Total
14037 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26011 | 1 Opennav | 1 Nav2 | 2026-06-17 | N/A | 9.8 CRITICAL |
| navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set->clusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set->clusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation. | |||||
| CVE-2026-25986 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 5.3 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||
| CVE-2026-25971 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 6.2 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||
| CVE-2026-25967 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 7.4 HIGH |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch. | |||||
| CVE-2026-25790 | 1 Wazuh | 1 Wazuh | 2026-06-17 | N/A | 4.9 MEDIUM |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment (SCA) decoder (`wazuh-analysisd`). The use of `sprintf` with a floating-point (`%lf`) format specifier on a fixed-size 128-byte buffer allows a remote attacker to overflow the stack. A specially crafted JSON event can trigger this overflow, leading to a denial of service (crash) or potential RCE on the Wazuh manager. The vulnerability is located in `/src/analysisd/decoders/security_configuration_assessment.c`, within the `FillScanInfo` and `FillCheckEventInfo` functions. In multiple locations, a 128-byte buffer (`char value[OS_SIZE_128];`) is allocated on the stack to hold the string representation of a number from a JSON event. The code checks if the number is an integer or a double. If it's a double, it uses `sprintf(value, "%lf", ...)` to perform the conversion. This `sprintf` call is unbounded. If a floating-point number with a large exponent (e.g., `1.0e150`) is provided, `sprintf` will attempt to write its full string representation (a "1" followed by 150 zeros), which is larger than the 128-byte buffer, corrupting the stack. Version 4.14.3 patches the issue. | |||||
| CVE-2026-25781 | 2026-06-17 | N/A | 8.4 HIGH | ||
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. | |||||
| CVE-2026-25634 | 1 Color | 1 Iccdev | 2026-06-17 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4. | |||||
| CVE-2026-25585 | 1 Color | 1 Iccdev | 2026-06-17 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile triggers improper array bounds validation in the color management module, resulting in an out-of-bounds read that can lead to memory disclosure or segmentation fault from accessing memory beyond the array boundary. This issue has been patched in version 2.3.1.3. | |||||
| CVE-2026-25584 | 1 Color | 1 Iccdev | 2026-06-17 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed ICC profile. The vulnerability allows an out-of-bounds write on the stack, potentially leading to memory corruption, information disclosure, or code execution when processing specially crafted ICC files. This issue has been patched in version 2.3.1.3. | |||||
| CVE-2026-25583 | 1 Color | 1 Iccdev | 2026-06-17 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread operation. This issue has been patched in version 2.3.1.3. | |||||
| CVE-2026-25582 | 1 Color | 1 Iccdev | 2026-06-17 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via iccFromXml tool. This issue has been patched in version 2.3.1.3. | |||||
| CVE-2026-25569 | 1 Siemens | 1 Sicam Siapp Sdk | 2026-06-17 | N/A | 7.4 HIGH |
| A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution. | |||||
| CVE-2026-25502 | 1 Color | 1 Iccdev | 2026-06-17 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2. | |||||
| CVE-2026-25266 | 1 Qualcomm | 48 Cologne, Cologne Firmware, Fastconnect 6900 and 45 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Memory corruption while processing IOCTL command when device is in power-save state. | |||||
| CVE-2026-25259 | 1 Qualcomm | 84 Cologne, Cologne Firmware, Fastconnect 6700 and 81 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory corruption while processing multiple IOCTL command for escape operations. | |||||
| CVE-2026-25207 | 1 Samsung | 1 Escargot | 2026-06-17 | N/A | 7.4 HIGH |
| Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | |||||
| CVE-2026-25061 | 2 Debian, Digitalcorpora | 2 Debian Linux, Tcpflow | 2026-06-17 | N/A | 7.5 HIGH |
| tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the likely impact; code execution is potential, but still up in the air. The affected structure is stack-allocated in `handle_beacon()` and related handlers. As of time of publication, no known patches are available. | |||||
| CVE-2026-24928 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 5.8 MEDIUM |
| Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2026-24926 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.4 HIGH |
| Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2026-24925 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 7.3 HIGH |
| Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
