ReportizFlow
Filtered by vendor
Subscriptions
Total
460 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8091 | 1 Mozilla | 1 Firefox | 2026-05-07 | N/A |
| Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2. | ||||
| CVE-2025-47401 | 1 Qualcomm | 491 Ar8035, Ar8035 Firmware, Cologne and 488 more | 2026-05-06 | 6.5 Medium |
| Transient DOS when processing target power rate tables during channel configuration. | ||||
| CVE-2025-47403 | 1 Qualcomm | 515 Ar8035, Ar8035 Firmware, Cologne and 512 more | 2026-05-06 | 6.5 Medium |
| Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. | ||||
| CVE-2025-47406 | 1 Qualcomm | 63 Cologne, Cologne Firmware, Fastconnect 6700 and 60 more | 2026-05-06 | 6.1 Medium |
| Information Disclosure while processing IOCTL handler callbacks without verifying buffer size. | ||||
| CVE-2026-34059 | 1 Apache | 1 Http Server | 2026-05-04 | 7.5 High |
| Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | ||||
| CVE-2026-37532 | 1 Automotivelinux | 1 Agl-service-can-low-level | 2026-05-04 | 7.1 High |
| AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer. | ||||
| CVE-2026-6238 | 3 Gnu, Redhat, The Gnu C Library | 3 Glibc, Hummingbird, Glibc | 2026-05-04 | 6.5 Medium |
| The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions. | ||||
| CVE-2026-6532 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-5772 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 5.3 Medium |
| A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash. | ||||
| CVE-2026-41898 | 1 Rust-openssl Project | 1 Rust-openssl | 2026-04-28 | 9.8 Critical |
| rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78. | ||||
| CVE-2026-26155 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-24 | 6.5 Medium |
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||||
| CVE-2026-0930 | 2 Wolfssh, Wolfssl | 2 Wolfssh, Wolfssh | 2026-04-24 | 4.3 Medium |
| Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output. | ||||
| CVE-2026-26169 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-24 | 6.1 Medium |
| Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-26184 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-04-24 | 7.8 High |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-32052 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2026-04-22 | 6.5 Medium |
| A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. | ||||
| CVE-2026-40341 | 1 Gphoto | 1 Libgphoto2 | 2026-04-22 | 3.5 Low |
| libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available. | ||||
| CVE-2025-62462 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-20 | 7.8 High |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62467 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-20 | 7.8 High |
| Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62473 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-20 | 6.5 Medium |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-62461 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-20 | 7.8 High |
| Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | ||||