::MAX. The vulnerability affects versions 1.0.1 through 2.6.0 and enables memory corruption without requiring unsafe code blocks, violating Rust's memory safety guarantees. Publicly available exploit code exists with working proof-of-concept demonstrating ASAN-detectable heap corruption. CVSS 7.3 reflects local attack vector, but the vulnerability is notable because it breaks Rust's core safety model by achieving undefined behavior through safe APIs alone.

Heap Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM POC PATCH This Month

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

Heap Overflow Buffer Overflow Vim
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchecked() with an invalid index, resulting in Undefined Behavior. This issue has been patched in version 1.0.1.

Integer Overflow Buffer Overflow Grid
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stack out-of-bounds read in the Linux kernel's netfilter nft_set_pipapo subsystem allows local low-privileged attackers to read 4 bytes past the end of a stack-allocated rulemap array via pipapo_drop(). The flaw was confirmed by KASAN and affects kernels from 5.6 onward until the fixed stable releases. No public exploit identified at time of analysis, and EPSS is very low (0.02%, 7th percentile), but the CVSS 7.1 score reflects the potential for kernel memory disclosure and availability impact.

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's netfilter nfnetlink_cthelper subsystem allows a local attacker with CAP_NET_ADMIN to trigger an 8-byte OOB read in nfnl_cthelper_dump_table() by racing helper deletion against a netlink dump operation. The flaw stems from a misplaced 'goto restart' that bypasses the for-loop bounds check when cb->args[0] equals nf_ct_helper_hsize, as detected by KASAN. EPSS is 0.02% and no public exploit identified at time of analysis, though a detailed reproducer call trace exists in the commit message.

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's NVMe PCI driver (nvme_dbbuf_set) allows a local attacker to trigger a slab-out-of-bounds memory access during NVMe controller reset, potentially leading to denial of service or information disclosure. The flaw stems from an incorrect loop bound that iterates past dev->online_queues, reading from kmalloc-2k slab memory belonging to adjacent allocations. No public exploit identified at time of analysis, and the EPSS score of 0.02% reflects a low probability of opportunistic exploitation.

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's USB CDC-WDM (Communication Device Class - Wireless Device Management) driver allows a local low-privileged attacker to disclose uninitialized kernel memory and potentially crash the host through a memory-ordering race between desc->length updates and a memmove() in the read path. The flaw stems from compiler reordering or CPU out-of-order execution that can cause wdm_read() to observe an updated length before the corresponding data is fully copied, leading copy_to_user() to operate on uninitialized memory. EPSS is very low (0.02%, 7th percentile), there is no public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Integer overflow in Linux kernel's libceph authentication handler enables remote memory corruption and potential system crash against unpatched systems. A malicious Ceph monitor can send a specially crafted CEPH_MSG_AUTH_REPLY message with payload_len exceeding INT_MAX, causing ceph_handle_auth_reply() to underflow a pointer and trigger out-of-bounds memory access. This allows remote unauthenticated attackers to potentially read sensitive kernel memory (high confidentiality impact) or crash the kernel (high availability impact) on systems using Ceph storage. CVSS 9.1 (Critical) reflects network attack vector with no authentication or user interaction required. EPSS score of 0.02% (7th percentile) suggests low observed exploitation likelihood. Vendor patches available for all affected kernel series (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0), but no active exploitation confirmed via CISA KEV.

Buffer Overflow Debian Linux +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Out-of-bounds memory reads in Linux kernel's libceph messaging layer allow remote unauthenticated attackers to disclose kernel memory or trigger denial-of-service via malformed Ceph protocol frames. The vulnerability exists in process_message_header() when message frames are corrupted to make the control segment length smaller than the message header size, bypassing length validation. Vendor patches available for stable kernel versions 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, and mainline 7.0. EPSS score of 0.02% and no KEV listing suggest limited real-world exploitation observed despite network-accessible attack vector and unauthenticated access. Critical CVSS score of 9.1 reflects worst-case impact (high confidentiality and availability risk) if Ceph storage networking is exposed.

Buffer Overflow Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in the Linux kernel's staging rtl8723bs WiFi driver allows a local low-privileged attacker to crash the system via improper length validation in the rtw_get_ie_ex() information element parser. The flaw mirrors a previously patched issue in the sibling rtw_get_ie() parser (commit 154828bf9559) - the fix was not consistently applied to rtw_get_ie_ex(). With a CVSS score of 5.5, local access requirement, and EPSS of 0.02% (7th percentile), this is a low-urgency availability issue with no public exploit and no KEV listing. Patches have been released across all major active stable kernel branches.

Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's rtl8723bs staging Wi-Fi driver allows a local authenticated attacker to read memory beyond the WMM IE buffer and potentially crash the kernel. The flaw resides in rtw_restruct_wmm_ie(), which accesses in_ie[i+5] before validating that the index is within in_len. EPSS is 0.02% (7th percentile) and no public exploit identified at time of analysis, but a vendor-released patch is available across multiple stable branches.

Information Disclosure Buffer Overflow Linux
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack buffer overflow in the Linux kernel's pmbus/q54sj108a2 hwmon driver allows local privileged users to corrupt kernel stack memory by reading from a specific debugfs entry. The flaw stems from a misuse of bin2hex() that writes 64 bytes of hex-encoded output into a 34-byte stack buffer, overflowing it by 30 bytes; no public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.03% (9th percentile).

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow in Linux kernel's i915 graphics driver corrupts memory mapping for DRM/GEM shmem objects larger than 4GB, causing kernel warnings, potential crashes, and incorrect memory access when Intel graphics hardware processes large buffer objects. The vulnerability manifests when scatterlist length fields overflow during folio page allocation, leading to premature termination of backing page iteration. Patch available across multiple stable kernel branches (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0) per upstream commits. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.

Intel Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

In-place encryption in the Linux kernel's SMB client corrupts write payloads during retry attempts, potentially causing data integrity loss and denial of service when SMB connections experience transient failures. The flaw affects SMB3 encrypted writes where the encryption process modifies the original buffer in place; on replayable errors (like network interruptions), retries re-send already-encrypted data as if it were plaintext, resulting in double-encryption and corrupted writes. This particularly impacts special file operations (SFU mknod, MF symlinks) and sync writes on pre-6.10 kernels. Patches are available across multiple stable kernel branches (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). EPSS score is very low (0.01%), indicating minimal observed exploitation likelihood, and no active exploitation or public POC is documented.

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Filesystem denial-of-service in the Linux kernel's btrfs subsystem allows a local low-privileged user to force a mounted btrfs filesystem into read-only mode by repeatedly snapshotting a received subvolume until the BTRFS_UUID_KEY_RECEIVED_SUBVOL B-tree leaf overflows its maximum item size, triggering a transaction abort in create_pending_snapshot(). Critically, the operations involved - snapshot, send, receive, and set_received_subvol - require only inode_owner_or_capable() rather than CAP_SYS_ADMIN, meaning unprivileged users owning subvolumes can mount this attack. No public exploit identified at time of analysis beyond the detailed reproducer script embedded in the advisory itself; EPSS at 0.02% (7th percentile) reflects low widespread automated exploitation probability, though multi-tenant environments face elevated practical risk.

Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via transaction abort in Linux kernel btrfs subsystem when a non-privileged subvolume owner repeatedly calls the set received ioctl with identical UUID values, causing filesystem to transition to read-only mode. The vulnerability exploits insufficient pre-flight validation that allows metadata updates to commence before detecting item overflow conditions, requiring only local access and subvolume ownership rather than root privileges. EPSS score of 0.02% indicates low exploitation probability despite CVSS 5.5 severity, suggesting practical exploitation barriers despite low privilege requirements.

Integer Overflow Buffer Overflow Linux +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in the Linux kernel's CAAM crypto driver allows local authenticated attackers to corrupt memory and potentially execute arbitrary code with elevated privileges. The vulnerability occurs when HMAC keys exceeding the algorithm's block size are processed - the driver allocates DMA-aligned memory but uses kmemdup() to copy only the actual key length, then reads beyond the source buffer boundary during hashing. EPSS score of 0.02% (5th percentile) indicates low predicted exploitation likelihood. Patches are available across multiple stable kernel branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0) via upstream commits, with fixes applied since kernel 6.3 introduced the vulnerable code.

Buffer Overflow Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Local denial of service in Linux kernel scheduler (6.12.78-6.19.12) allows low-privileged users to trigger system-wide instability via stress-ng-yield workloads. The flaw stems from incomplete vruntime tracking in commit b3d99f43c72b, where yield()-heavy tasks can leapfrog past tick updates and cause overflow conditions. EPSS exploitation probability is negligible (0.02%, 5th percentile), and vendor patches are available across all affected stable branches. No active exploitation or public POC identified at time of analysis.

Buffer Overflow Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer overflow in CROSS crypto_sign_open() function allows remote attackers to corrupt memory via malformed signature input due to integer underflow in message length validation. The vulnerability affects the reference implementation prior to commit fc6b7e7, enabling potential code execution or denial of service when processing untrusted signatures. The flaw exists in the core cryptographic signing operation with no authentication required, making it exploitable in any system integrating this algorithm for signature verification.

Stack Overflow Buffer Overflow Cross Implementation
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/28. ck_archive() doesn't check for Windows absolute paths in ZIPs (Alan Coopersmith <alan.coopersmith@...cle.com>) Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstored keeps quota related use counts across domain destruction (Xen.org security team <security@....org>) Xen Security Advisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command (Xen.org security team <security@....org>) Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file (Xen.org security team <security@....org>) Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table

Microsoft Buffer Overflow Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/28. dvisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command (Xen.org security team <security@....org>) Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file (Xen.org security team <security@....org>) Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table v2 race in status page mapping (Xen.org security team <security@....org>) Xen Security Advisory 487 v2 (CVE-2026-31787) - Linux kernel double free in Xen privcmd driver (Xen.org security team <security@....org>) Coordinated Disclosure in the LLM Age (Jeremy Stanley <fungi@...goth.org

Buffer Overflow Linux Race Condition +1
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Connection reuse logic in curl ignores TLS requirements, causing sensitive data to be transmitted in cleartext over channels that should be TLS-encrypted. When curl's connection pool reuses an existing non-encrypted connection to fulfill a subsequent HTTPS request, credentials, tokens, or request payloads may traverse the network without encryption. Affects curl versions 7.20.0 through 8.19.0 (cpe:2.3:a:haxx:curl); no public exploit is identified at time of analysis, SSVC confirms exploitation: none, and EPSS stands at 0.01% (2nd percentile).

Buffer Overflow Curl
NVD VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

Stack-based buffer overflow in Tenda CX12L router firmware 16.03.53.12 allows authenticated remote attackers to achieve full system compromise via the PPTP server configuration interface. The vulnerability resides in the formSetPPTPServer function within /goform/SetPptpServerCfg and is exploitable over the network with low attack complexity. A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to exploitation, though CISA has not yet added this to the KEV catalog indicating no confirmed widespread active exploitation at this time.

Stack Overflow Buffer Overflow Tenda
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in Totolink X5000R 9.1.0u.6369_B20230113 router firmware allows authenticated remote attackers to execute arbitrary code or cause denial of service via crafted submit-url parameter to /boafrm/formDdns endpoint. Public exploit code exists (GitHub). CVSS 7.4 indicates high severity but requires authenticated access (PR:L), limiting immediate risk to environments where router credentials are compromised. EPSS data not available; prioritize if router exposed to internet or untrusted networks.

Buffer Overflow X5000R
NVD VulDB GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

Out-of-bounds read in ASUS System Control Interface IOCTL handler allows local authenticated users to trigger denial of service via oversized read operations. A local user with limited privileges can supply a read size exceeding the allocated buffer, causing a system crash (BSOD). No public exploit code or active exploitation has been confirmed at this time.

Information Disclosure Buffer Overflow Asus System Control Interface
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Stack buffer overflow in kosma minmea 0.3.0 allows remote unauthenticated attackers to cause denial of service through crafted NMEA field data. The minmea_scan function's format specifier copies data to caller-provided buffers without size validation, enabling memory corruption when processing untrusted NMEA GPS sentences. CVSS 7.5 (High) with network attack vector and low complexity, though impact is currently limited to availability (DoS). Public exploit demonstration exists via GitHub Gist reference. EPSS data not available, not listed in CISA KEV at time of analysis.

Stack Overflow Buffer Overflow
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM This Month

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service RCE +1
NVD VulDB
EPSS 2% CVSS 7.8
HIGH This Week

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service RCE +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Stack-based buffer overflow in nanoMODBUS v1.22.0 and earlier allows malicious Modbus TCP servers to execute arbitrary code on clients via oversized responses. When client applications call nmbs_read_holding_registers() or nmbs_read_input_registers(), the library fails to validate byte_count before writing server data to the caller's buffer, enabling up to 248 bytes of controlled overflow. No active exploitation confirmed (not in CISA KEV), but proof-of-concept code is publicly available and the vulnerability is automatable (SSVC) with network attack vector (CVSS AV:N/AC:L/PR:N). EPSS data not provided, but the combination of public POC, low complexity, and RCE potential warrants immediate attention for systems using nanoMODBUS as a client.

