Total
1867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-47747 | 2026-06-16 | N/A | 7.8 HIGH | ||
| stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by only loading .ckpt checkpoint files from trusted sources and preferring trusted model sources and safer formats such as .safetensors where possible. | |||||
| CVE-2026-47749 | 2026-06-16 | N/A | 7.8 HIGH | ||
| stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the SHORT_BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. Any application using affected stable-diffusion.cpp releases to load untrusted .ckpt model files could be vulnerable. A malicious checkpoint file could cause heap corruption through memcpy with an attacker-controlled length. This may lead to process crash and could potentially be leveraged for code execution depending on heap layout. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by not loading .ckpt checkpoint files from untrusted sources, and referring to trusted model sources and safer formats such as .safetensors where possible. | |||||
| CVE-2026-47964 | 2026-06-16 | N/A | 7.8 HIGH | ||
| DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-9256 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2026-06-16 | N/A | 8.1 HIGH |
| NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-55648 | 1 Gpac | 1 Gpac | 2026-06-16 | N/A | 5.5 MEDIUM |
| A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | |||||
| CVE-2025-55645 | 1 Gpac | 1 Gpac | 2026-06-16 | N/A | 5.5 MEDIUM |
| A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | |||||
| CVE-2026-8484 | 2026-06-16 | N/A | N/A | ||
| A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS). All versions are believed to be vulnerable. This project is unmaintained at the time of CVE assignment. | |||||
| CVE-2025-55652 | 2026-06-16 | N/A | 5.5 MEDIUM | ||
| A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | |||||
| CVE-2025-55661 | 2026-06-16 | N/A | 5.5 MEDIUM | ||
| A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | |||||
| CVE-2026-52720 | 2026-06-15 | N/A | 8.8 HIGH | ||
| A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash. | |||||
| CVE-2026-12193 | 2026-06-15 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtl_Handler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 2.7.0 is sufficient to fix this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2026-42992 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-06-15 | N/A | 7.5 HIGH |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-42993 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 5 more | 2026-06-15 | N/A | 7.5 HIGH |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-44799 | 1 Microsoft | 15 Remote Desktop Client, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-15 | N/A | 7.5 HIGH |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-8351 | 2026-06-12 | N/A | 7.8 HIGH | ||
| Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98. | |||||
| CVE-2026-47952 | 3 Adobe, Apple, Microsoft | 5 Acrobat, Acrobat Dc, Acrobat Reader Dc and 2 more | 2026-06-12 | N/A | 7.8 HIGH |
| Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-12030 | 1 Google | 2 Android, Chrome | 2026-06-12 | N/A | 8.3 HIGH |
| Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-47289 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-06-12 | N/A | 8.8 HIGH |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-12010 | 1 Google | 2 Android, Chrome | 2026-06-12 | N/A | 8.3 HIGH |
| Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2026-44808 | 1 Microsoft | 1 Windows 11 26h1 | 2026-06-12 | N/A | 7.8 HIGH |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | |||||