Total
547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3080 | 7 Canonical, Debian, Linux and 4 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2026-04-23 | 7.2 HIGH | N/A |
| Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | |||||
| CVE-2026-6840 | 2026-04-22 | N/A | 5.5 MEDIUM | ||
| Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0. | |||||
| CVE-2026-32285 | 1 Jsonparser Project | 1 Jsonparser | 2026-04-21 | N/A | 7.5 HIGH |
| The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack. | |||||
| CVE-2026-34942 | 1 Bytecodealliance | 1 Wasmtime | 2026-04-20 | N/A | 6.5 MEDIUM |
| Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be passed to the host for transcoding which would trigger a host panic. This panic is possible to trigger from malicious guests which transfer very specific strings across components with specific addresses. Host panics are considered a DoS vector in Wasmtime as the panic conditions are controlled by the guest in this situation. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1. | |||||
| CVE-2005-0369 | 1 Armagetronad | 2 Armagetron, Armagetron Advanced | 2026-04-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array. | |||||
| CVE-2003-0721 | 1 Washington | 1 Pine | 2026-04-16 | 7.5 HIGH | N/A |
| Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. | |||||
| CVE-2024-32673 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue. This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956. | |||||
| CVE-2023-31306 | 2026-04-15 | N/A | 3.3 LOW | ||
| Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability. | |||||
| CVE-2023-20601 | 2026-04-15 | N/A | N/A | ||
| Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition. | |||||
| CVE-2025-0657 | 2026-04-15 | N/A | N/A | ||
| A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility. | |||||
| CVE-2025-23278 | 2026-04-15 | N/A | 7.1 HIGH | ||
| NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service. | |||||
| CVE-2026-0529 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled. | |||||
| CVE-2025-66559 | 2026-04-15 | N/A | N/A | ||
| Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer. | |||||
| CVE-2026-25068 | 2026-04-15 | N/A | N/A | ||
| alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash. | |||||
| CVE-2025-10158 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. | |||||
| CVE-2025-30077 | 2026-04-15 | N/A | 6.2 MEDIUM | ||
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits. | |||||
| CVE-2024-21970 | 2026-04-15 | N/A | 4.4 MEDIUM | ||
| Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity. | |||||
| CVE-2024-21522 | 2026-04-15 | N/A | 7.5 HIGH | ||
| All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash. | |||||
| CVE-2026-21413 | 1 Libraw | 1 Libraw | 2026-04-10 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2026-33762 | 1 Go-git Project | 1 Go-git | 2026-04-02 | N/A | 2.8 LOW |
| go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This issue only affects Git index format version 4. Earlier formats (go-git supports only v2 and v3) are not vulnerable to this issue. This issue has been patched in version 5.17.1. | |||||