Stack Overflow RCE Buffer Overflow
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Heap buffer overflow in rust-openssl's AES key-wrap-with-padding cipher functions allows attackers to write up to 7 bytes past allocated buffer boundaries when processing non-multiple-of-8 plaintext inputs, enabling attacker-controlled heap corruption. Affected versions 0.10.0 through 0.10.78 are vulnerable when CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, or symm::Crypter::update are used with EVP_aes_128/192/256_wrap_pad ciphers.

Heap Overflow OpenSSL Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The Go toolchain's 'go tool pack' subcommand fails to sanitize output filenames when extracting archive files, allowing local attackers with user privileges and user interaction to write files to arbitrary filesystem locations. Affected versions include Go 1.26.0 through 1.26.2 and all versions before 1.25.10. This vulnerability requires local access and user interaction to trigger, with a vendor-released patch available.

Buffer Overflow Memory Corruption Cmd Go
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 affects the GDfieldinfo function in HDF-EOS module when processing malformed HDF4 files. A locally authenticated attacker can trigger memory disclosure by crafting a specially formatted HDF4 file. Publicly available exploit code exists. The vulnerability is fixed in GDAL 3.13.0RC1 and later.

Information Disclosure Buffer Overflow Gdal
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in OSGeo GDAL up to version 3.13.0dev-4 allows local authenticated attackers to corrupt memory and potentially execute arbitrary code via a specially crafted DataFieldName argument passed to the GDnentries function in the HDF-EOS module. The vulnerability affects string length calculation when processing quoted field names, publicly available exploit code exists, and vendor patch is available in version 3.13.0RC1.

Heap Overflow Buffer Overflow Gdal
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stack overflow in ParquetSharp versions 18.1.0 through 23.0.0.0 allows remote unauthenticated attackers to cause denial of service by supplying a maliciously crafted Parquet file with a decimal column declaring an unreasonably large width, triggering unbounded stack allocation in the DecimalConverter.ReadDecimal method. This impacts network services that parse untrusted Parquet files. The vulnerability has been patched in version 23.0.0.1.

Apache Buffer Overflow
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in OSGeo GDAL up to 3.13.0dev-4 within the SWnentries function of the HDF4-EOS module allows local authenticated attackers to cause memory corruption via crafted DimensionName arguments. The vulnerability requires local access and authenticated privileges but can be exploited with publicly available proof-of-concept code. CVSS score of 1.9 reflects limited confidentiality, integrity, and availability impact despite the buffer overflow nature, indicating the vulnerability has constrained real-world severity despite its technical classification.

Heap Overflow Buffer Overflow Gdal
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 occurs in the HDF-EOS Grid File Handler when parsing malformed HDF4 files, allowing local authenticated attackers to read memory beyond buffer bounds. The vulnerability exists in the memmove operation within SWapi.c and GDapi.c that processes field information without proper bounds validation. Vendor-released patch available in version 3.13.0RC1; publicly available exploit code exists.

Information Disclosure Buffer Overflow Gdal
NVD VulDB GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A buffer over-read vulnerability in PHP 8.2 prior to version 8.2.31 allows remote attackers to disclose sensitive information through a network vector with high attack complexity and partial attack time requirements. The vulnerability (CWE-125) affects information availability and system availability, with CVSS 6.3 indicating moderate risk. Vendor-released patch available in PHP 8.2.31.

Microsoft Information Disclosure Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

PHP 8.2.31 addresses a buffer overflow vulnerability (CVE-2026-7568) affecting PHP 8.2.x versions that results in information disclosure through out-of-bounds memory reads. The vulnerability requires specific attack preconditions (CVSS AC:H/AT:P) and unauthenticated remote access; exploitation impact is limited to partial disclosure of memory contents. No public exploit code or active exploitation has been identified at the time of analysis.

Microsoft Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Multiple memory corruption vulnerabilities in Firefox 150.0.1 enable potential remote code execution through memory safety flaws in the browser engine. Mozilla's advisory references 10 distinct bugs demonstrating memory corruption, which with sufficient exploitation effort could allow arbitrary code execution. Firefox 150.0.2 addresses these vulnerabilities. CVSS rates this 7.5 High (network-exploitable, no authentication required), though the vector indicates only availability impact, contradicting the RCE assessment in Mozilla's advisory. SSVC framework confirms no active exploitation and partial technical impact.

