Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-129

CWE-129

High likelihood

Improper Validation of Array Index

Parent: CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

572 vulnerabilities with CWE-129

CVE-2026-45624 MEDIUM

ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

CVE-2026-45359 MEDIUM

ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

CVE-2026-24181 HIGH

Nvidia Dali - Improper Validation of Array Index

CVE-2026-25276 HIGH

Qualcomm Snapdragon Secure Processor - Strongbox Bounds Check Memory Corruption

CVE-2026-46163 HIGH

wifi: b43legacy: enforce bounds check on firmware key index in RX path

CVE-2026-45104 HIGH

MapServer: NULL pointer dereference in SLD `<ElseFilter>` rule parsing reachable via WMS `SLD_BODY`

CVE-2026-46598 MEDIUM

Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

CVE-2026-44310 MEDIUM

gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

CVE-2026-44222 MEDIUM

vLLM: Remote DoS via Special-Token Placeholders

CVE-2026-41643 HIGH

GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE

CVE-2026-40251 MEDIUM

Incus out-of-bounds panic in snapshot metadata handling allows denial of service

CVE-2026-31776 HIGH

ALSA: ctxfi: Fix missing SPDIFI1 index handling

CVE-2026-31764 HIGH

iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only

CVE-2026-31729 HIGH

usb: typec: ucsi: validate connector number in ucsi_notify_common()

CVE-2026-40886 HIGH

Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

CVE-2026-6840 MEDIUM

Samsung ONE <1.30.0 - Memory Corruption

CVE-2026-40097 LOW

Step CA affected by an index out of bounds panic in TPM attestation EKU validation

CVE-2026-34942 MEDIUM

Wasmtime panics when transcoding misaligned utf-16 strings

CVE-2026-21413 CRITICAL

LibRaw - Heap-Based Buffer Overflow in lossless_jpeg_load_raw

CVE-2026-23448 HIGH

net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check

CVE-2026-23447 HIGH

net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check

CVE-2026-33762 LOW

go-git: Missing validation decoding Index v4 files leads to panic

CVE-2026-32286 HIGH

Denial of service in github.com/jackc/pgproto3/v2

CVE-2026-32285 HIGH

Denial of service in github.com/buger/jsonparser

CVE-2026-23354 HIGH

x86/fred: Correct speculative safety in fred_extint()

Page 1 of 23 Next

Details

Vulnerabilities 572

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy