CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,960 vulnerabilities with CWE-119
CVE-2025-13446 HIGH
Tenda AC21 16.03.08.16 - Stack-Based Buffer Overflow via timeZone/time Parameter
CVSS 8.8
CVE-2025-13445 HIGH
Tenda AC21 16.03.08.16 - Stack-based Buffer Overflow via SetIpMacBind Argument
CVSS 8.8
CVE-2025-13400 HIGH
Tenda CH22 1.0.0.1 - Buffer Overflow via chkHz Argument in WrlExtraGet Function
CVSS 8.8
CVE-2025-13305 HIGH
D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K, and DIR-825M 1.01.07 - Buffer Overflow via Traceroute Host Parameter
CVSS 8.8
CVE-2025-13304 HIGH
D-Link DWR-M920/M921/M960/M961 & DIR-825M 1.01.07/1.1.47 - Buffer Overflow via Ping Host Argument
CVSS 8.8
CVE-2025-13288 HIGH
Tenda CH22 1.0.0.1 - Buffer Overflow via PPTPUserSetting delno Parameter
CVSS 8.8
CVE-2025-13258 HIGH
Tenda AC20 <= 16.03.08.12 - Buffer Overflow via WifiExtraSet wpapsk_crypto Argument
CVSS 8.8
CVE-2025-13191 HIGH
D-Link DIR-816L 2_06_b09_beta - Stack-Based Buffer Overflow in soapcgi_main
CVSS 8.8
CVE-2025-13190 HIGH
D-Link DIR-816L 2_06_b09_beta - Stack-Based Buffer Overflow via scandir_main Function
CVSS 8.8
CVE-2025-13189 HIGH
D-Link DIR-816L 2_06_b09_beta - Stack-Based Buffer Overflow via SERVER_ID/HTTP_SID Argument
CVSS 8.8
CVE-2025-13188 CRITICAL
D-Link DIR-816L 2_06_b09_beta - Stack-Based Buffer Overflow via Password Parameter in authenticationcgi_main
CVSS 9.8
CVE-2025-13120 MEDIUM
mruby < 3.4.0 - Use-After-Free in sort_cmp Function
CVSS 5.3
CVE-2025-13027 HIGH
Firefox < 145 - Memory Corruption
CVSS 8.1
CVE-2025-12875 MEDIUM
mruby 3.4.0 - Out-of-Bounds Write in ary_fill_exec Function
CVSS 5.3
CVE-2025-9338 HIGH
ASUS Armoury Crate - Local Privilege Escalation via AsIO3.sys Driver Buffer Overflow
CVE-2025-12745 MEDIUM
QuickJS <eb2c89087def1829ed99630cb14b549d7a98408c - Buffer Over-read
CVSS 5.3
CVE-2025-43504 MEDIUM
Xcode < 26.1 - Denial of Service via Buffer Overflow
CVSS 4.9
CVE-2025-43447 MEDIUM
iPadOS < 26.1 - Memory Corruption and Denial of Service
CVSS 5.5
CVE-2025-43441 MEDIUM
Safari < 26.1 - Memory Corruption via Malicious Web Content
CVSS 4.3
CVE-2025-43435 MEDIUM
Safari < 26.1 - Memory Corruption via Malicious Web Content
CVSS 4.3
CVE-2025-43433 HIGH
Safari < 26.1 - Memory Corruption via Malicious Web Content
CVSS 8.8
CVE-2025-43431 HIGH
Safari < 26.1 - Memory Corruption via Malicious Web Content
CVSS 8.8
CVE-2025-43429 MEDIUM
Safari < 26.1 - Memory Corruption via Malicious Web Content
CVSS 4.3
CVE-2025-43425 MEDIUM
Safari < 26.1 - Memory Corruption via Malicious Web Content
CVSS 4.3
CVE-2025-43424 MEDIUM
iPadOS < 26.1 - Denial of Service via Malicious HID Device
CVSS 6.5
Details
Vulnerabilities 13,960
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits