Total
2719 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54259 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | |||||
| CVE-2025-54110 | 2025-09-11 | N/A | 8.8 HIGH | ||
| Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54106 | 2025-09-11 | N/A | 8.8 HIGH | ||
| Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-54091 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-54895 | 2025-09-11 | N/A | 7.8 HIGH | ||
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-36853 | 2025-09-08 | N/A | 7.5 HIGH | ||
| A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. | |||||
| CVE-2021-26377 | 2025-09-08 | N/A | 4.1 MEDIUM | ||
| Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service. | |||||
| CVE-2021-46750 | 2025-09-08 | N/A | 3.0 LOW | ||
| Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity. | |||||
| CVE-2023-31365 | 2025-09-08 | N/A | 3.9 LOW | ||
| An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability. | |||||
| CVE-2025-7709 | 2025-09-08 | N/A | N/A | ||
| An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds. | |||||
| CVE-2025-36900 | 1 Google | 1 Android | 2025-09-05 | N/A | 6.7 MEDIUM |
| In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-40907 | 1 Fastcgi | 1 Fcgi | 2025-09-05 | N/A | 5.3 MEDIUM |
| FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | |||||
| CVE-2025-40906 | 2025-09-05 | N/A | 9.8 CRITICAL | ||
| BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported. | |||||
| CVE-2024-50610 | 1 Gnu | 1 Gnu Scientific Library | 2025-09-04 | N/A | 3.6 LOW |
| GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs. | |||||
| CVE-2022-36934 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2025-09-03 | N/A | 9.8 CRITICAL |
| An integer overflow in WhatsApp could result in remote code execution in an established video call. | |||||
| CVE-2025-55154 | 1 Imagemagick | 1 Imagemagick | 2025-09-03 | N/A | 8.8 HIGH |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. | |||||
| CVE-2025-57803 | 1 Imagemagick | 1 Imagemagick | 2025-09-02 | N/A | 7.5 HIGH |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | |||||
| CVE-2025-9688 | 2025-09-02 | 5.1 MEDIUM | 5.0 MEDIUM | ||
| A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2017-12179 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12177 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||