Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-8086

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-07 May, 2026 | 18:45
Updated At-07 May, 2026 | 19:53
Rejected At-
Credits

OSGeo gdal SWapi.c SWnentries heap-based overflow

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:07 May, 2026 | 18:45
Updated At:07 May, 2026 | 19:53
Rejected At:
â–¼CVE Numbering Authority (CNA)
OSGeo gdal SWapi.c SWnentries heap-based overflow

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.

Affected Products
Vendor
OSGeo
Product
gdal
CPEs
  • cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
Versions
Affected
  • 3.13.0dev-4
Unaffected
  • 3.12.4RC1
Problem Types
TypeCWE IDDescription
CWECWE-122Heap-based Buffer Overflow
CWECWE-119Memory Corruption
Type: CWE
CWE ID: CWE-122
Description: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-119
Description: Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.05.3MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2.04.3N/A
AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 2.0
Base score: 4.3
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
biniam (VulDB User)
Timeline
EventDate
Advisory disclosed2026-05-07 00:00:00
VulDB entry created2026-05-07 02:00:00
VulDB entry last update2026-05-07 14:39:32
Event: Advisory disclosed
Date: 2026-05-07 00:00:00
Event: VulDB entry created
Date: 2026-05-07 02:00:00
Event: VulDB entry last update
Date: 2026-05-07 14:39:32
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/361839
vdb-entry
technical-description
https://vuldb.com/vuln/361839/cti
signature
permissions-required
https://vuldb.com/submit/808038
third-party-advisory
https://github.com/OSGeo/gdal/issues/14356
issue-tracking
https://github.com/OSGeo/gdal/pull/14361
issue-tracking
patch
https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof
exploit
https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636
patch
https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1
patch
https://github.com/OSGeo/gdal/
product
Hyperlink: https://vuldb.com/vuln/361839
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/361839/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/808038
Resource:
third-party-advisory
Hyperlink: https://github.com/OSGeo/gdal/issues/14356
Resource:
issue-tracking
Hyperlink: https://github.com/OSGeo/gdal/pull/14361
Resource:
issue-tracking
patch
Hyperlink: https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof
Resource:
exploit
Hyperlink: https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636
Resource:
patch
Hyperlink: https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1
Resource:
patch
Hyperlink: https://github.com/OSGeo/gdal/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/submit/808038
exploit
https://github.com/OSGeo/gdal/issues/14356
exploit
Hyperlink: https://vuldb.com/submit/808038
Resource:
exploit
Hyperlink: https://github.com/OSGeo/gdal/issues/14356
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:07 May, 2026 | 19:16
Updated At:08 May, 2026 | 19:04

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.01.9LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary2.04.3MEDIUM
AV:L/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 1.9
Base severity: LOW
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
osgeo
osgeo
>>gdal>>Versions up to 3.12.4(inclusive)
cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
osgeo
osgeo
>>gdal>>3.13.0
cpe:2.3:a:osgeo:gdal:3.13.0:beta1:*:*:*:*:*:*
osgeo
osgeo
>>gdal>>3.13.0
cpe:2.3:a:osgeo:gdal:3.13.0:beta2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Secondarycna@vuldb.com
CWE-122Secondarycna@vuldb.com
CWE ID: CWE-119
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-122
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/OSGeo/gdal/cna@vuldb.com
Product
https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636cna@vuldb.com
Patch
https://github.com/OSGeo/gdal/issues/14356cna@vuldb.com
Exploit
Issue Tracking
Patch
Vendor Advisory
https://github.com/OSGeo/gdal/pull/14361cna@vuldb.com
Issue Tracking
Patch
https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1cna@vuldb.com
Release Notes
https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bofcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/submit/808038cna@vuldb.com
Exploit
Third Party Advisory
VDB Entry
https://vuldb.com/vuln/361839cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/vuln/361839/cticna@vuldb.com
Permissions Required
VDB Entry
https://github.com/OSGeo/gdal/issues/14356134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Issue Tracking
Patch
Vendor Advisory
https://vuldb.com/submit/808038134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/OSGeo/gdal/
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636
Source: cna@vuldb.com
Resource:
Patch
Hyperlink: https://github.com/OSGeo/gdal/issues/14356
Source: cna@vuldb.com
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://github.com/OSGeo/gdal/pull/14361
Source: cna@vuldb.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1
Source: cna@vuldb.com
Resource:
Release Notes
Hyperlink: https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/submit/808038
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/vuln/361839
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/vuln/361839/cti
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://github.com/OSGeo/gdal/issues/14356
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://vuldb.com/submit/808038
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

633Records found
CVE-2026-8213
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 17.09%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 23:00
Updated-19 May, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.

