Total
8275 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23145 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2025-08-26 | 7.8 High |
| A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-23140 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2025-08-26 | 7.8 High |
| A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-52461 | 2 Libbiosig Project, The Biosig Project | 2 Libbiosig, Libbiosig | 2025-08-26 | 8.2 High |
| An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-21143 | 1 Oracle | 1 Istore | 2025-08-26 | 5.3 Medium |
| Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2024-21145 | 3 Netapp, Oracle, Redhat | 15 Bluexp, Cloud Insights Storage Workload Security Agent, Oncommand Insight and 12 more | 2025-08-26 | 4.8 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2024-8589 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8588 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-7670 | 1 Autodesk | 4 Navisworks, Navisworks Freedom, Navisworks Manage and 1 more | 2025-08-26 | 7.8 High |
| A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-53014 | 1 Imagemagick | 1 Imagemagick | 2025-08-26 | 3.7 Low |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue. | ||||
| CVE-2024-11268 | 1 Autodesk | 1 Revit | 2025-08-26 | 5.5 Medium |
| A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak. | ||||
| CVE-2025-20001 | 1 High-logic | 1 Fontcreator | 2025-08-26 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. | ||||
| CVE-2025-49696 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-08-23 | 8.4 High |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49681 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-08-23 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-48822 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-23 | 8.6 High |
| Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-48816 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-23 | 7.8 High |
| Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48002 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-08-23 | 5.7 Medium |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network. | ||||
| CVE-2025-47996 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-08-23 | 7.8 High |
| Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47978 | 1 Microsoft | 3 Windows Server 2022, Windows Server 2022 23h2, Windows Server 2025 | 2025-08-23 | 6.5 Medium |
| Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-48812 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-08-23 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-49689 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-23 | 7.8 High |
| Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||||