Total
8493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57697 | 1 Astrbot | 1 Astrbot | 2025-12-05 | 6.5 Medium |
| AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage. | ||||
| CVE-2025-66624 | 2025-12-05 | 7.5 High | ||
| BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. Prior to 1.5.0.rc2, The npdu_is_expected_reply function in src/bacnet/npdu.c indexes request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4] without verifying that those APDU bytes exist. bacnet_npdu_decode() can return offset == 2 for a 2-byte NPDU, so tiny PDUs pass the version check and then get read out of bounds. On ASan/MPU/strict builds this is an immediate crash (DoS). On unprotected builds it is undefined behavior and can mis-route replies; RCE is unlikely because only reads occur, but DoS is reliable. | ||||
| CVE-2025-14104 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-12-05 | 6.1 Medium |
| A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. | ||||
| CVE-2025-5318 | 2 Libssh, Redhat | 10 Libssh, Enterprise Linux, Openshift and 7 more | 2025-12-05 | 5.4 Medium |
| A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior. | ||||
| CVE-2025-58476 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-05 | 4.2 Medium |
| Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory. | ||||
| CVE-2025-58479 | 1 Samsung | 2 Android, Mobile Devices | 2025-12-05 | 4.3 Medium |
| Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||
| CVE-2017-13037 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-05 | 9.8 Critical |
| The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). | ||||
| CVE-2017-13027 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-05 | 9.8 Critical |
| The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). | ||||
| CVE-2012-1571 | 3 Christos Zoulas, Redhat, Tim Robbins | 3 File, Enterprise Linux, Libmagic | 2025-12-04 | 6.5 Medium |
| file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. | ||||
| CVE-2024-27094 | 1 Openzeppelin | 3 Contracts, Contracts Upgradeable, Openzeppelin Contracts | 2025-12-04 | 6.5 Medium |
| OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. | ||||
| CVE-2023-53238 | 1 Linux | 1 Linux Kernel | 2025-12-04 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() The size of array 'priv->ports[]' is INNO_PHY_PORT_NUM. In the for loop, 'i' is used as the index for array 'priv->ports[]' with a check (i > INNO_PHY_PORT_NUM) which indicates that INNO_PHY_PORT_NUM is allowed value for 'i' in the same loop. This > comparison needs to be changed to >=, otherwise it potentially leads to an out of bounds write on the next iteration through the loop | ||||
| CVE-2025-58113 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-12-04 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-20768 | 2 Google, Mediatek | 26 Android, Mt6739, Mt6761 and 23 more | 2025-12-04 | 7.8 High |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805. | ||||
| CVE-2025-66293 | 1 Libpng | 1 Libpng | 2025-12-04 | 7.1 High |
| LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. | ||||
| CVE-2017-13035 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). | ||||
| CVE-2017-13034 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | ||||
| CVE-2017-13031 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). | ||||
| CVE-2017-13028 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). | ||||
| CVE-2017-13025 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | ||||
| CVE-2017-13024 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-12-04 | 9.8 Critical |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | ||||