Total
8117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36918 | 1 Google | 1 Android | 2025-12-12 | N/A | 7.8 HIGH |
| In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36921 | 1 Google | 1 Android | 2025-12-12 | N/A | 5.5 MEDIUM |
| In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | |||||
| CVE-2025-59391 | 1 Libcoap | 1 Libcoap | 2025-12-12 | N/A | 6.5 MEDIUM |
| A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service. | |||||
| CVE-2025-47914 | 1 Golang | 1 Crypto | 2025-12-11 | N/A | 5.3 MEDIUM |
| SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. | |||||
| CVE-2025-48596 | 1 Google | 1 Android | 2025-12-11 | N/A | 7.8 HIGH |
| In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-49175 | 2025-12-11 | N/A | 6.1 MEDIUM | ||
| A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. | |||||
| CVE-2021-4156 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2025-12-11 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | |||||
| CVE-2025-58113 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-12-10 | N/A | 6.5 MEDIUM |
| An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | |||||
| CVE-2025-62572 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2025-12-10 | N/A | 7.8 HIGH |
| Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-64893 | 3 Adobe, Apple, Microsoft | 3 Dng Software Development Kit, Macos, Windows | 2025-12-10 | N/A | 7.1 HIGH |
| DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-47383 | 1 Linux | 1 Linux Kernel | 2025-12-10 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bits_per_pixel with values. If this struct is the same as the previous ioctl, the vc_resize() detects it and doesn't call the resize_screen(), leaving the fb_var_screeninfo incomplete. And this leads to the updatescrollmode() calculates a wrong value to fbcon_display->vrows, which makes the real_y() return a wrong value of y, and that value, eventually, causes the imageblit to access an out-of-bound address value. To solve this issue I made the resize_screen() be called even if the screen does not need any resizing, so it will "fix and fill" the fb_var_screeninfo independently. | |||||
| CVE-2025-62564 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-12-09 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-48592 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.5 HIGH |
| In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48622 | 1 Google | 1 Android | 2025-12-08 | N/A | 5.5 MEDIUM |
| In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-64656 | 1 Microsoft | 1 Azure Application Gateway | 2025-12-08 | N/A | 9.4 CRITICAL |
| Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-57697 | 1 Astrbot | 1 Astrbot | 2025-12-05 | N/A | 6.5 MEDIUM |
| AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage. | |||||
| CVE-2025-58476 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 4.2 MEDIUM |
| Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory. | |||||
| CVE-2025-58479 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 4.3 MEDIUM |
| Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. | |||||
| CVE-2017-13037 | 1 Tcpdump | 1 Tcpdump | 2025-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). | |||||
| CVE-2017-13027 | 1 Tcpdump | 1 Tcpdump | 2025-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). | |||||