Mozilla RCE Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Multiple memory corruption vulnerabilities in Mozilla Firefox allow remote code execution through browser rendering engine flaws. Firefox ESR 115.35.1, Firefox ESR 140.10.1, and Firefox 150.0.1 contain memory safety bugs with evidence of memory corruption that could enable arbitrary code execution. Fixed versions are available (Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2). EPSS score of 0.01% indicates very low exploitation probability in the wild, and SSVC framework shows no confirmed exploitation and non-automatable attacks. Despite high CVSS 8.1, real-world exploitation requires significant complexity (AC:H), reducing immediate risk for most environments.

Mozilla Information Disclosure RCE +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

Local denial-of-service vulnerability in ZTE Cloud PC client uSmartview allows authenticated local attackers to trigger memory corruption and crash the application through a use of externally-controlled format string (CWE-134). CVSS 4.7 with local attack vector and high complexity indicates limited real-world exploitability; no public exploit identified at time of analysis.

Zte Denial Of Service Buffer Overflow
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds write in LibreOffice 26.2 before 26.2.3 and 25.8 before 25.8.7 allows local attackers to cause memory corruption and availability impact by opening crafted OOXML documents with mismatched encryption salt parameters. The vulnerability requires user interaction to open a malicious document and affects memory integrity with elevated scope impact on availability.

Memory Corruption Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM This Month

DLL hijacking in ZTE Cloud PC client uSmartView allows unauthenticated local attackers to achieve arbitrary code execution and privilege escalation by planting a malicious DLL that is loaded by uSmartViewServiceAgent.exe running with SYSTEM privileges. The vulnerability requires local access but no authentication and affects multiple ZXCloud IRAI product versions. No public exploit code or active exploitation has been confirmed at this time.

Zte Privilege Escalation RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read in OpenEXR 3.0.0-3.4.10 allows remote attackers to trigger information disclosure and denial of service by sending malformed EXR image files containing manipulated prefix-compressed strings in IDManifest structures. The vulnerability bypasses bounds checking when reconstructing strings longer than 255 bytes, reading memory outside allocated buffers. EPSS data not available; no public exploit confirmed at time of analysis. Patches released in versions 3.2.9, 3.3.11, and 3.4.11.

Information Disclosure Buffer Overflow Openexr
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in OpenEXR ImageChannel::resize function enables heap buffer overflow through crafted EXR files processed via the OpenEXRUtil public API. Affects OpenEXR versions 3.0.0-3.2.8, 3.3.0-3.3.10, and 3.4.0-3.4.10 from the Academy Software Foundation's motion picture image format library. Vendor-released patches in versions 3.2.9, 3.3.11, and 3.4.11 add overflow validation before pixel buffer allocation. CVSS 8.8 with network vector but requires user interaction (opening malicious file). No public exploit or active exploitation identified at time of analysis.

Integer Overflow Buffer Overflow Openexr
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Out-of-bounds read by one byte in Tor before version 0.4.9.7 when processing malformed BEGIN cells allows remote unauthenticated attackers to cause a denial of service through information disclosure. The vulnerability has a low CVSS impact score (3.7) due to high attack complexity and limited availability impact, though the exact exploitation mechanics require Tor relay configuration and a specially crafted cell.

Buffer Overflow Tor
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Arbitrary memory writes via USB in ZTE ZX297520V3 BootROM allow physical attackers with USB access to bypass Secure Boot signature verification and achieve unauthorized code execution by exploiting missing target address validation in USB download mode. The vulnerability requires physical device access and user interaction (device boot into download mode), resulting in a CVSS score of 5.1, but enables complete bypass of cryptographic security mechanisms and Secure Boot protections.

Zte Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Out-of-bounds read in Tor before version 0.4.9.7 occurs when END, TRUNCATE, or TRUNCATED cells lack a reason field in their payload, allowing remote unauthenticated attackers to trigger a denial of service condition. The vulnerability requires high attack complexity and results in availability impact only. CVSS score is 3.7 with no active exploitation (KEV) or public exploit code confirmed at time of analysis.

Buffer Overflow Tor
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Man-in-the-middle attacks and denial of service against SUSE Harvester (SUSE Virtualization) affect all versions prior to 1.8.0 due to disabled TLS certificate verification in the Rancher integration registration client. Network-positioned attackers can intercept cluster registration traffic to steal credentials or trigger memory buffer overflow crashes. The vulnerability is limited to the initial cluster registration phase and does not affect ongoing operational connectivity between Harvester and Rancher Manager. Vendor-released patch available in version 1.8.0 with full certificate validation enabled by default. No active exploitation confirmed; no public exploit code identified at time of analysis.

