Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-43284 | 1 Linux | 1 Linux Kernel | 2026-05-26 | N/A | 8.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data(). | |||||
| CVE-2026-41952 | 2026-05-19 | N/A | 7.8 HIGH | ||
| Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183. | |||||
| CVE-2017-10994 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2026-05-13 | 9.3 HIGH | 7.3 HIGH |
| Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. | |||||
| CVE-2015-8271 | 1 Rtmpdump Project | 1 Rtmpdump | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. | |||||
| CVE-2025-69809 | 1 P2r3 | 1 Bareiron | 2026-04-27 | N/A | 9.8 CRITICAL |
| A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet. | |||||
| CVE-2024-42479 | 1 Ggml | 1 Llama.cpp | 2026-04-27 | N/A | 10.0 CRITICAL |
| llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561. | |||||
| CVE-2025-9900 | 2026-04-20 | N/A | 8.8 HIGH | ||
| A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. | |||||
| CVE-2024-44067 | 2026-04-15 | N/A | 8.4 HIGH | ||
| The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite. | |||||
| CVE-2025-29943 | 2026-04-15 | N/A | N/A | ||
| Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest. | |||||
| CVE-2024-36877 | 2026-04-15 | N/A | 8.2 HIGH | ||
| Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard's with the following chipsets are affected: Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600 and AMD 700. | |||||
| CVE-2025-14857 | 2026-04-08 | N/A | N/A | ||
| An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI interface can overwrite stack memory to hijack program control flow and achieve limited arbitrary code execution. However, the impact is limited to the active attack session: the device's secure boot mechanism prevents persistent firmware modification, the crypto engine isolates cryptographic keys from direct firmware access, and all modifications are lost upon device reboot or loss of physical access. | |||||
| CVE-2026-25634 | 1 Color | 1 Iccdev | 2026-02-19 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4. | |||||
| CVE-2025-62164 | 1 Vllm | 1 Vllm | 2025-12-04 | N/A | 8.8 HIGH |
| vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using torch.load() without sufficient validation. Due to a change introduced in PyTorch 2.8.0, sparse tensor integrity checks are disabled by default. As a result, maliciously crafted tensors can bypass internal bounds checks and trigger an out-of-bounds memory write during the call to to_dense(). This memory corruption can crash vLLM and potentially lead to code execution on the server hosting vLLM. This issue has been patched in version 0.11.1. | |||||
| CVE-2021-36057 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2025-11-03 | 2.1 LOW | 3.3 LOW |
| XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user. | |||||
| CVE-2025-55298 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | N/A | 7.5 HIGH |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | |||||
| CVE-2025-22225 | 1 Vmware | 4 Cloud Foundation, Esxi, Telco Cloud Infrastructure and 1 more | 2025-10-30 | N/A | 8.2 HIGH |
| VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. | |||||
| CVE-2025-7403 | 1 Zephyrproject | 1 Zephyr | 2025-10-29 | N/A | 7.6 HIGH |
| Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption. | |||||
| CVE-2025-33045 | 1 Ami | 1 Aptio V | 2025-10-02 | N/A | 8.2 HIGH |
| APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information disclosure, arbitrary data writing, and impact Confidentiality, Integrity, and Availability. | |||||
| CVE-2022-35408 | 1 Insyde | 1 Insydeh2o | 2025-05-27 | N/A | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.) | |||||
| CVE-2022-37904 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | N/A | 6.6 MEDIUM |
| Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. | |||||