Total
2751 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2912 | 1 Hdfgroup | 1 Hdf5 | 2026-01-23 | 3.3 Low |
| A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6270 | 1 Hdfgroup | 1 Hdf5 | 2026-01-23 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-15059 | 1 Gimp | 1 Gimp | 2026-01-23 | N/A |
| GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28232. | ||||
| CVE-2026-20957 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-01-23 | 7.8 High |
| Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20868 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-01-23 | 8.8 High |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-20922 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-01-23 | 7.8 High |
| Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | ||||
| CVE-2026-20876 | 1 Microsoft | 9 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 6 more | 2026-01-23 | 6.7 Medium |
| Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20864 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-01-23 | 7.8 High |
| Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20840 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-01-23 | 7.8 High |
| Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | ||||
| CVE-2026-20837 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-01-23 | 7.8 High |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20820 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-01-23 | 7.8 High |
| Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20809 | 1 Microsoft | 20 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 17 more | 2026-01-23 | 7.8 High |
| Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-70302 | 1 Gpac | 1 Gpac | 2026-01-23 | 5.5 Medium |
| A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-70303 | 1 Gpac | 1 Gpac | 2026-01-23 | 5.5 Medium |
| A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | ||||
| CVE-2025-70310 | 1 Gpac | 1 Gpac | 2026-01-23 | 5.5 Medium |
| A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file. | ||||
| CVE-2026-0793 | 1 Algo | 1 8180 Ip Audio Alerter | 2026-01-23 | N/A |
| ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InformaCast functionality. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28302. | ||||
| CVE-2026-0822 | 1 Quickjs-ng | 1 Quickjs | 2026-01-22 | 6.3 Medium |
| A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2025-9458 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-01-22 | 7.8 High |
| A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-9457 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2026-01-22 | 7.8 High |
| A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-32990 | 2 Gnu, Redhat | 9 Gnutls, Ceph Storage, Discovery and 6 more | 2026-01-22 | 6.5 Medium |
| A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. | ||||