Total
292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11961 | 2026-04-15 | N/A | 1.9 LOW | ||
| pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer. | |||||
| CVE-2026-2394 | 1 Rti | 1 Connext Professional | 2026-04-14 | N/A | 6.5 MEDIUM |
| Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | |||||
| CVE-2026-24028 | 1 Powerdns | 1 Dnsdist | 2026-04-14 | N/A | 5.3 MEDIUM |
| An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure. | |||||
| CVE-2026-4371 | 1 Mozilla | 1 Thunderbird | 2026-04-13 | N/A | 7.4 HIGH |
| A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9. | |||||
| CVE-2025-47390 | 1 Qualcomm | 58 Cologne, Cologne Firmware, Fastconnect 6700 and 55 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory corruption while preprocessing IOCTL request in JPEG driver. | |||||
| CVE-2026-21374 | 1 Qualcomm | 108 Aqt1000, Aqt1000 Firmware, Cologne and 105 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | |||||
| CVE-2026-21373 | 1 Qualcomm | 108 Aqt1000, Aqt1000 Firmware, Cologne and 105 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | |||||
| CVE-2026-21371 | 1 Qualcomm | 104 Aqt1000, Aqt1000 Firmware, Cologne and 101 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when retrieving output buffer with insufficient size validation. | |||||
| CVE-2026-21367 | 1 Qualcomm | 300 Ar8035, Ar8035 Firmware, Cologne and 297 more | 2026-04-08 | N/A | 7.6 HIGH |
| Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | |||||
| CVE-2025-47400 | 1 Qualcomm | 22 Pandeiro, Pandeiro Firmware, Snapdragon 8 Elite Gen 5 and 19 more | 2026-04-08 | N/A | 7.1 HIGH |
| Cryptographic issue while copying data to a destination buffer without validating its size. | |||||
| CVE-2026-21381 | 1 Qualcomm | 206 Ar8035, Ar8035 Firmware, Cologne and 203 more | 2026-04-08 | N/A | 7.6 HIGH |
| Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | |||||
| CVE-2026-21378 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Cologne and 99 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | |||||
| CVE-2026-21376 | 1 Qualcomm | 108 Aqt1000, Aqt1000 Firmware, Cologne and 105 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | |||||
| CVE-2026-21375 | 1 Qualcomm | 70 Cologne, Cologne Firmware, Fastconnect 6700 and 67 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | |||||
| CVE-2025-66038 | 1 Opensc Project | 1 Opensc | 2026-04-01 | N/A | 3.9 LOW |
| OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0. | |||||
| CVE-2025-4582 | 1 Rti | 1 Connext Professional | 2026-04-01 | N/A | 7.1 HIGH |
| Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | |||||
| CVE-2026-28364 | 1 Ocaml | 1 Ocaml | 2026-03-06 | N/A | 7.9 HIGH |
| In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data. | |||||
| CVE-2025-59600 | 1 Qualcomm | 328 Ar8031, Ar8031 Firmware, Ar8035 and 325 more | 2026-03-03 | N/A | 7.8 HIGH |
| Memory Corruption when adding user-supplied data without checking available buffer space. | |||||
| CVE-2026-26271 | 1 Freerdp | 1 Freerdp | 2026-02-27 | N/A | 5.3 MEDIUM |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue. | |||||
| CVE-2026-27798 | 2 Dlemstra, Imagemagick | 2 Magick.net, Imagemagick | 2026-02-27 | N/A | 4.0 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||