Total
306 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-11787 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2026-06-12 | N/A | 5.0 MEDIUM |
| A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior. | |||||
| CVE-2026-44185 | 1 Apache | 1 Http Server | 2026-06-11 | N/A | 7.3 HIGH |
| Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. | |||||
| CVE-2026-42828 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2026-06-10 | N/A | 7.8 HIGH |
| Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-45460 | 2026-06-09 | N/A | 4.7 MEDIUM | ||
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-45684 | 1 Opentelemetry | 1 Ebpf Instrumentation | 2026-06-03 | N/A | 4.9 MEDIUM |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total iov_iter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. This issue has been patched in version 0.9.0. | |||||
| CVE-2025-59609 | 1 Qualcomm | 374 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 371 more | 2026-06-02 | N/A | 5.5 MEDIUM |
| Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length. | |||||
| CVE-2009-2495 | 1 Microsoft | 3 Visual C\+\+, Visual Studio, Visual Studio .net | 2026-05-27 | 7.8 HIGH | 6.5 MEDIUM |
| The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | |||||
| CVE-2024-38250 | 1 Microsoft | 17 365 Copilot, Office, Office Long Term Servicing Channel and 14 more | 2026-05-22 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2026-6575 | 1 Postgresql | 1 Postgresql | 2026-05-18 | N/A | 4.3 MEDIUM |
| Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected. | |||||
| CVE-2026-37532 | 1 Linuxfoundation | 1 Automotive Grade Linux | 2026-05-15 | N/A | 7.1 HIGH |
| AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer. | |||||
| CVE-2026-8463 | 1 Leont | 1 Crypt\ | 2026-05-13 | N/A | 5.3 MEDIUM |
| Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without checking that encoded_len is non-zero. When the encoded string is empty, the size_t subtraction underflows to SIZE_MAX and memchr scans adjacent heap memory looking for a '$' separator byte. A caller that invokes argon2_verify against a stored hash that may legitimately be empty (for example a placeholder row or a NULL column materialised as an empty string) reads out-of-bounds heap memory, which can crash the process or leak the position of an adjacent '$' byte into subsequent parsing. | |||||
| CVE-2025-47401 | 1 Qualcomm | 490 Ar8035, Ar8035 Firmware, Cologne and 487 more | 2026-05-06 | N/A | 6.5 MEDIUM |
| Transient DOS when processing target power rate tables during channel configuration. | |||||
| CVE-2025-47403 | 1 Qualcomm | 514 Ar8035, Ar8035 Firmware, Cologne and 511 more | 2026-05-06 | N/A | 6.5 MEDIUM |
| Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. | |||||
| CVE-2025-47406 | 1 Qualcomm | 62 Cologne, Cologne Firmware, Fastconnect 6700 and 59 more | 2026-05-06 | N/A | 6.1 MEDIUM |
| Information Disclosure while processing IOCTL handler callbacks without verifying buffer size. | |||||
| CVE-2026-34059 | 1 Apache | 1 Http Server | 2026-05-04 | N/A | 7.5 HIGH |
| Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | |||||
| CVE-2026-6238 | 1 Gnu | 1 Glibc | 2026-05-04 | N/A | 6.5 MEDIUM |
| The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions. | |||||
| CVE-2026-6532 | 1 Wireshark | 1 Wireshark | 2026-05-01 | N/A | 5.5 MEDIUM |
| Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||||
| CVE-2026-5772 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 5.3 MEDIUM |
| A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash. | |||||
| CVE-2025-12745 | 1 Bellard | 1 Quickjs | 2026-04-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery Patch name: c6fe5a98fd3ef3b7064e6e0145dfebfe12449fea. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2026-41898 | 1 Rust-openssl Project | 1 Rust-openssl | 2026-04-28 | N/A | 9.8 CRITICAL |
| rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78. | |||||