Total
2655 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65018 | 1 Libpng | 1 Libpng | 2025-11-26 | 7.1 High |
| LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. | ||||
| CVE-2025-64693 | 2 Intercom, Microsoft | 2 Malion, Windows | 2025-11-26 | N/A |
| Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege. | ||||
| CVE-2025-62201 | 1 Microsoft | 14 365, 365 Apps, Excel and 11 more | 2025-11-25 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-60724 | 1 Microsoft | 31 Graphics Component, Office, Office For Mac and 28 more | 2025-11-25 | 9.8 Critical |
| Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-60715 | 1 Microsoft | 28 Remote, Windows, Windows 10 and 25 more | 2025-11-25 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-60714 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1607 and 19 more | 2025-11-25 | 7.8 High |
| Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62452 | 1 Microsoft | 26 Windows, Windows 10, Windows 10 1607 and 23 more | 2025-11-25 | 8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-62220 | 1 Microsoft | 3 Windows, Windows Subsystem For Linux, Windows Subsystem For Linux Gui | 2025-11-25 | 8.8 High |
| Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-59504 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2025-11-25 | 7.3 High |
| Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-65085 | 2025-11-25 | N/A | ||
| A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code. | ||||
| CVE-2025-2584 | 1 Webassembly | 1 Wabt | 2025-11-25 | 5 Medium |
| A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2015-0815 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-11-25 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2017-7810 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-11-25 | N/A |
| Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | ||||
| CVE-2018-5146 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-11-25 | N/A |
| An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. | ||||
| CVE-2025-11458 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-25 | 8.1 High |
| Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-52356 | 2 Libtiff, Redhat | 3 Libtiff, Discovery, Enterprise Linux | 2025-11-24 | 7.5 High |
| A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | ||||
| CVE-2025-64524 | 1 Openprinting | 1 Libcupsfilters | 2025-11-24 | 3.3 Low |
| cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault when processing maliciously crafted input data. This issue can be exploited to trigger memory corruption, potentially leading to arbitrary code execution. This issue has been patched via commit 956283c. | ||||
| CVE-2025-62608 | 1 Ml-explore | 1 Mlx | 2025-11-24 | 6.5 Medium |
| MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue has been patched in version 0.29.4. | ||||
| CVE-2025-59275 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-22 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59191 | 1 Microsoft | 23 Connected Devices Platform Service, Windows, Windows 10 and 20 more | 2025-11-22 | 7.8 High |
| Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||||