Total
8618 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0044 | 2026-05-15 | N/A | N/A | ||
| An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability. | |||||
| CVE-2026-35423 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 5.4 MEDIUM |
| Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-40380 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-05-14 | N/A | 6.2 MEDIUM |
| Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | |||||
| CVE-2026-35419 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-05-14 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | |||||
| CVE-2026-42446 | 1 M2team | 1 Nanazip | 2026-05-14 | N/A | 4.4 MEDIUM |
| NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the file header drives an unbounded loop that reads past the end of a stack-allocated ZEALFS_V1_HEADER structure. This vulnerability is fixed in 6.0.1698.0. | |||||
| CVE-2025-65087 | 1 Ashlar | 5 Argon, Cobalt, Cobalt Share and 2 more | 2026-05-14 | N/A | 7.8 HIGH |
| An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed. | |||||
| CVE-2025-65088 | 1 Ashlar | 5 Argon, Cobalt, Cobalt Share and 2 more | 2026-05-14 | N/A | 7.8 HIGH |
| An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed. | |||||
| CVE-2026-43141 | 1 Linux | 1 Linux Kernel | 2026-05-13 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddown_pow_of_two will cause undefined behaviour and should not be performed. This patch ensures that rounddown_pow_of_two is called on valid value. | |||||
| CVE-2026-34961 | 1 Pengutronix | 1 Barebox | 2026-05-13 | N/A | 6.2 MEDIUM |
| barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigger heap out-of-bounds reads during boot-time filesystem parsing, potentially redirecting reads to arbitrary disk offsets. | |||||
| CVE-2026-43916 | 2026-05-13 | N/A | N/A | ||
| pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134, prior to the fix) allowed a crafted NETLINK_SOCK_DIAG reply to slip past the message-size check, then dereference past the end of the allocation. This vulnerability is fixed in 0.2.0-alpha. | |||||
| CVE-2026-42934 | 2026-05-13 | N/A | 4.8 MEDIUM | ||
| NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2026-8186 | 1 Open5gs | 1 Open5gs | 2026-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named d5bc487fcf9ea87d2b03f2ef95123af344773bfb. It is suggested to install a patch to address this issue. | |||||
| CVE-2026-20751 | 2026-05-13 | N/A | N/A | ||
| Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (high) impacts. | |||||
| CVE-2026-28956 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-05-13 | N/A | 6.5 MEDIUM |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2026-28991 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-05-13 | N/A | 7.5 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service. | |||||
| CVE-2026-43655 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-05-13 | N/A | 7.3 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2026-28918 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-05-13 | N/A | 6.5 MEDIUM |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination. | |||||
| CVE-2026-43006 | 1 Linux | 1 Linux Kernel | 2026-05-12 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: reject zero-length fixed buffer import validate_fixed_range() admits buf_addr at the exact end of the registered region when len is zero, because the check uses strict greater-than (buf_end > imu->ubuf + imu->len). io_import_fixed() then computes offset == imu->len, which causes the bvec skip logic to advance past the last bio_vec entry and read bv_offset from out-of-bounds slab memory. Return early from io_import_fixed() when len is zero. A zero-length import has no data to transfer and should not walk the bvec array at all. BUG: KASAN: slab-out-of-bounds in io_import_reg_buf+0x697/0x7f0 Read of size 4 at addr ffff888002bcc254 by task poc/103 Call Trace: io_import_reg_buf+0x697/0x7f0 io_write_fixed+0xd9/0x250 __io_issue_sqe+0xad/0x710 io_issue_sqe+0x7d/0x1100 io_submit_sqes+0x86a/0x23c0 __do_sys_io_uring_enter+0xa98/0x1590 Allocated by task 103: The buggy address is located 12 bytes to the right of allocated 584-byte region [ffff888002bcc000, ffff888002bcc248) | |||||
| CVE-2026-43005 | 1 Linux | 1 Linux Kernel | 2026-05-12 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: hwmon: (tps53679) Fix array access with zero-length block read i2c_smbus_read_block_data() can return 0, indicating a zero-length read. When this happens, tps53679_identify_chip() accesses buf[ret - 1] which is buf[-1], reading one byte before the buffer on the stack. Fix by changing the check from "ret < 0" to "ret <= 0", treating a zero-length read as an error (-EIO), which prevents the out-of-bounds array access. Also fix a typo in the adjacent comment: "if present" instead of duplicate "if". | |||||
| CVE-2026-34663 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-05-12 | N/A | 5.5 MEDIUM |
| Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||