CWE-129 · Improper Validation of Array Index

580 CVEs classified under CWE-129 (Improper Validation of Array Index). Browse by severity and year.

Top CVEs for CWE-129
CVESeverityScorePublishedSummary
CVE-2020-27485Critical9.92020-11-16Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the a…
CVE-2020-27483Critical9.92020-11-16Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the a…
CVE-2026-21413Critical9.82026-04-07A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted…
CVE-2025-27034Critical9.82025-09-24Memory corruption while selecting the PLMN from SOR failed list.
CVE-2025-57052Critical9.82025-09-03cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass a…
CVE-2025-3357Critical9.82025-05-28IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index va…
CVE-2024-45569Critical9.82025-02-03Memory corruption while parsing the ML IE due to invalid frame content.
CVE-2024-38623Critical9.82024-06-21In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntf…
CVE-2021-47548Critical9.82024-05-24In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst…
CVE-2024-34048Critical9.82024-04-30O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.
CVE-2024-31581Critical9.82024-04-17FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability…
CVE-2024-24563Critical9.82024-02-07Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned inte…
CVE-2023-28004Critical9.82023-04-18 A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote…
CVE-2023-26066Critical9.82023-04-10Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.
CVE-2022-33256Critical9.82023-03-10Memory corruption due to improper validation of array index in Multi-mode call processor.
CVE-2023-0755Critical9.82023-02-23 The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrar…
CVE-2022-25720Critical9.82022-10-19Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon C…
CVE-2022-26100Critical9.82022-03-10SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obta…
CVE-2021-1933Critical9.82021-09-09UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon…
CVE-2021-38563Critical9.82021-08-11An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size e…