Vulnerabilities (CVE)

Filtered by CWE-787
Total 14129 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-27177 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2026-06-17 N/A 7.8 HIGH
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27175 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2026-06-17 N/A 7.8 HIGH
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27172 1 Adobe 1 Substance 3d Designer 2026-06-17 N/A 7.8 HIGH
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27171 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2026-06-17 N/A 7.8 HIGH
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27169 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2026-06-17 N/A 7.8 HIGH
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27168 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2026-06-17 N/A 7.8 HIGH
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27166 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2026-06-17 N/A 7.8 HIGH
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27132 1 Openatom 1 Openharmony 2026-06-17 N/A 3.8 LOW
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
CVE-2025-27105 1 Vyperlang 1 Vyper 2026-06-17 N/A 9.1 CRITICAL
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-27091 1 Cisco 1 Openh264 2026-06-17 N/A 7.5 HIGH
OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bistream. An exploit could allow the attacker to cause an unexpected crash in the victim's user decoding client and, possibly, perform arbitrary commands on the victim's host by abusing the heap overflow. This vulnerability affects OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are affected by this vulnerability. OpenH264 software releases 2.6.0 and later contained the fix for this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### For more information If you have any questions or comments about this advisory: * [Open an issue in cisco/openh264](https://github.com/cisco/openh264/issues) * Email Cisco Open Source Security ([oss-security@cisco.com](mailto:oss-security@cisco.com)) and Cisco PSIRT ([psirt@cisco.com](mailto:psirt@cisco.com)) ### Credits: * **Research:** Octavian Guzu and Andrew Calvano of Meta * **Fix ideation:** Philipp Hancke and Shyam Sadhwani of Meta * **Fix implementation:** Benzheng Zhang (@BenzhengZhang) * **Release engineering:** Benzheng Zhang (@BenzhengZhang)
CVE-2025-27070 1 Qualcomm 350 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 347 more 2026-06-17 N/A 7.8 HIGH
Memory corruption while performing encryption and decryption commands.
CVE-2025-27061 1 Qualcomm 688 315 5g Iot, 315 5g Iot Firmware, Aqt1000 and 685 more 2026-06-17 N/A 7.8 HIGH
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.
CVE-2025-27054 1 Qualcomm 598 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 595 more 2026-06-17 N/A 7.8 HIGH
Memory corruption while processing a malformed license file during reboot.
CVE-2025-27044 1 Qualcomm 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more 2026-06-17 N/A 7.8 HIGH
Memory corruption while executing timestamp video decode command with large input values.
CVE-2025-26785 1 Samsung 34 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 31 more 2026-06-17 N/A 7.5 HIGH
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes.
CVE-2025-26784 1 Samsung 34 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 31 more 2026-06-17 N/A 6.5 MEDIUM
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes.
CVE-2025-26519 1 Musl-libc 1 Musl 2026-06-17 N/A 8.1 HIGH
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
CVE-2025-26508 1 Hp 593 115p9aw, 115q0aw, 17f27aw and 590 more 2026-06-17 N/A 9.8 CRITICAL
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVE-2025-26479 1 Dell 1 Powerscale Onefs 2026-06-17 N/A 3.1 LOW
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.
CVE-2025-26403 2026-06-17 N/A 7.2 HIGH
Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.