CWE-125 · Out-of-bounds Read

8903 CVEs classified under CWE-125 (Out-of-bounds Read). Browse by severity and year.

Top CVEs for CWE-125
CVESeverityScorePublishedSummary
CVE-2024-22004Critical10.02024-04-05Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Tr…
CVE-2021-41556Critical10.02022-07-28sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim e…
CVE-2021-21777Critical10.02021-06-17An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A spe…
CVE-2017-14451Critical10.02020-12-02An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause…
CVE-2026-33642Critical9.92026-05-19Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validatio…
CVE-2026-34987Critical9.92026-04-09Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default compiler backend may al…
CVE-2023-28445Critical9.92023-03-24Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk duri…
CVE-2023-26489Critical9.92023-03-08wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mod…
CVE-2025-15646Critical9.82026-07-01HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the <template> element was added to libgumbo 0.10.0 in 2015, bu…
CVE-2026-14090Critical9.82026-06-30Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of…
CVE-2026-29013Critical9.82026-04-17libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely…
CVE-2026-5735Critical9.82026-04-07Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2026-31405Critical9.82026-04-06In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handl…
CVE-2026-33669Critical9.82026-03-26SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/bl…
CVE-2026-3055Critical9.82026-03-23Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
CVE-2026-2771Critical9.82026-02-24Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and…
CVE-2026-3062Critical9.82026-02-23Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a cra…
CVE-2026-24811Critical9.82026-01-27Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root.
CVE-2026-22984Critical9.82026-01-23In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit…
CVE-2025-69992Critical9.82026-01-13phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identit…