Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-20828

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-13 Jan, 2026 | 17:56
Updated At-13 Feb, 2026 | 20:40
Rejected At-
Credits

Windows rndismp6.sys Information Disclosure Vulnerability

Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:13 Jan, 2026 | 17:56
Updated At:13 Feb, 2026 | 20:40
Rejected At:
â–¼CVE Numbering Authority (CNA)
Windows rndismp6.sys Information Disclosure Vulnerability

Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1607
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.8783 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.8276 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 21H2
Platforms
  • 32-bit Systems
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.19044.0 before 10.0.19044.6809 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 22H2
Platforms
  • 32-bit Systems
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.19045.0 before 10.0.19045.6809 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 version 22H3
Platforms
  • ARM64-based Systems
Versions
Affected
  • From 10.0.22631.0 before 10.0.22631.6491 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 Version 23H2
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.22631.0 before 10.0.22631.6491 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 Version 24H2
Platforms
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.26100.0 before 10.0.26100.7623 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 Version 25H2
Versions
Affected
  • From 10.0.26200.0 before 10.0.26200.7623 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.7601.0 before 6.1.7601.28117 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.7601.0 before 6.1.7601.28117 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 6.0.6003.0 before 6.0.6003.23717 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2 (Server Core installation)
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 6.0.6003.0 before 6.0.6003.23717 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.25868 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.25868 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.22968 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.22968 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.8783 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.8783 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.8276 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.8276 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.20348.0 before 10.0.20348.4648 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022, 23H2 Edition (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.25398.0 before 10.0.25398.2092 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2025
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.26100.0 before 10.0.26100.32230 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2025 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.26100.0 before 10.0.26100.32230 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20828
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20828
Resource:
vendor-advisory
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:13 Jan, 2026 | 18:16
Updated At:15 Jan, 2026 | 13:08

Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>windows_10_1607>>Versions before 10.0.14393.8783(exclusive)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1607>>Versions before 10.0.14393.8783(exclusive)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_1809>>Versions before 10.0.17763.8276(exclusive)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1809>>Versions before 10.0.17763.8276(exclusive)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>Versions before 10.0.19044.6809(exclusive)
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>Versions before 10.0.19045.6809(exclusive)
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11_23h2>>Versions before 10.0.22631.6491(exclusive)
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11_24h2>>Versions before 10.0.26100.7623(exclusive)
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11_25h2>>Versions before 10.0.26200.7623(exclusive)
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>Versions before 10.0.14393.8783(exclusive)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>Versions before 10.0.17763.8276(exclusive)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>Versions before 10.0.20348.4648(exclusive)
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022_23h2>>Versions before 10.0.25398.2092(exclusive)
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2025>>Versions before 10.0.26100.32230(exclusive)
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarysecure@microsoft.com
CWE ID: CWE-125
Type: Primary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20828secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20828
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1429Records found
CVE-2025-54214
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.51%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:55
Updated-13 Aug, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Read (CWE-125)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-5419
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.57% / 81.16%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 23:36
Updated-24 Oct, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-26||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromeedge_chromiumChromeChromium V8
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44358
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.07%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:52
Updated-02 Aug, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21971: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54233
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.51%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 22:17
Updated-14 Aug, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Framemaker | Out-of-bounds Read (CWE-125)

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-framemakerwindowsAdobe Framemaker
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54902
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.12%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 17:00
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-excel365_appsoffice_long_term_servicing_channeloffice_online_serverofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Office Online ServerMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-416
Use After Free
CVE-2016-5198
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-77.91% / 98.98%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-22 Oct, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Microsoft CorporationApple Inc.Google LLC
Product-enterprise_linux_serverwindowslinux_kernelenterprise_linux_desktopenterprise_linux_workstationmacosandroidchromeGoogle Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and MacChromium V8
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-44334
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.23%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 14:27
Updated-18 Dec, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop 2023 CC 24.7 Memory Corruption Vulnerability VI.

