CVE & Exploit Intelligence Database

CVE-2025-59600 7.8 HIGH EPSS 0.00

Memory Corruption when adding user-supplied data without checking available buffer space.

CWE-126 Mar 02, 2026

CVE-2026-28364 7.9 HIGH 1 Writeup EPSS 0.00

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

CWE-126 Feb 27, 2026

CVE-2026-27799 4.0 MEDIUM 1 Writeup EPSS 0.00

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CWE-122 Feb 26, 2026

CVE-2026-27798 4.0 MEDIUM 1 Writeup EPSS 0.00

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CWE-125 Feb 26, 2026

CVE-2026-26271 5.3 MEDIUM 1 Writeup EPSS 0.00

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue.

CWE-126 Feb 25, 2026

CVE-2026-3203 5.5 MEDIUM EPSS 0.00

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

CWE-126 Feb 25, 2026

CVE-2026-26282 6.6 MEDIUM EPSS 0.00

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in `.NET Single File` bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user. Version 6.0.1630.0 patches the issue.

CWE-126 Feb 19, 2026

CVE-2026-25646 8.1 HIGH 1 Writeup EPSS 0.00

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

CWE-126 Feb 10, 2026

CVE-2026-20846 7.5 HIGH EPSS 0.00

Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.

CWE-126 Feb 10, 2026

CVE-2025-47402 6.5 MEDIUM EPSS 0.00

Transient DOS when processing a received frame with an excessively large authentication information element.

CWE-126 Feb 02, 2026

CVE-2025-66692 7.5 HIGH 1 Writeup EPSS 0.00

A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.

CWE-126 Jan 20, 2026

CVE-2025-60003 7.5 HIGH EPSS 0.00

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer. This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring: [ protocols bgp ... disable-4byte-as ] Established BGP sessions can be checked by executing: show bgp neighbor <IP address> | match "4 byte AS" This issue affects: Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved:  * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

CWE-126 Jan 15, 2026

CVE-2025-47395 6.5 MEDIUM EPSS 0.00

Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.

CWE-126 Jan 07, 2026

CVE-2025-47331 6.1 MEDIUM EPSS 0.00

Information disclosure while processing a firmware event.

CWE-126 Jan 07, 2026

CVE-2025-47330 5.5 MEDIUM EPSS 0.00

Transient DOS while parsing video packets received from the video firmware.

CWE-126 Jan 07, 2026

CVE-2025-11961 1.9 LOW 1 Writeup EPSS 0.00

pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.

CWE-126 Dec 31, 2025

CVE-2025-62560 7.8 HIGH EPSS 0.00

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CWE-822 Dec 09, 2025

CVE-2025-62473 6.5 MEDIUM EPSS 0.00

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CWE-126 Dec 09, 2025

CVE-2025-62467 7.8 HIGH EPSS 0.00

Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CWE-190 Dec 09, 2025

CVE-2025-62464 7.8 HIGH EPSS 0.00

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CWE-126 Dec 09, 2025