Action-Not Available
Vendor-osgeoOSGeo
Product-gdalgdal
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-8087
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 12.75%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:00
Updated-08 May, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OSGeo gdal GDapi.c GDnentries heap-based overflow

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component.

Action-Not Available
Vendor-osgeoOSGeo
Product-gdalgdal
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-8212
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.53%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 22:30
Updated-19 May, 2026 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.

Action-Not Available
Vendor-osgeoOSGeo
Product-gdalgdal
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-25050
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 26.83%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:46
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

Action-Not Available
Vendor-osgeon/a
Product-gdaln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-49014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.10% / 1.16%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 01:39
Updated-04 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.

Action-Not Available
Vendor-osgeoGDAL
Product-gdalGDAL
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2009-2281
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.95% / 92.33%
||
7 Day CHG~0.00%
Published-23 Oct, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1176
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.09% / 89.41%
||
7 Day CHG~0.00%
Published-31 Mar, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0839
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-9.01% / 94.60%
||
7 Day CHG~0.00%
Published-31 Mar, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8088
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.25% / 15.65%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:30
Updated-08 May, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OSGeo gdal GDapi.c GDfieldinfo out-of-bounds

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded.

Action-Not Available
Vendor-osgeoOSGeo
Product-gdalgdal
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-4738
Matching Score-6
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-6
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-9.4||CRITICAL
EPSS-0.28% / 19.32%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 03:18
Updated-24 Mar, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.

Action-Not Available
Vendor-OSGeo
Product-gdal
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-8084
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 17.73%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 18:30
Updated-08 May, 2026 | 22:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.

Action-Not Available
Vendor-osgeoOSGeo
Product-gdalgdal
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-2704
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.22% / 91.44%
||
7 Day CHG~0.00%
Published-01 Aug, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2539
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.32% / 23.88%
||
7 Day CHG~0.00%
Published-02 Aug, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5522
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.76% / 90.75%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

Action-Not Available
Vendor-osgeon/aDebian GNU/Linux
Product-debian_linuxmapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0840
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.28% / 91.51%
||
7 Day CHG~0.00%
Published-31 Mar, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1177
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.87% / 84.97%
||
7 Day CHG~0.00%
Published-31 Mar, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors.

Action-Not Available
Vendor-osgeoumnn/a
Product-mapservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.51% / 39.53%
||
7 Day CHG~0.00%
Published-11 Sep, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-xorg-servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-27815
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.78% / 51.27%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 12:18
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-h300eh500sh300s_firmwareh410c_firmwareh410sh300sh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareaff_a250h700eh410ch700e_firmwarefas500f_firmwareh700saff_a250_firmwarefas500fLinux Kernel
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27006
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.67% / 47.27%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28225
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.45% / 35.71%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTLM Elevation of Privilege Vulnerability

Windows NTLM Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 20H2Windows 11 version 22H2Windows 10 Version 1507Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2020-27003
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.72% / 49.34%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-31031
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.19% / 9.28%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-09 Oct, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27285
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.24% / 14.29%
||
7 Day CHG~0.00%
Published-04 Jun, 2023 | 23:52
Updated-08 Jan, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera buffer overflow

