Total
306 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21374 | 1 Qualcomm | 108 Aqt1000, Aqt1000 Firmware, Cologne and 105 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | |||||
| CVE-2026-21373 | 1 Qualcomm | 108 Aqt1000, Aqt1000 Firmware, Cologne and 105 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | |||||
| CVE-2026-21371 | 1 Qualcomm | 104 Aqt1000, Aqt1000 Firmware, Cologne and 101 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when retrieving output buffer with insufficient size validation. | |||||
| CVE-2026-21367 | 1 Qualcomm | 300 Ar8035, Ar8035 Firmware, Cologne and 297 more | 2026-04-08 | N/A | 7.6 HIGH |
| Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | |||||
| CVE-2025-47400 | 1 Qualcomm | 22 Pandeiro, Pandeiro Firmware, Snapdragon 8 Elite Gen 5 and 19 more | 2026-04-08 | N/A | 7.1 HIGH |
| Cryptographic issue while copying data to a destination buffer without validating its size. | |||||
| CVE-2026-21381 | 1 Qualcomm | 206 Ar8035, Ar8035 Firmware, Cologne and 203 more | 2026-04-08 | N/A | 7.6 HIGH |
| Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | |||||
| CVE-2026-21378 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Cologne and 99 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | |||||
| CVE-2026-21376 | 1 Qualcomm | 108 Aqt1000, Aqt1000 Firmware, Cologne and 105 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | |||||
| CVE-2026-21375 | 1 Qualcomm | 70 Cologne, Cologne Firmware, Fastconnect 6700 and 67 more | 2026-04-08 | N/A | 7.8 HIGH |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | |||||
| CVE-2025-66038 | 1 Opensc Project | 1 Opensc | 2026-04-01 | N/A | 3.9 LOW |
| OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0. | |||||
| CVE-2025-4582 | 1 Rti | 1 Connext Professional | 2026-04-01 | N/A | 7.1 HIGH |
| Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0 before 5.3.*, from 4.4a before 5.2.*. | |||||
| CVE-2026-28364 | 1 Ocaml | 1 Ocaml | 2026-03-06 | N/A | 7.9 HIGH |
| In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data. | |||||
| CVE-2025-59600 | 1 Qualcomm | 328 Ar8031, Ar8031 Firmware, Ar8035 and 325 more | 2026-03-03 | N/A | 7.8 HIGH |
| Memory Corruption when adding user-supplied data without checking available buffer space. | |||||
| CVE-2026-26271 | 1 Freerdp | 1 Freerdp | 2026-02-27 | N/A | 5.3 MEDIUM |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue. | |||||
| CVE-2026-27798 | 2 Dlemstra, Imagemagick | 2 Magick.net, Imagemagick | 2026-02-27 | N/A | 4.0 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||
| CVE-2026-27799 | 2 Dlemstra, Imagemagick | 2 Magick.net, Imagemagick | 2026-02-27 | N/A | 4.0 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||
| CVE-2026-3203 | 1 Wireshark | 1 Wireshark | 2026-02-26 | N/A | 5.5 MEDIUM |
| RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | |||||
| CVE-2026-26282 | 1 M2team | 1 Nanazip | 2026-02-20 | N/A | 6.6 MEDIUM |
| NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in `.NET Single File` bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user. Version 6.0.1630.0 patches the issue. | |||||
| CVE-2026-25646 | 1 Libpng | 1 Libpng | 2026-02-13 | N/A | 8.1 HIGH |
| LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55. | |||||
| CVE-2026-20846 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-11 | N/A | 7.5 HIGH |
| Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | |||||