Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-65396 | 1 Blurams | 2 Dome Flare, Dome Flare Firmware | 2026-02-03 | N/A | 6.1 MEDIUM |
|
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.
|
|||||
| CVE-2025-71001 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 6.5 MEDIUM |
|
A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2025-71004 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 6.5 MEDIUM |
|
A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2026-24852 | 1 Color | 1 Iccdev | 2026-02-03 | N/A | 6.1 MEDIUM |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen() function attempts to read a non-null-terminated buffer potentially leaking heap memory contents and causing application termination. This vulnerability affects users of the iccDEV library who process ICC color profiles. ICC Profile Injection vulnerabilities arise when user-controllable inpu ...
Show More |
|||||
| CVE-2026-20973 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 5.3 MEDIUM |
|
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
|
|||||
| CVE-2025-46316 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-01-30 | N/A | 4.3 MEDIUM |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, Pages 15.1, macOS Tahoe 26.1. Processing a maliciously crafted Pages document may result in unexpected termination or disclosure of process memory.
|
|||||
| CVE-2025-46306 | 1 Apple | 4 Ipados, Iphone Os, Keynote and 1 more | 2026-01-30 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents.
|
|||||
| CVE-2025-32460 | 1 Graphicsmagick | 1 Graphicsmagick | 2026-01-29 | N/A | 4.0 MEDIUM |
|
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
|
|||||
| CVE-2026-0899 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-01-29 | N/A | 8.8 HIGH |
|
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2026-24873 | 2026-01-29 | N/A | 7.8 HIGH | ||
|
Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.
|
|||||
| CVE-2023-21477 | 1 Samsung | 1 Android | 2026-01-28 | N/A | 7.9 HIGH |
|
Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
|
|||||
| CVE-2025-39943 | 1 Linux | 1 Linux Kernel | 2026-01-27 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer
If data_offset and data_length of smb_direct_data_transfer struct are
invalid, out of bounds issue could happen.
This patch validate data_offset and data_length field in recv_done.
|
|||||
| CVE-2025-46819 | 1 Redis | 1 Redis | 2026-01-27 | N/A | 6.3 MEDIUM |
|
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a scri ...
Show More |
|||||
| CVE-2022-50490 | 1 Linux | 1 Linux Kernel | 2026-01-27 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Propagate error from htab_lock_bucket() to userspace
In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns
-EBUSY, it will go to next bucket. Going to next bucket may not only
skip the elements in current bucket silently, but also incur
out-of-bound memory access or expose kernel memory to userspace if
current bucket_cnt is greater than bucket_size or zero.
Fixing it by stopping batch operation and return ...
Show More |
|||||
| CVE-2025-38715 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-27 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix slab-out-of-bounds in hfs_bnode_read()
This patch introduces is_bnode_offset_valid() method that checks
the requested offset value. Also, it introduces
check_and_correct_requested_length() method that checks and
correct the requested length (if it is necessary). These methods
are used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(),
hfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent
the access o ...
Show More |
|||||
| CVE-2025-38713 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-27 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
The hfsplus_readdir() method is capable to crash by calling
hfsplus_uni2asc():
[ 667.121659][ T9805] ==================================================================
[ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10
[ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805
[ 667.124578][ T9805]
[ 667.12487 ...
Show More |
|||||
| CVE-2026-24820 | 2026-01-27 | N/A | N/A | ||
|
Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C.
This issue affects WickedEngine: before 0.71.705.
|
|||||
| CVE-2025-41728 | 2026-01-27 | N/A | 5.3 MEDIUM | ||
|
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.
|
|||||
| CVE-2026-24821 | 2026-01-27 | N/A | N/A | ||
|
Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C.
This issue affects WickedEngine: through 0.71.727.
|
|||||
| CVE-2026-24826 | 2026-01-27 | N/A | N/A | ||
|
Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .
|
|||||
| CVE-2026-24818 | 2026-01-27 | N/A | N/A | ||
|
Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C.
This issue affects UEVR: before 1.05.
|
|||||
| CVE-2026-24796 | 2026-01-27 | N/A | N/A | ||
|
Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C.
This issue affects CloverBootloader: before 5162.
|
|||||
| CVE-2023-53521 | 1 Linux | 1 Linux Kernel | 2026-01-26 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
A fix for:
BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses]
Read of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013
When edev->components is zero, accessing edev->component[0] members is
wrong.
|
|||||
| CVE-2025-21598 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-26 | N/A | 7.5 HIGH |
|
An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd.