Denial Of Service Buffer Overflow Suse
NVD GitHub
EPSS 15% 5.3 CVSS 9.3
CRITICAL POC KEV PATCH THREAT Act Now

Remote code execution in Palo Alto Networks PAN-OS User-ID Authentication Portal (Captive Portal) allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via specially crafted packets. CISA KEV confirms active exploitation in the wild with publicly available exploit code. EPSS risk assessment is not provided, but the vulnerability achieves maximum impact with minimal attack complexity (CVSS 9.3, AV:N/AC:L/PR:N), making this a critical priority for immediate remediation. The attack surface is significantly reduced when access to the portal is restricted to trusted internal networks per vendor best practices.

Paloalto Memory Corruption Buffer Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 through an out-of-bounds read vulnerability in the AdFilter component. Attackers can execute arbitrary code by delivering a specially crafted HTML page, requiring only that a user visit the malicious page. Chrome has released version 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis, though the vulnerability's network-based attack vector and low complexity make it a realistic exploitation target once technical details become public.

Google Information Disclosure RCE +4
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Google Information Disclosure Buffer Overflow +3
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds read in Chrome's codec implementation allows remote attackers to extract potentially sensitive data from process memory by delivering a malicious media file. Affects Chrome versions prior to 148.0.7778.96. The vulnerability requires user interaction (opening or playing a crafted file) but operates over the network. Google rated this as Medium severity within the Chromium security framework.

Google Information Disclosure Buffer Overflow +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Chrome's Dawn graphics API (WebGPU) enables sandbox escape on Windows systems when users visit attacker-controlled web pages. Affects all Chrome versions prior to 148.0.7778.96 on Windows platforms. Vendor-released patch available in Chrome 148.0.7778.96 (confirmed by Google Stable Channel release). CVSS 8.8 reflects high impact but requires user interaction. No public exploit code or CISA KEV listing identified at time of analysis, indicating targeted or proof-of-concept stage exploitation risk rather than widespread active exploitation.

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Integer overflow in Chrome's Network component prior to version 148.0.7778.96 allows remote attackers to bypass same-origin policy after compromising the renderer process via a crafted HTML page. The vulnerability requires renderer compromise and user interaction, limiting real-world risk despite network-accessible attack surface. No active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Media component on macOS and iOS versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser sandbox by exploiting an out-of-bounds write vulnerability. Attack requires the compromised renderer process prerequisite plus user interaction with a malicious HTML page. CVSS rates this 8.8 (High) due to network attack vector and no authentication required, though exploitation remains constrained by the sandbox boundary and requires initial renderer compromise. Vendor-released patch available in Chrome 148.0.7778.96. No active exploitation (CISA KEV) or public exploit code identified at time of analysis.

Buffer Overflow Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 through an out-of-bounds write in the WebRTC component. Attackers can achieve arbitrary code execution by convincing users to visit a specially crafted HTML page, though execution remains confined to Chrome's sandbox. EPSS data not available for this recent CVE (May 2026). Vendor-released patch version 148.0.7778.96 addresses the vulnerability with Chromium security severity rated Medium despite 8.8 CVSS score.

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds read and write in the GFX component of Google Chrome prior to version 148.0.7778.96 allows remote attackers to perform arbitrary memory read and write operations through malicious network traffic. The vulnerability requires user interaction (clicking a link or visiting a malicious page) but does not require authentication. Chromium rated the security severity as Medium; CVSS 5.4 reflects moderate impact (confidentiality and integrity compromise without availability loss). No active exploitation confirmed in CISA KEV at time of analysis.

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Out-of-bounds read in Skia graphics library within Google Chrome prior to version 148.0.7778.96 allows remote attackers who have compromised the renderer process to leak cross-origin data through a crafted Chrome Extension. The vulnerability requires user interaction and relies on renderer compromise, limiting real-world exploitation despite the information disclosure impact. Chromium classified this as Medium severity; no active exploitation has been publicly confirmed.

Google Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds memory read in Google Chrome's V8 JavaScript engine allows remote attackers to disclose sensitive information via a crafted HTML page. Affects Chrome versions prior to 148.0.7778.96. The vulnerability requires user interaction (opening a malicious page) but operates over the network with no authentication required. While classified as medium severity by Chromium, the impact is limited to information disclosure without code execution capability.

Google Information Disclosure Buffer Overflow +3
NVD VulDB
Prev Page 22 of 402 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
36137

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy