Total
8349 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-30982 | 1 Color | 1 Iccdev | 2026-03-13 | N/A | 6.1 MEDIUM |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert() causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-30981 | 1 Color | 1 Iccdev | 2026-03-13 | N/A | 6.1 MEDIUM |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-31797 | 1 Color | 1 Iccdev | 2026-03-13 | N/A | 6.1 MEDIUM |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine() when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5. | |||||
| CVE-2026-24282 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2026-03-13 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. | |||||
| CVE-2026-23673 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-03-13 | N/A | 7.8 HIGH |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25174 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-03-13 | N/A | 7.8 HIGH |
| Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25175 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2026-03-13 | N/A | 7.8 HIGH |
| Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25180 | 1 Microsoft | 15 Office, Windows 10 1607, Windows 10 1809 and 12 more | 2026-03-13 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2026-25181 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-03-13 | N/A | 7.5 HIGH |
| Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-23672 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-03-13 | N/A | 7.8 HIGH |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | |||||
| CVE-2026-26109 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-03-13 | N/A | 8.4 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-3920 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-13 | N/A | 8.8 HIGH |
| Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-3916 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-13 | N/A | 9.6 CRITICAL |
| Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-3926 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-13 | N/A | 8.8 HIGH |
| Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-3949 | 2026-03-12 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2026-3950 | 2026-03-12 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet. | |||||
| CVE-2025-70330 | 2026-03-12 | N/A | 3.3 LOW | ||
| Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user. | |||||
| CVE-2025-15038 | 2026-03-12 | N/A | N/A | ||
| An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "Security Update for ASUS Business System Control Interface" section on the ASUS Security Advisory for more information. | |||||
| CVE-2026-4012 | 2026-03-12 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-4009 | 2026-03-12 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet. | |||||