This issue affects:
Junos OS:
* from 21.2R3-S8 before 21.2R3-S9,
* from 21.4R3-S7 before 21.4R3-S9,
* from 22.2R3-S4 before 22.2R3-S5,
* from 22.3R3-S2 before 22.3R3-S4,
* from 22.4R3 before 22.4R3-S ...
Show More |
|||||
| CVE-2025-21600 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-26 | N/A | 6.5 MEDIUM |
|
An Out-of-Bounds Read vulnerability in
the routing protocol daemon (rpd) of
Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue only affects systems configured in
either of two ways:
...
Show More |
|||||
| CVE-2021-3610 | 3 Fedoraproject, Imagemagick, Redhat | 3 Fedora, Imagemagick, Enterprise Linux | 2026-01-26 | 5.0 MEDIUM | 7.5 HIGH |
|
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.
|
|||||
| CVE-2020-15473 | 1 Ntop | 1 Ndpi | 2026-01-26 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.
|
|||||
| CVE-2020-15471 | 1 Ntop | 1 Ndpi | 2026-01-26 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
|
|||||
| CVE-2025-51602 | 2026-01-26 | N/A | 4.8 MEDIUM | ||
|
mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.
|
|||||
| CVE-2022-50478 | 1 Linux | 1 Linux Kernel | 2026-01-23 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount
time".
The first patch fixes a bug reported by syzbot, and the second one fixes
the remaining bug of the same kind. Although they are triggered by the
same super block data anomaly, I divided it into the above two because the
details of the issues and how to fix it are different.
Both are ...
Show More |
|||||
| CVE-2024-39516 | 1 Juniper | 2 Junos, Junos Os Evolved | 2026-01-23 | N/A | 7.5 HIGH |
|
An Out-of-Bounds Read vulnerability in
the routing protocol daemon (rpd) of
Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue only affects systems configured in
either of two ways:
* sy ...
Show More |
|||||
| CVE-2025-70298 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 8.2 HIGH |
|
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
|
|||||
| CVE-2025-70308 | 1 Gpac | 1 Gpac | 2026-01-23 | N/A | 7.5 HIGH |
|
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
|
|||||
| CVE-2024-30401 | 1 Juniper | 16 Ex9200-15c, Junos, Lc9600 and 13 more | 2026-01-23 | N/A | 5.9 MEDIUM |
|
An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC.
Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow.
This issue affects Junos OS on MX Series ...
Show More |
|||||
| CVE-2025-37178 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 5.3 MEDIUM |
|
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
|
|||||
| CVE-2025-37179 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 5.3 MEDIUM |
|
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
|
|||||
| CVE-2025-39760 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-23 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: core: config: Prevent OOB read in SS endpoint companion parsing
usb_parse_ss_endpoint_companion() checks descriptor type before length,
enabling a potentially odd read outside of the buffer size.
Fix this up by checking the size first before looking at any of the
fields in the descriptor.
|
|||||
| CVE-2024-36883 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-22 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
net: fix out-of-bounds access in ops_init
net_alloc_generic is called by net_alloc, which is called without any
locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It
is read twice, first to allocate an array, then to set s.len, which is
later used to limit the bounds of the array access.
It is possible that the array is allocated and another thread is
registering a new pernet ops, increments max_gen_ptrs ...
Show More |
|||||
| CVE-2024-36916 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-22 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: avoid out of bounds shift
UBSAN catches undefined behavior in blk-iocost, where sometimes
iocg->delay is shifted right by a number that is too large,
resulting in undefined behavior on some architectures.
[ 186.556576] ------------[ cut here ]------------
UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23
shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')
CPU: 16 PID: 0 Comm: sw ...
Show More |
|||||
| CVE-2022-50497 | 1 Linux | 1 Linux Kernel | 2026-01-22 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
binfmt_misc: fix shift-out-of-bounds in check_special_flags
UBSAN reported a shift-out-of-bounds warning:
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106
ubsan_epilogue+0xa/0x44 lib/ubsan.c:151
__ubsan_handle_shift_out_of_bounds+0x1e7/0x208 lib/ubsan.c:322
check_special_flags fs/binfmt_misc ...
Show More |
|||||