CWE-125 · Out-of-bounds Read
8903 CVEs classified under CWE-125 (Out-of-bounds Read). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-22004 | Critical | 10.0 | 2024-04-05 | Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Tr… |
CVE-2021-41556 | Critical | 10.0 | 2022-07-28 | sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim e… |
CVE-2021-21777 | Critical | 10.0 | 2021-06-17 | An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A spe… |
CVE-2017-14451 | Critical | 10.0 | 2020-12-02 | An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause… |
CVE-2026-33642 | Critical | 9.9 | 2026-05-19 | Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validatio… |
CVE-2026-34987 | Critical | 9.9 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default compiler backend may al… |
CVE-2023-28445 | Critical | 9.9 | 2023-03-24 | Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk duri… |
CVE-2023-26489 | Critical | 9.9 | 2023-03-08 | wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mod… |
CVE-2025-15646 | Critical | 9.8 | 2026-07-01 | HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the <template> element was added to libgumbo 0.10.0 in 2015, bu… |
CVE-2026-14090 | Critical | 9.8 | 2026-06-30 | Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of… |
CVE-2026-29013 | Critical | 9.8 | 2026-04-17 | libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely… |
CVE-2026-5735 | Critical | 9.8 | 2026-04-07 | Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough… |
CVE-2026-31405 | Critical | 9.8 | 2026-04-06 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handl… |
CVE-2026-33669 | Critical | 9.8 | 2026-03-26 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/bl… |
CVE-2026-3055 | Critical | 9.8 | 2026-03-23 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread |
CVE-2026-2771 | Critical | 9.8 | 2026-02-24 | Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and… |
CVE-2026-3062 | Critical | 9.8 | 2026-02-23 | Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a cra… |
CVE-2026-24811 | Critical | 9.8 | 2026-01-27 | Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root. |
CVE-2026-22984 | Critical | 9.8 | 2026-01-23 | In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit… |
CVE-2025-69992 | Critical | 9.8 | 2026-01-13 | phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identit… |