Total
7384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54898 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-09-12 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54260 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | |||||
| CVE-2025-9136 | 1 Libretro | 1 Retroarch | 2025-09-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-55225 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-09-12 | N/A | 6.5 MEDIUM |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-54241 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | N/A | 5.5 MEDIUM |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54240 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | N/A | 5.5 MEDIUM |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54239 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | N/A | 5.5 MEDIUM |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-54097 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-54902 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54095 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53805 | 2025-09-11 | N/A | 7.5 HIGH | ||
| Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-53806 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-54096 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-58750 | 2025-09-11 | N/A | 8.2 HIGH | ||
| rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` that can result in reading and writing out of bounds using input from the user. The problem has been fixed in commit 0cc348b. | |||||
| CVE-2024-26954 | 1 Linux | 1 Linux Kernel | 2025-09-11 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() If ->NameOffset of smb2_create_req is smaller than Buffer offset of smb2_create_req, slab-out-of-bounds read can happen from smb2_open. This patch set the minimum value of the name offset to the buffer offset to validate name length of smb2_create_req(). | |||||
| CVE-2025-58281 | 1 Huawei | 1 Harmonyos | 2025-09-11 | N/A | 8.4 HIGH |
| Out-of-bounds read vulnerability in the runtime interpreter module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-8298 | 1 Realtek | 2 Rtl8811au, Wi-fi Usb Driver | 2025-09-10 | N/A | 3.8 LOW |
| Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the N6CQueryInformationHandleCustomized11nOids function. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-25864. | |||||
| CVE-2025-20026 | 1 Intel | 4 Proset\/wireless Wifi, Wi-fi 7 Be200, Wi-fi 7 Be201 and 1 more | 2025-09-10 | N/A | 6.1 MEDIUM |
| Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2025-40797 | 2025-09-09 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. | |||||
| CVE-2025-40796 | 2025-09-09 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. | |||||