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_cargoaspera_connectAspera ConnectAspera Cargo
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-0302
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.48%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_4150firepower_4140ucs_6120xpucs_6140xpnx-osfirepower_9300_security_applianceucs_6296upucs_6324firepower_4110firepower_4120ucs_6248upfirepower_extensible_operating_systemucs_6332Cisco FXOS Software and UCS Fabric Interconnect unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-64680
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 28.20%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:56
Updated-16 Apr, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_22h2windows_11_24h2windows_server_2019windows_11_23h2windows_server_2022windows_11_22h2windows_10_21h2windows_server_2025windows_10_1809windows_server_2016windows_10_1507windows_server_2022_23h2windows_11_25h2Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2022Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-26369
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.54%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 17:07
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-athlon_3150geryzen_3_3300x_firmwareryzen_5_5600hathlon_3150g_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_3_5425cryzen_9_3900xryzen_3_3300g_firmwareryzen_3_5425u_firmwareryzen_5_3450gathlon_3050geryzen_5_5600uryzen_5_2500uryzen_9_5980hxryzen_3_2300u_firmwareryzen_7_5800hsryzen_5_5600xryzen_9_5900hx_firmwareryzen_5_5600hsryzen_threadripper_2970wxryzen_3_2300uryzen_7_5825uryzen_5_2600xryzen_7_5825u_firmwareryzen_7_2700u_firmwareryzen_5_5700geryzen_5_3600x_firmwareryzen_5_5625uryzen_threadripper_2920x_firmwareryzen_5_3400gryzen_3_5125cryzen_7_3800x_firmwareryzen_7_2800h_firmwareryzen_threadripper_2950xryzen_5_5700gryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_5_2500u_firmwareryzen_3_3100ryzen_threadripper_2970wx_firmwareryzen_9_3950x_firmwareryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_7_2700xryzen_5_5700g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_3_5125c_firmwareryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_5825c_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_7_5800h_firmwareryzen_3_3300xryzen_7_3700xryzen_5_5625c_firmwareryzen_3_5425uryzen_5_2600hryzen_5_5625cryzen_5_5700ge_firmwareryzen_9_5980hx_firmwareryzen_7_2700uryzen_3_5400uryzen_5_3450g_firmwareradeon_softwareryzen_7_5825cryzen_5_2600h_firmwareryzen_7_5800uryzen_7_2800hathlon_3150gryzen_9_5900hxryzen_5_2600x_firmwareryzen_5_5600x_firmwareryzen_7_3700x_firmwareryzen_9_5980hs_firmwareryzen_9_3950xryzen_threadripper_2990wxryzen_5_5600hs_firmwareryzen_5_3400g_firmwareryzen_7_2700_firmwareryzen_3_5425c_firmwareathlon_3150ge_firmwareryzen_5_5600h_firmwareryzen_3_3300gryzen_7_5800hryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_5_3600ryzen_7_5800hs_firmwareryzen_7_3800xryzen_5_5625u_firmwareathlon_3050ge_firmwareryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareAthlonâ„¢ SeriesRyzenâ„¢ Series
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-2241
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 29.03%
||
7 Day CHG~0.00%
Published-22 Apr, 2023 | 16:00
Updated-04 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow

A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-podofo_projectn/a
Product-podofoPoDoFo
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-62458
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.64% / 45.92%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_22h2windows_server_2012windows_server_2008windows_server_2019windows_11_23h2windows_server_2022windows_10_21h2windows_10_1809windows_server_2016Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2012 R2Windows Server 2022Windows 10 Version 22H2Windows Server 2012Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-62454
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.08% / 79.13%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_11_24h2windows_server_2019windows_11_23h2windows_10_21h2windows_10_1809windows_server_2022windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2022Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 22H2Windows Server 2019Windows 11 Version 25H2Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-6269
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 10.47%
||
7 Day CHG~0.00%
Published-19 Jun, 2025 | 16:00
Updated-02 Jul, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5HDF5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-62470
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 36.53%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_22h2windows_server_2012windows_11_24h2windows_server_2008windows_server_2019windows_11_23h2windows_server_2022windows_10_21h2windows_10_1809windows_server_2016windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 11 Version 24H2Windows Server 2008 Service Pack 2Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows 10 Version 22H2Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-62526
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.9||HIGH
EPSS-0.24% / 15.57%
||
7 Day CHG+0.02%
Published-22 Oct, 2025 | 14:59
Updated-30 Oct, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenWrt ubusd vulnerable to heap buffer overflow

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The affected code is executed before running the ACL checks, all ubus clients are able to send such messages. In addition to the heap corruption, the crafted subscription also results in a bypass of the listen ACL. This is fixed in OpenWrt 24.10.4. There are no workarounds.

Action-Not Available
Vendor-OpenWrt
Product-openwrtopenwrt
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-6119
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 8.24%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 11:00
Updated-17 Jun, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Action-Not Available
Vendor-assimpOpen Asset Import Library
Product-assimpAssimp
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2024-0156
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.21% / 10.56%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 12:54
Updated-08 Jan, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (D3)dell_digital_delivery
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-6120
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 10.56%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 11:31
Updated-17 Jun, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Action-Not Available
Vendor-assimpOpen Asset Import Library
Product-assimpAssimp
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-21628
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.12% / 1.87%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:39
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN HAL

