Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1285

CWE-1285

Improper Validation of Specified Index, Position, or Offset in Input

Parent: CWE-20 - Improper Input Validation

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

49 vulnerabilities with CWE-1285

CVE-2026-8036 HIGH

NI-PAL Through 26.3.0 - Local Privilege Escalation via Memory Access

CVE-2026-45352 MEDIUM

cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding

CVE-2026-9100 MEDIUM

Heap memory out of bounds read and crash in C Driver legacy GridFS file reader

CVE-2026-33557 CRITICAL

Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication

CVE-2026-20440 MEDIUM

MAE - Privilege Escalation

CVE-2026-20413 MEDIUM

Android MediaTek imgsys - Local Privilege Escalation via Out-of-Bounds Write

CVE-2025-2399 MEDIUM

Mitsubishi Electric CNC M800V/M80V/M800/M80/E80/C80/M700V/M70V/E70 and NC Trainer2 - DoS via TCP Port 683

CVE-2025-20796 HIGH

Android MediaTek imgsys - Local Privilege Escalation via Out-of-Bounds Write

CVE-2025-48511 MEDIUM

AMD uProf < 5.0.1174, < 5.0.1223, < 5.0.1479 - Denial of Service via Arbitrary Physical Address Write

CVE-2025-48502 MEDIUM

AMD uProf < 5.0.1174, < 5.0.1223, < 5.0.1479 - Denial of Service via MSR Register Overwrite

CVE-2025-55086 CRITICAL

Eclipse ThreadX NetX Duo < 6.4.4.202503 - Out-of-bounds Read in DHCPV6 Client

CVE-2025-55087 HIGH

NextX Duo <6.4.4 - Memory Corruption

CVE-2025-8291 MEDIUM

CPython <3.9.24, 3.10.0-3.10.18, 3.11.0-3.11.13, 3.12.0-3.12.11, 3.13.0-3.13.9, 3.14.0 - ZIP64 EOCD Validation Bypass

CVE-2025-9189 HIGH

Digilent DASYLab - Out-of-Bounds Write via DSB File Parsing

CVE-2025-57778 HIGH

Digilent DASYLab - Out-of-Bounds Write via DSB File Parsing

CVE-2025-57777 HIGH

Digilent DASYLab - Out-of-Bounds Write in displ2.dll via Crafted DSB File

CVE-2025-57776 HIGH

Digilent DASYLab - Out-of-Bounds Write via DSB File Parsing

CVE-2025-57775 HIGH

Digilent DASYLab - Heap-based Buffer Overflow via DSB File Parsing

CVE-2025-57774 HIGH

Digilent DASYLab - Out-of-Bounds Write via DSB File Parsing

CVE-2025-7849 HIGH

NI LabVIEW <2025 Q1 - Memory Corruption

CVE-2025-7848 HIGH

NI LabVIEW <2025 Q1 - Memory Corruption

CVE-2025-2634 HIGH

NI LabVIEW <2025 Q1 - RCE/Info Disclosure

CVE-2025-2633 HIGH

NI LabVIEW <2025 Q1 - Code Injection

CVE-2025-3755 CRITICAL

Mitsubishi Electric Corporation MELSEC iQ-F Series - DoS

CVE-2025-3357 CRITICAL

IBM Tivoli Monitoring <6.3.0.7-SP19 - RCE

Page 1 of 2 Next

Details

Vulnerabilities 49

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy