Total
449 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21276 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.5 HIGH |
| Windows MapUrlToZone Denial of Service Vulnerability | |||||
| CVE-2025-21160 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-21158 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-21156 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-21135 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-21134 | 1 Adobe | 1 Illustrator On Ipad | 2026-06-17 | N/A | 7.8 HIGH |
| Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-21133 | 1 Adobe | 1 Illustrator On Ipad | 2026-06-17 | N/A | 7.8 HIGH |
| Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-21122 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-1991 | 1 Ibm | 1 Informix Dynamic Server | 2026-06-17 | N/A | 7.5 HIGH |
| IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets. | |||||
| CVE-2025-1924 | 1 Yokogawa | 2 Centum Vp, Vnet\/ip Interface Package | 2026-06-17 | N/A | 8.2 HIGH |
| A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier | |||||
| CVE-2025-14547 | 2026-06-17 | N/A | N/A | ||
| An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service. | |||||
| CVE-2025-14055 | 2026-06-17 | N/A | N/A | ||
| An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet. | |||||
| CVE-2025-11931 | 1 Wolfssl | 1 Wolfssl | 2026-06-17 | N/A | 8.2 HIGH |
| Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application. | |||||
| CVE-2025-10933 | 2026-06-17 | N/A | N/A | ||
| An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads. | |||||
| CVE-2025-0728 | 1 Eclipse | 1 Threadx Netx Duo | 2026-06-17 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. | |||||
| CVE-2025-0727 | 1 Eclipse | 1 Threadx Netx Duo | 2026-06-17 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. | |||||
| CVE-2024-6285 | 1 Renesas | 1 Rcar Gen3 | 2026-06-17 | N/A | 7.5 HIGH |
| Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses. | |||||
| CVE-2024-6258 | 1 Zephyrproject | 1 Zephyr | 2026-06-17 | N/A | 6.8 MEDIUM |
| BT: Missing length checks of net_buf in rfcomm_handle_data | |||||
| CVE-2024-5256 | 1 Sonos | 2 Era 100, Era 100 Firmware | 2026-06-17 | N/A | 4.3 MEDIUM |
| Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22336. | |||||
| CVE-2024-57843 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix overflow inside virtnet_rq_alloc When the frag just got a page, then may lead to regression on VM. Specially if the sysctl net.core.high_order_alloc_disable value is 1, then the frag always get a page when do refill. Which could see reliable crashes or scp failure (scp a file 100M in size to VM). The issue is that the virtnet_rq_dma takes up 16 bytes at the beginning of a new frag. When the frag size is larger than PAGE_SIZE, everything is fine. However, if the frag is only one page and the total size of the buffer and virtnet_rq_dma is larger than one page, an overflow may occur. The commit f9dac92ba908 ("virtio_ring: enable premapped mode whatever use_dma_api") introduced this problem. And we reverted some commits to fix this in last linux version. Now we try to enable it and fix this bug directly. Here, when the frag size is not enough, we reduce the buffer len to fix this problem. | |||||