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresnapdragon_850_mobile_compute_platform_firmwaremdm9640_firmwaresm6250p_firmwareipq4028_firmwareqca1023ar9380ipq8173_firmwareqcn5124mdm9645wcn3950_firmwaresc8180x\+sdx55sm4450_firmwareqca6595au_firmwaresa6155mdm8215home_hub_100_platformsd_455_firmwareapq8076qcs6125_firmwaresm4375wcn3998sc8180xp-adwcd9371_firmwarewcn3950qcn6024_firmwaresm4125immersive_home_316_platform_firmwaresm6375_firmwarewcn3660bsd460_firmwaresm4250-aasnapdragon_636_mobile_platformwcn3998_firmwareqca8081_firmwareqca6420qca9986snapdragon_auto_5g_modem-rf_firmwareipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwareipq8072_firmwaresc8180xp-aa_firmwareqca0000sa8155_firmwarerobotics_rb3_platform_firmwareipq8068qca6430snapdragon_630_mobile_platformwcd9340snapdragon_808_processorqca6698aq_firmwaresnapdragon_808_processor_firmwarewcn685x-1_firmwaremdm9250_firmwareqca9888_firmwareqcn6122sm8150_firmwaresnapdragon_810_processor_firmwareqca6696_firmwarewcd9371sc8180x-abqcn5154_firmwaremdm8215_firmwaresm4350_firmwaresd_8cxsa8150pqca9992_firmwaresd660sm7225_firmwaresd660_firmwareqcn5121qcn5022_firmwarewcn6750_firmwareqcn7606_firmwaresm6125_firmwareimmersive_home_216_platform_firmwareqca4010_firmwaresnapdragon_675_mobile_platform_firmwareqca6428_firmwaresm6375qca9985_firmwarewcn3991ipq4018_firmwareqca4531_firmwareqca9980_firmwareipq8078ipq8173sd670_firmwareqca6574csr8811_firmwarewcd9380qcs410qcn5024qca9379_firmwaresc8180xp-ad_firmwareqca9985qcn9012_firmwareipq6018_firmwareqcm4325_firmwarewcd9340_firmwarewsa8815sm6150-ac_firmwareqca6584_firmwaresnapdragon_630_mobile_platform_firmwaremdm9215_firmwareipq6028ipq8064sd835snapdragon_821_mobile_platformqca1990wcn3980_firmwaresd730sc7180-ac_firmwaresm6350qcn5064_firmwareqcs4490_firmwareapq8064au_firmwareipq8078_firmwareqcn5054qca9994sm6350_firmwareqca9980sd670qcn9024_firmwareipq8174_firmwaresmart_audio_200_platform_firmwareqcm4290_firmwareqcn7605_firmwaresw5100p_firmwareqcs610_firmwaresa6145pqca9886_firmwarear8031immersive_home_214_platformqca1023_firmwaresd820_firmwareqca6391_firmwaresa4150p_firmwareqca4024wcd9370_firmwaresdx55qcn5021_firmwarecsra6640snapdragon_x20_lte_modemqca9379sa4155pqcn7606wsa8830qca9561sdm712_firmwaresnapdragon_850_mobile_compute_platformsnapdragon_x24_lte_modem_firmwarecsrb31024mdm9628_firmwaremdm9650qca9992qcs4290snapdragon_x20_lte_modem_firmwaremdm9250qca6420_firmwaresc7180-acsnapdragon_auto_4g_modem_firmwaremdm9310_firmwaresd675_firmwareipq8072qca6564wcn3990_firmwareqca9984_firmwareqca9377qca4531wcd9385_firmwarewcd9326_firmwarewcn3615_firmwareipq8074aqca9982apq8094sa8155snapdragon_x55_5g_modem-rf_systemqca6584snapdragon_835_mobile_pc_platform_firmwareqcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwaresm7250p_firmwarewcn3610_firmwareqca6584auqfe1952sm6225ipq8174qcn5052qca9367apq8092wcn3988_firmwareqcn9074sm7250-aasa8195psxr1120sdm710_firmwaresm4375_firmwarewcd9326wcd9335qca9982_firmwareqcm4490qcn6023qcs4290_firmwaresm7150-abqca6390qca9898_firmwarewcd9375aqt1000sc8180x\+sdx55_firmwaresm6250_firmwaresnapdragon_662_mobile_platformapq8092_firmwareipq5010_firmwareipq8074a_firmwaresm8150wsa8815_firmwaresnapdragon_636_mobile_platform_firmwareapq8017sxr1120_firmwareqcm6125_firmwaresnapdragon_x5_lte_modemqca9882qca6595ipq8065_firmwareqcn5154qca8075_firmwaresc8180xp-acsmart_audio_400_platformipq6005_firmwarewcn685x-5_firmwareqcn6132_firmwaresdm670_firmwareqca9888qca6310_firmwareapq8094_firmwareipq8070a_firmwaremdm9615qca6574_firmwareqca9886qca6175aqca6574a_firmwaresnapdragon_x55_5g_modem-rf_system_firmwaremdm9310snapdragon_auto_4g_modemcsrb31024_firmwarewsa8832_firmwaresnapdragon_xr1_platformqcn9070_firmwarewcn685x-5ipq6028_firmwareipq8072a_firmwareqca9531sc8180xp-af_firmwareqca9889_firmwareqcn5122mdm9645_firmwaresdx20m_firmwaresm7250-aa_firmwaresc8180x-aa_firmwaresm8150-ac_firmwareqcn5022sc8180x-aaqca6564_firmwaresc8180x-af_firmwaresm6150-acsnapdragon_x50_5g_modem-rf_systemqca8075qcn6024qcn9022mdm9615_firmwareipq6000_firmwareqcs410_firmwareqca6175a_firmwaresdm660_firmwaresa6150p_firmwareqcs610qcn5550sc8180x-ab_firmwarewcd9360_firmwaresnapdragon_820_automotive_platform_firmwareqca9561_firmwareqca4024_firmwareimmersive_home