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshopmacosPhotoshop Desktop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54227
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.51%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:54
Updated-13 Aug, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Read (CWE-125)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54239
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.27%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 20:49
Updated-12 Sep, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Read (CWE-125)

After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-after_effectsmacoswindowsAfter Effects
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54898
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.12%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 17:00
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeoffice_long_term_servicing_channelexcel365_appsoffice_online_serverMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Office Online ServerMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54240
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.27%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 20:49
Updated-12 Sep, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Read (CWE-125)

After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-after_effectsmacoswindowsAfter Effects
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54241
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.27%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 20:49
Updated-12 Sep, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Read (CWE-125)

After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-after_effectsmacoswindowsAfter Effects
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5556
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.59% / 68.66%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 06:49
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-foxit_readerphantompdfwindowsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54097
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.13%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 17:00
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2016windows_server_2019windows_server_2008windows_server_2012windows_server_2025windows_server_2022_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54096
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.13%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 17:00
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2016windows_server_2019windows_server_2008windows_server_2012windows_server_2025windows_server_2022_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54269
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.25%
||
7 Day CHG+0.01%
Published-15 Oct, 2025 | 00:18
Updated-17 Oct, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Animate | Out-of-bounds Read (CWE-125)

Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macosanimatewindowsAnimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-25772
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-28 Sep, 2020 | 23:30
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54238
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.51%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 22:33
Updated-14 Aug, 2025 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dimension | Out-of-bounds Read (CWE-125)

Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-dimensionmacoswindowsDimension
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-53805
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.82%
||
7 Day CHG+0.02%
Published-09 Sep, 2025 | 17:01
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP.sys Denial of Service Vulnerability

Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2025windows_server_2022_23h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5098
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.57% / 68.06%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 17:24
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.VMware (Broadcom Inc.)Microsoft Corporation
Product-workstationradeon_rx_550_firmwareradeon_550_firmwareradeon_rx_550radeon_550windows_10AMD ATI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-53806
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.13%
||
7 Day CHG+0.01%
Published-09 Sep, 2025 | 17:01
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2016windows_server_2019windows_server_2008windows_server_2012windows_server_2025windows_server_2022_23h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read
CVE-2019-3634
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 13.79%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 15:17
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in DLP Endpoint for Windows

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsdata_loss_prevention_endpointData Loss Prevention (DLPe) for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-3033
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.58% / 81.23%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5007
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.17%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 23:00
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readern/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-49681
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.40%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022_23h2windows_server_2019windows_server_2022windows_server_2016windows_server_2008windows_server_2025Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-49671
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022_23h2windows_server_2019windows_server_2022windows_server_2016windows_server_2008windows_server_2025Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-50163
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.94%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2019windows_server_2022_23h2windows_server_2022windows_server_2016windows_server_2025windows_server_2012Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-50152
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.71%
||
7 Day CHG+0.04%
Published-14 Oct, 2025 | 17:00
Updated-13 Feb, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows 11 Version 25H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-49657
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022_23h2windows_server_2019windows_server_2022windows_server_2016windows_server_2008windows_server_2025Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-49689
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_server_2008windows_10_1507windows_11_22h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-49525
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.51%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 22:01
Updated-10 Jul, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Read (CWE-125)

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-illustratormacoswindowsIllustrator
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-24558
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.45%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 18:55
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationTrend Micro Incorporated
Product-worry-free_business_security_servicesworry-free_business_securityapex_onewindowsmacosTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-48002
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.13% / 32.42%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Information Disclosure Vulnerability

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2025
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-47978
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.34%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Denial of Service Vulnerability

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_server_2022Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2022
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-48816
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.05%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HID Class Driver Elevation of Privilege Vulnerability

Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_server_2008windows_10_1507windows_11_22h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-47996
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.05%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows MBT Transport Driver Elevation of Privilege Vulnerability

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_server_2008windows_10_1507windows_11_22h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2023-38240
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.48%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 13:17
Updated-27 Feb, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21245: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38237
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.48%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 13:17
Updated-27 Feb, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21244: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38236
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.15%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 13:17
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21247: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47135
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.51%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 17:29
Updated-11 Jul, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dimension | Out-of-bounds Read (CWE-125)

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-dimensionmacoswindowsDimension
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38105
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.47% / 63.94%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-12 Aug, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21017.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38232
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.96%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 13:17
Updated-27 Feb, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21357: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38116
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.31% / 54.08%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-12 Aug, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability

Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21292.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_readerpdf_editor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38217
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.34%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:40
Updated-27 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21403: Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsbridgemacosBridge
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38119
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.08% / 83.65%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-12 Aug, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm signature Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm signature Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of signature fields. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21326.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38110
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.31% / 54.08%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-12 Aug, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability

Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21023.

Action-Not Available
Vendor-Apple Inc.Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readermacospdf_editorwindowsPDF Readerpdf_reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38244
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.48%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 13:17
Updated-27 Feb, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21371: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38247
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.48%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 13:17
Updated-27 Feb, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21449: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38106
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.47% / 63.94%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:59
Updated-12 Aug, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21018.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_editor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38235
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.48%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 13:17
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21356: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 28
  • 29
  • Next
Details not found