Total
14182 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53367 | 2026-04-15 | N/A | ||
| DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29. | ||||
| CVE-2024-8894 | 2026-04-15 | N/A | ||
| Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. | ||||
| CVE-2024-12668 | 2026-04-15 | 8.2 High | ||
| Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers. | ||||
| CVE-2024-45774 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-04-15 | 6.7 Medium |
| A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded. | ||||
| CVE-2024-45776 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-04-15 | 6.7 Medium |
| When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections. | ||||
| CVE-2024-45320 | 2026-04-15 | N/A | ||
| Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur. | ||||
| CVE-2024-7137 | 2026-04-15 | 6.5 Medium | ||
| The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device. | ||||
| CVE-2024-39840 | 1 Factorio | 1 Factorio | 2026-04-15 | 8.8 High |
| Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. | ||||
| CVE-2025-0236 | 2026-04-15 | 5.3 Medium | ||
| Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver. | ||||
| CVE-2024-36274 | 2026-04-15 | 6.5 Medium | ||
| Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver for Intel(R) Ethernet Adapter Complete Driver Pack before versions 29.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-0010 | 1 Amd | 10 Athlon, Graphics Driver, Instinct Mi200 and 7 more | 2026-04-15 | 6.1 Medium |
| An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2024-55412 | 2026-04-15 | 7.8 High | ||
| A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | ||||
| CVE-2024-7695 | 2026-04-15 | 7.5 High | ||
| Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. | ||||
| CVE-2025-0690 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-04-15 | 6.1 Medium |
| The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence. | ||||
| CVE-2024-4467 | 1 Redhat | 7 Advanced Virtualization, Container Native Virtualization, Enterprise Linux and 4 more | 2026-04-15 | 7.8 High |
| A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. | ||||
| CVE-2024-33008 | 2026-04-15 | 4.9 Medium | ||
| SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system. | ||||
| CVE-2024-32669 | 1 Samsung Open Source | 1 Escargot | 2026-04-15 | 5.3 Medium |
| Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0. | ||||
| CVE-2026-27664 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-04-14 | 7.5 High |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition. | ||||
| CVE-2026-4685 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-04-14 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||||
| CVE-2026-4686 | 1 Mozilla | 2 Firefox, Firefox Esr | 2026-04-14 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||||