Search Results (3374 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-21259 1 Microsoft 9 365 Apps, Excel, Excel 2016 and 6 more 2026-04-15 7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-34630 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2026-04-15 7.8 High
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27293 2 Adobe, Microsoft 2 Framemaker, Windows 2026-04-15 7.8 High
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-21248 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-15 7.3 High
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21247 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-15 7.3 High
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21246 1 Microsoft 28 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 25 more 2026-04-15 7.8 High
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21236 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-04-15 7.8 High
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21245 1 Microsoft 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more 2026-04-15 7.8 High
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21244 1 Microsoft 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more 2026-04-15 7.3 High
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21239 1 Microsoft 28 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 25 more 2026-04-15 7.8 High
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-34743 2 Tukaani, Tukaani-project 2 Xz, Xz 2026-04-15 5.3 Medium
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.
CVE-2026-27301 2 Adobe, Microsoft 2 Framemaker, Windows 2026-04-15 5.5 Medium
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-2447 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2026-04-15 8.8 High
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
CVE-2026-3845 1 Mozilla 1 Firefox 2026-04-15 8.8 High
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.
CVE-2026-4152 1 Gimp 1 Gimp 2026-04-15 7.8 High
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.
CVE-2026-4153 1 Gimp 1 Gimp 2026-04-15 7.8 High
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28874.
CVE-2025-6490 2026-04-15 3.3 Low
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
CVE-2025-36853 1 Microsoft 1 .net 2026-04-15 7.5 High
A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().‍ Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
CVE-2024-51737 2026-04-15 7 High
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.
CVE-2024-48075 1 Realtimelogic 1 Sharkssl 2026-04-15 5.3 Medium
A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.