Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,079)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21334 1Adobe 1Substance 3d Designer Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...Show more Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21328 1Adobe 1After Effects Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte...Show more After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21327 1Adobe 1After Effects Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte...Show more After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21318 1Adobe 1After Effects Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte...Show more After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21312 1Adobe 1Audition Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti...Show more Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21259 1Microsoft 5365 Apps ExcelOffice+2 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-21248 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21246 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21245 1Microsoft 3Windows 11 24h2 Windows 11 25h2Windows Server 2025 Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21244 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21239 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21236 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-32008 - - Feb 10, 2026 Feb 10, 2026 8.7 HIGH· v4 8.6 HIGH· v3 N/A· v2 Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a...Show more Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (low) impacts.Show less
CVE-2025-27243 1Intel 1Ethernet Controller Mar 17, 2026 Feb 10, 2026 6.7 MEDIUM· v4 4.4 MEDIUM· v3 N/A· v2 Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user co...Show more Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.Show less
CVE-2026-23715 1Siemens 2Simcenter Femap Simcenter Nastran Feb 11, 2026 Feb 10, 2026 7.3 HIGH· v4 7.3 HIGH· v3 N/A· v2 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially cra...Show more A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.Show less
CVE-2026-2259 1Strlen 1Lobster Apr 29, 2026 Feb 10, 2026 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation...Show more A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2f45fe860d00990e79e13250251c1dde633f1f89. Applying a patch is the recommended action to fix this issue.Show less
CVE-2026-24320 1Sap 3Netweaver As Abap Kernel Netweaver As Abap Krnl64nucNetweaver As Abap Krnl64uc Feb 17, 2026 Feb 10, 2026 N/A· v4 3.1 LOW· v3 N/A· v2 Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing...Show more Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.Show less
CVE-2026-2258 1Strlen 1Lobster Apr 29, 2026 Feb 10, 2026 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. T...Show more A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue.Show less
CVE-2026-25634 1Color 1Iccdev Feb 19, 2026 Feb 6, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiP...Show more iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4.Show less
CVE-2026-2017 1Ip Com 1W30ap Firmware Feb 17, 2026 Feb 6, 2026 8.9 HIGH· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the a...Show more A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less

Previous 1...353637...704 Next