_318_platform_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6335sdm712qcn5064sdm670csra6620_firmwaresd_675_firmwarecsra6640_firmwarewcn685x-1qca6554a_firmwareipq8076amdm9628sm7150-acqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwaresa6155_firmwaresm6225-adwcd9360sdx20mqca6438_firmwaresc8180xp-afsmart_audio_400_platform_firmwarewcn3999sm6225-ad_firmwareipq5028qca7500ipq4029_firmwareqca6698aqqcs6125sa4155p_firmwareipq6010sd662_firmwaresm7250-ab_firmwarerobotics_rb3_platformqcn6132snapdragon_820_mobile_platformqca1990_firmwaresw5100home_hub_100_platform_firmwaresa6155pwcd9341ipq8068_firmwaresc8180xp-ab_firmwaresnapdragon_x12_lte_modemwcn3910_firmwareqfe1922wsa8830_firmwaresd855_firmwarewcn3988qca6438sm4250-aa_firmwaresa8195p_firmwareqca9898ipq4028wcn3610mdm9640wcd9380_firmwareipq8072aqca7500_firmwaresw5100pmsm8996au_firmwarewcd9330ipq8076a_firmwaresnapdragon_w5\+_gen_1_wearable_platformqca6564auqcn5164qca9558sc8180xp-aaqcn5054_firmwareipq4019_firmwaresm7150-aa_firmwaresc8180x-ac_firmwareqca6174qca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225wcn3910qca6320mdm9650_firmwareqca9986_firmwaresm4450wcn3660b_firmwareqca9984sc8180x-adqcn9024qcn5550_firmwarewcd9330_firmwareipq8064_firmwaresm7150-aasnapdragon_820_automotive_platformsnapdragon_x50_5g_modem-rf_system_firmwaresm7125smart_audio_200_platformsd821_firmwaresnapdragon_652_mobile_platformar8031_firmwaresm7150-ab_firmwareipq8070sdm660qca9887_firmwaresdm710qca6564a_firmwareqca9880snapdragon_x24_lte_modemqcn5121_firmwaresc8180xp-ac_firmwarewsa8832snapdragon_810_processoripq6018qcs4490qca6595_firmwaresa8145pimmersive_home_214_platform_firmwaresm4350-ac_firmwaresa8155psd675qca9531_firmwarear8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwaresnapdragon_662_mobile_platform_firmwareqcn9070sa8145p_firmwaresm6125qcs2290_firmwarecsra6620qcn9072sm7250-ac_firmwareqca9880_firmwareqca6390_firmwareipq8069_firmwareipq6000qca6174_firmwaresd730_firmwarewcd9370qcn5152_firmwareqca0000_firmwareqca6584au_firmwareapq8076_firmwareqcn9000_firmwaresd_8cx_firmwareqcn7605immersive_home_216_platformimmersive_home_316_platformimmersive_home_318_platformsd662qcn5124_firmwareqfe1952_firmwareqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwaresm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwareipq5010qca6564au_firmwaresa6155p_firmwareqca6310snapdragon_821_mobile_platform_firmwareqca9990snapdragon_x5_lte_modem_firmwaresd821vision_intelligence_300_platform_firmwaresa6145p_firmwaresm6250apq8017_firmwarewsa8810_firmwarevision_intelligence_400_platformsc7180-adqca4010sg4150pqca8081ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385snapdragon_x12_lte_modem_firmwaresc8180x-acar8035csr8811apq8064auipq4019qcn9100_firmwarevision_intelligence_400_platform_firmwaresd820wsa8835_firmwareqca6564asa4150psg4150p_firmwareqcm4325qcm2290_firmwaresnapdragon_845_mobile_platformwcn3990qcn9000sd_675qca6554aar9380_firmwaresnapdragon_835_mobile_pc_platformsm8150-acqcn9012qca9558_firmwareqcn6122_firmwarewsa8835msm8996ausc7180-ad_firmwaresnapdragon_auto_5g_modem-rfsm6250pipq4018qca6574aqca9889qca6174asc8180x-afipq8074wcn6750qca9994_firmwareipq8076_firmwaresm7150-ac_firmwaresm7250-absd855sm4125_firmwareipq8076qfe1922_firmwareqca9887qcn5021ipq8069qcn5152vision_intelligence_300_platformsd460qca6391ipq6005aqt1000_firmwareqcn9100qcm4490_firmwaresnapdragon_845_mobile_platform_firmwareqcm4290qca9882_firmwaremdm9215sd_455sm6225_firmwareipq8074_firmwareqca6574ausa8155p_firmwarewcd9341_firmwareqcm6125wsa8810sm7250-acwcn3680bsd835_firmwaresnapdragon_675_mobile_platformipq6010_firmwareqca6696sm4350sm7125_firmwaresa6150psc8180xp-abqcn9022_firmwareqca9990_firmwareipq8070asnapdragon_652_mobile_platform_firmwaresc8180x-ad_firmwareqcn9072_firmwaresnapdragon_820_mobile_platform_firmwaresm7250pipq8071_firmwareqcn9074_firmwaresw5100_firmwareipq4029snapdragon_xr1_platform_firmwareSnapdragon
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-59275
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.09%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:01
Updated-22 Feb, 2026 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Authentication Elevation of Privilege Vulnerability

