Total
8305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3962 | 1 Google | 1 Chrome | 2026-04-29 | 4.3 MEDIUM | N/A |
| Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-1113 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2026-04-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-2803 | 1 Google | 1 Chrome | 2026-04-29 | 6.8 MEDIUM | N/A |
| Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2025-11840 | 1 Gnu | 1 Binutils | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2026-2242 | 1 Janet-lang | 1 Janet | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2025-15412 | 1 Webassembly | 1 Wabt | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself. | |||||
| CVE-2025-12745 | 1 Bellard | 1 Quickjs | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2026-3606 | 1 Ettercap-project | 1 Ettercap | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-2662 | 1 Lily-lang | 1 Lily | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-3950 | 2026-04-29 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet. | |||||
| CVE-2026-2869 | 1 Janet-lang | 1 Janet | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded. | |||||
| CVE-2026-3663 | 1 Xlnt-community | 1 Xlnt | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2026-2705 | 1 Openbabel | 1 Open Babel | 2026-04-29 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-4009 | 2026-04-29 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-2858 | 1 Wren | 1 Wren | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-15506 | 2026-04-29 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named ebdbb75123c9d5f4643e041314e2bc988a13f20d. To fix this issue, it is recommended to deploy a patch. The fix was added to the 2.5.1 milestone. | |||||
| CVE-2026-35038 | 1 Signalk | 1 Signal K Server | 2026-04-29 | N/A | 6.5 MEDIUM |
| Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should. This issue has been patched in version 2.24.0. | |||||
| CVE-2025-14956 | 1 Webassembly | 1 Binaryen | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2026-3386 | 1 Wren | 1 Wren | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-2659 | 1 Squirrel-lang | 1 Squirrel | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | |||||