Total
1863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49696 | 1 Microsoft | 4 365 Apps, 365 Copilot, Office and 1 more | 2026-05-22 | N/A | 8.4 HIGH |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-60724 | 1 Microsoft | 16 365 Copilot, Office Long Term Servicing Channel, Windows 10 1607 and 13 more | 2026-05-22 | N/A | 9.8 CRITICAL |
| Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-53732 | 1 Microsoft | 2 365 Copilot, Office | 2026-05-22 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-53766 | 1 Microsoft | 17 365 Copilot, Office, Windows 10 1507 and 14 more | 2026-05-22 | N/A | 9.8 CRITICAL |
| Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-49697 | 1 Microsoft | 5 365 Apps, 365 Copilot, Office and 2 more | 2026-05-22 | N/A | 8.4 HIGH |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-42831 | 1 Microsoft | 3 365 Copilot, Office, Office Long Term Servicing Channel | 2026-05-22 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47162 | 1 Microsoft | 4 365 Apps, 365 Copilot, Office and 1 more | 2026-05-22 | N/A | 8.4 HIGH |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-40363 | 1 Microsoft | 4 365 Apps, 365 Copilot, Office and 1 more | 2026-05-22 | N/A | 8.4 HIGH |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-42945 | 2026-05-21 | N/A | 8.1 HIGH | ||
| NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2026-45252 | 1 Freebsd | 1 Freebsd | 2026-05-21 | N/A | 5.5 MEDIUM |
| When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated. If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space. | |||||
| CVE-2026-8631 | 1 Hp | 1 Linux Imaging And Printing | 2026-05-21 | N/A | 9.8 CRITICAL |
| A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data. | |||||
| CVE-2026-9119 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-21 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-44050 | 2026-05-21 | N/A | 9.9 CRITICAL | ||
| A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service. | |||||
| CVE-2009-3459 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2026-05-21 | 9.3 HIGH | 8.8 HIGH |
| Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2026-45584 | 1 Microsoft | 1 Malware Protection Engine | 2026-05-20 | N/A | 8.1 HIGH |
| Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-32741 | 2026-05-20 | N/A | 7.1 HIGH | ||
| libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel buffer using memcpy(dst, data.data(), data.size()). The copy length data.size() is determined by the iloc extent in the file (attacker-controlled), while the destination buffer is sized based on the declared image dimensions. Because no upper-bound check exists on the data length, a crafted file whose iloc extent exceeds the pixel buffer allocation overflows the heap. The vulnerable single-memcpy branch is reached when the mskC property specifies bits_per_pixel = 8 and the ispe property declares an even width ≥ 64 (so that stride == width), with no changes to default security limits or external codec plugins required. This issue has been fixed in version 1.22.0. | |||||
| CVE-2026-6846 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux, Hardened Images and 1 more | 2026-05-20 | N/A | 7.8 HIGH |
| A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable. | |||||
| CVE-2026-8212 | 1 Osgeo | 1 Gdal | 2026-05-19 | 4.3 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded. | |||||
| CVE-2026-8213 | 1 Osgeo | 1 Gdal | 2026-05-19 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component. | |||||
| CVE-2023-33152 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | N/A | 7.0 HIGH |
| Microsoft ActiveX Remote Code Execution Vulnerability | |||||