Total
3086 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0619 | 2026-04-15 | N/A | N/A | ||
| A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device. | |||||
| CVE-2025-7709 | 2026-04-15 | N/A | N/A | ||
| An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds. | |||||
| CVE-2026-24808 | 2026-04-15 | N/A | N/A | ||
| Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11. | |||||
| CVE-2025-24528 | 2026-04-15 | N/A | 7.1 HIGH | ||
| In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. | |||||
| CVE-2026-40385 | 1 Libexif Project | 1 Libexif | 2026-04-14 | N/A | 4.0 MEDIUM |
| In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. | |||||
| CVE-2026-4154 | 1 Gimp | 1 Gimp | 2026-04-14 | N/A | 7.8 HIGH |
| GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901. | |||||
| CVE-2026-4151 | 1 Gimp | 1 Gimp | 2026-04-14 | N/A | 7.8 HIGH |
| GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813. | |||||
| CVE-2026-4150 | 1 Gimp | 1 Gimp | 2026-04-14 | N/A | 7.8 HIGH |
| GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807. | |||||
| CVE-2026-34353 | 1 Ocaml | 1 Ocaml | 2026-04-14 | N/A | 5.9 MEDIUM |
| In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed. | |||||
| CVE-2025-62600 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2026-04-14 | N/A | 8.6 HIGH |
| eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq— are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1. | |||||
| CVE-2026-5870 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-13 | N/A | 8.8 HIGH |
| Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-5732 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 8.8 HIGH |
| Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. | |||||
| CVE-2026-4694 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | |||||
| CVE-2026-4690 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 8.6 HIGH |
| Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | |||||
| CVE-2026-4689 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 10.0 CRITICAL |
| Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | |||||
| CVE-2026-2774 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 9.8 CRITICAL |
| Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2762 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 9.8 CRITICAL |
| Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-0880 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 8.8 HIGH |
| Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | |||||
| CVE-2025-49710 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 9.8 CRITICAL |
| An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4. | |||||
| CVE-2025-11152 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 8.6 HIGH |
| Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3. | |||||