ReportizFlow
Filtered by vendor
Subscriptions
Total
9142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3606 | 2 Ettercap, Ettercap-project | 2 Ettercap, Ettercap | 2026-04-16 | 3.3 Low |
| A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-3663 | 1 Xlnt-community | 1 Xlnt | 2026-04-16 | 3.3 Low |
| A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2026-3664 | 1 Xlnt-community | 1 Xlnt | 2026-04-16 | 3.3 Low |
| A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 147. Applying a patch is advised to resolve this issue. | ||||
| CVE-2026-28692 | 1 Imagemagick | 1 Imagemagick | 2026-04-16 | 4.8 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | ||||
| CVE-2026-28693 | 1 Imagemagick | 1 Imagemagick | 2026-04-16 | 8.1 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | ||||
| CVE-2026-30935 | 1 Imagemagick | 1 Imagemagick | 2026-04-16 | 4.4 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16. | ||||
| CVE-2026-30986 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-16 | 5.5 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5. | ||||
| CVE-2026-21365 | 1 Adobe | 1 Substance 3d Painter | 2026-04-16 | 5.5 Medium |
| Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27219 | 1 Adobe | 1 Substance 3d Painter | 2026-04-16 | 5.5 Medium |
| Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27268 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-04-16 | 5.5 Medium |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-5437 | 2 Orthanc, Orthanc-server | 2 Dicom Server, Orthanc | 2026-04-16 | 7.5 High |
| An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic. | ||||
| CVE-2026-20828 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-16 | 4.6 Medium |
| Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack. | ||||
| CVE-2026-20835 | 1 Microsoft | 7 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 4 more | 2026-04-16 | 5.5 Medium |
| Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-20944 | 1 Microsoft | 4 365 Apps, Office Long Term Servicing Channel, Office Macos 2021 and 1 more | 2026-04-16 | 8.4 High |
| Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20936 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-16 | 4.3 Medium |
| Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack. | ||||
| CVE-2026-1485 | 1 Redhat | 1 Enterprise Linux | 2026-04-16 | 2.8 Low |
| A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability. | ||||
| CVE-2026-20420 | 1 Mediatek | 40 Mt2735, Mt2737, Mt6813 and 37 more | 2026-04-16 | 6.5 Medium |
| In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935. | ||||
| CVE-2026-20421 | 1 Mediatek | 16 Mt2735, Mt6833, Mt6853 and 13 more | 2026-04-16 | 6.5 Medium |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922. | ||||
| CVE-2026-20611 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-04-16 | 7.8 High |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2026-2443 | 3 Gnome, Red Hat, Redhat | 3 Libsoup, Enterprise Linux, Enterprise Linux | 2026-04-16 | 5.3 Medium |
| A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component. | ||||