Total
8349 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3731 | 1 Libssh | 1 Libssh | 2026-03-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component. | |||||
| CVE-2026-27269 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2026-03-12 | N/A | 7.8 HIGH |
| Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27219 | 1 Adobe | 1 Substance 3d Painter | 2026-03-11 | N/A | 5.5 MEDIUM |
| Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27216 | 1 Adobe | 1 Substance 3d Painter | 2026-03-11 | N/A | 5.5 MEDIUM |
| Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-21365 | 1 Adobe | 1 Substance 3d Painter | 2026-03-11 | N/A | 5.5 MEDIUM |
| Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-30935 | 1 Imagemagick | 1 Imagemagick | 2026-03-11 | N/A | 4.4 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16. | |||||
| CVE-2026-28693 | 1 Imagemagick | 1 Imagemagick | 2026-03-11 | N/A | 8.1 HIGH |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | |||||
| CVE-2026-28692 | 1 Imagemagick | 1 Imagemagick | 2026-03-11 | N/A | 4.8 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | |||||
| CVE-2026-27268 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | N/A | 5.5 MEDIUM |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27270 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2026-03-11 | N/A | 5.5 MEDIUM |
| Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-2771 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-03-11 | N/A | 9.8 CRITICAL |
| Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | |||||
| CVE-2026-26127 | 2026-03-11 | N/A | 7.5 HIGH | ||
| Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2026-3664 | 1 Xlnt-community | 1 Xlnt | 2026-03-10 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 147. Applying a patch is advised to resolve this issue. | |||||
| CVE-2026-3663 | 1 Xlnt-community | 1 Xlnt | 2026-03-10 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2026-3631 | 1 Deltaww | 1 Commgr2 | 2026-03-10 | N/A | 7.5 HIGH |
| Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. | |||||
| CVE-2022-37007 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2026-03-06 | N/A | 7.5 HIGH |
| The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. | |||||
| CVE-2026-0035 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
| In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-27596 | 1 Exiv2 | 1 Exiv2 | 2026-03-05 | N/A | 7.5 HIGH |
| Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8. | |||||
| CVE-2026-3540 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-05 | N/A | 8.8 HIGH |
| Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-28540 | 1 Huawei | 1 Harmonyos | 2026-03-05 | N/A | 4.0 MEDIUM |
| Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||