Total
13143 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58150 | 1 Xen | 1 Xen | 2026-02-09 | N/A | 8.8 HIGH |
| Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing. | |||||
| CVE-2026-24857 | 1 Simsong | 1 Bulk Extractor | 2026-02-09 | N/A | 9.8 CRITICAL |
| `bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in `Unpack::CopyString`, leading to a crash under ASAN (and likely a crash or memory corruption in production builds). There's potential for using this for RCE. As of time of publication, no known patches are available. | |||||
| CVE-2021-47785 | 1 Ethersoftware | 1 Ether Mp3 Cd Burner | 2026-02-09 | N/A | 9.8 CRITICAL |
| Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation. | |||||
| CVE-2021-47786 | 1 Redragon | 28 Bm-4091, Bm-4091 Firmware, M602-ks and 25 more | 2026-02-09 | N/A | 7.5 HIGH |
| Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver. | |||||
| CVE-2025-6021 | 2 Redhat, Xmlsoft | 20 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 17 more | 2026-02-06 | N/A | 7.5 HIGH |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | |||||
| CVE-2025-15537 | 1 Mapnik | 1 Mapnik | 2026-02-06 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-15536 | 1 Byvoid | 1 Open Chinese Convert | 2026-02-06 | 4.3 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2025-68670 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2026-02-06 | N/A | 9.1 CRITICAL |
| xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system. The vulnerability allows an attacker to overwrite the stack buffer and the return address, which could theoretically be used to redirect the execution flow. The impact of this vulnerability is lessened if a compiler flag has been used to build the xrdp executable with stack canary protection. If this is the case, a second vulnerability would need to be used to leak the stack canary value. Upgrade to version 0.10.5 to receive a patch. Additionally, do not rely on stack canary protection on production systems. | |||||
| CVE-2025-68119 | 1 Golang | 1 Go | 2026-02-06 | N/A | 7.0 HIGH |
| Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths. | |||||
| CVE-2026-0537 | 1 Autodesk | 1 3ds Max | 2026-02-06 | N/A | 7.8 HIGH |
| A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2026-0538 | 1 Autodesk | 1 3ds Max | 2026-02-06 | N/A | 7.8 HIGH |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2026-0661 | 1 Autodesk | 1 3ds Max | 2026-02-06 | N/A | 7.8 HIGH |
| A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2026-0536 | 1 Autodesk | 1 3ds Max | 2026-02-05 | N/A | 7.8 HIGH |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2020-37140 | 2026-02-05 | N/A | 5.5 MEDIUM | ||
| Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash. | |||||
| CVE-2026-1301 | 2026-02-05 | N/A | N/A | ||
| In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory. | |||||
| CVE-2026-24832 | 1 Ixray-team | 1 Ix-ray Engine 1.6 | 2026-02-05 | N/A | 9.8 CRITICAL |
| Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | |||||
| CVE-2025-20943 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.4 MEDIUM |
| Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. | |||||
| CVE-2024-42642 | 1 Crucial | 6 Ct1000mx500ssd1, Ct2000mx500ssd1, Ct250mx500ssd1 and 3 more | 2026-02-05 | N/A | 6.7 MEDIUM |
| Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page. | |||||
| CVE-2026-0659 | 2026-02-05 | N/A | 7.8 HIGH | ||
| A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2026-25583 | 2026-02-05 | N/A | 7.8 HIGH | ||
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread operation. This issue has been patched in version 2.3.1.3. | |||||