Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,087)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-60015 1F5 2F5os A F5os C Oct 22, 2025 Oct 15, 2025 6.9 MEDIUM· v4 5.7 MEDIUM· v3 N/A· v2 An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-58096 1F5 21Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+18 more Oct 21, 2025 Oct 15, 2025 8.2 HIGH· v4 7.5 HIGH· v3 N/A· v2 When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software ver...Show more When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2025-55036 1F5 1Big Ip Ssl Orchestrator Oct 21, 2025 Oct 15, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached...Show more When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2025-54479 1F5 3Big Ip Next Cloud Native Network Functions Big Ip Next For KubernetesBig Ip Policy Enforcement Manager Oct 21, 2025 Oct 15, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have...Show more When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2025-54284 1Adobe 1Illustrator Oct 16, 2025 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...Show more Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-54283 1Adobe 1Illustrator Oct 16, 2025 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...Show more Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-54280 1Adobe 1Substance 3d Viewer Oct 14, 2025 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...Show more Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-54275 1Adobe 1Substance 3d Viewer Oct 14, 2025 Oct 14, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to crash the applicati...Show more Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to crash the application or make it unavailable. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-54273 1Adobe 1Substance 3d Viewer Oct 14, 2025 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...Show more Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-22833 1Ami 1Aptio V Oct 22, 2025 Oct 14, 2025 4.6 MEDIUM· v4 7.3 HIGH· v3 N/A· v2 APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution.
CVE-2025-22832 1Ami 1Aptio V Apr 29, 2026 Oct 14, 2025 5.9 MEDIUM· v4 7.8 HIGH· v3 N/A· v2 APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.
CVE-2025-22831 1Ami 1Aptio V Apr 29, 2026 Oct 14, 2025 5.9 MEDIUM· v4 7.8 HIGH· v3 N/A· v2 APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.
CVE-2025-9178 - - Oct 14, 2025 Oct 14, 2025 7.7 HIGH· v4 N/A· v3 N/A· v2 A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1...Show more A denial-of-service security issue exists in the affected product and version. The security issue is caused through CIP communication using crafted payloads. The security issue could result in no CIP communication with 1715 EtherNet/IP Adapter.A restart is required to recover.Show less
CVE-2025-11714 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Oct 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...Show more Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.Show less
CVE-2025-11709 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Oct 14, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140...Show more A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.Show less
CVE-2025-40810 1Siemens 2Solid Edge Se2024 Solid Edge Se2025 Oct 16, 2025 Oct 14, 2025 7.3 HIGH· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds write vulnerability whil...Show more A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds write vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.Show less
CVE-2025-40809 1Siemens 2Solid Edge Se2024 Solid Edge Se2025 Oct 16, 2025 Oct 14, 2025 7.3 HIGH· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds write vulnerability whil...Show more A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds write vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.Show less
CVE-2025-20723 1Google 1Android Oct 15, 2025 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction...Show more In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797.Show less
CVE-2025-20721 2Google Mediatek 2Android Iot Yocto Oct 15, 2025 Oct 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is no...Show more In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.Show less
CVE-2025-20720 2Mediatek Openwrt 2Openwrt Software Development Kit Oct 15, 2025 Oct 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User inte...Show more In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569.Show less

Previous 1...555657...705 Next