Total
760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21272 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Windows COM Server Information Disclosure Vulnerability | |||||
| CVE-2025-21220 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2025-20638 | 2 Google, Mediatek | 44 Android, Mt6739, Mt6761 and 41 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066. | |||||
| CVE-2025-1942 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 9.8 CRITICAL |
| When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136. | |||||
| CVE-2025-1650 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2026-06-17 | N/A | 7.8 HIGH |
| A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-1649 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2026-06-17 | N/A | 7.8 HIGH |
| A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-1427 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2026-06-17 | N/A | 7.8 HIGH |
| A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-15281 | 1 Gnu | 1 Glibc | 2026-06-17 | N/A | 7.5 HIGH |
| Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. | |||||
| CVE-2025-12736 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 6.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource. | |||||
| CVE-2025-12474 | 1 Libjxl Project | 1 Libjxl | 2026-06-17 | N/A | 4.4 MEDIUM |
| A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas. | |||||
| CVE-2024-9717 | 1 Trimble | 1 Sketchup Viewer | 2026-06-17 | N/A | 7.8 HIGH |
| Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24101. | |||||
| CVE-2024-8896 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2026-06-17 | N/A | 7.8 HIGH |
| A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-8842 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2026-06-17 | N/A | 7.8 HIGH |
| PDF-XChange Editor RTF File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RTF files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24481. | |||||
| CVE-2024-8654 | 1 Mongodb | 1 Mongodb | 2026-06-17 | N/A | 5.0 MEDIUM |
| MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3. | |||||
| CVE-2024-8178 | 1 Freebsd | 1 Freebsd | 2026-06-17 | N/A | 8.8 HIGH |
| The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | |||||
| CVE-2024-7868 | 1 Xpdfreader | 1 Xpdf | 2026-06-17 | N/A | 8.2 HIGH |
| In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. | |||||
| CVE-2024-7542 | 1 Ofono Project | 1 Ofono | 2026-06-17 | N/A | 3.3 LOW |
| oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMGR commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23309. | |||||
| CVE-2024-7541 | 1 Ofono Project | 1 Ofono | 2026-06-17 | N/A | 3.3 LOW |
| oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMT commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23308. | |||||
| CVE-2024-7540 | 1 Ofono Project | 1 Ofono | 2026-06-17 | N/A | 3.3 LOW |
| oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMGL commands. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23307. | |||||
| CVE-2024-7526 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-06-17 | N/A | 6.5 MEDIUM |
| ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||