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_server_2012windows_server_2008windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-59255
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 30.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-59242
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 28.69%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_21h2windows_11_24h2windows_server_2022windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_22h2windows_server_2008windows_11_23h2windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_25h2windows_server_2016Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2025-59254
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.03% / 59.20%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-22 Feb, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_1607windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2windows_server_2016Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows 11 Version 25H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-9500
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 2.47%
||
7 Day CHG-0.03%
Published-25 May, 2026 | 20:15
Updated-26 May, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow

A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-GNU
Product-LibreDWG
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-0018
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.12% / 2.34%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 19:33
Updated-16 Dec, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5898
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 3.37%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 21:31
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write

A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-GNU
Product-PSPP
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0153
Matching Score-4
Assigner-Arm Limited
ShareView Details
Matching Score-4
Assigner-Arm Limited
CVSS Score-7.8||HIGH
EPSS-0.22% / 12.05%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 09:05
Updated-27 Mar, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mali GPU Firmware allows improper GPU processing operations

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0.

Action-Not Available
Vendor-Arm Limited
Product-5th_gen_gpu_architecture_firmwarevalhall_gpu_firmwareValhall GPU FirmwareArm 5th Gen GPU Architecture Firmwarevalhall_gpu_kernel_driver5th_gen_gpu_architecture_kernel_driver
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8245
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.30%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-58722
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.06% / 78.91%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1607windows_11_25h2windows_10_1809windows_server_2022_23h2windows_server_2022windows_server_2025windows_11_23h2windows_10_21h2windows_11_22h2windows_server_2019windows_10_22h2windows_server_2016Windows Server 2019 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2019Windows Server 2022Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-0033
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.16% / 5.53%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:08
Updated-16 Dec, 2024 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0772
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.25%
||
7 Day CHG~0.00%
Published-21 Jan, 2024 | 23:31
Updated-21 Oct, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nsasoft ShareAlarmPro Registration memory corruption

A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-nsasoftNsasoft
Product-sharealarmproShareAlarmPro
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-14360
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.39% / 31.04%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 15:18
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-x_serverxorg-x11-server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-9541
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.17% / 6.58%
||
7 Day CHG+0.03%
Published-26 May, 2026 | 11:45
Updated-27 May, 2026 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squirrel Cnut File sqobject.cpp ReadObject heap-based overflow

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-squirrel-langn/a
Product-squirrelSquirrel
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 12
  • 13
  • Next
Details not found