CWE-122: Heap-based Buffer Overflow — known CVE vulnerabilities
CVEs classified under CWE-122 (Heap-based Buffer Overflow), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-46752: Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0…
CVE-2026-24822: Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with…
CVE-2025-23123 — CVSS 10.0 (critical): A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow…
CVE-2022-34819 — CVSS 10.0 (critical): A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC…
CVE-2026-44050 — CVSS 9.9 (critical): A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker…
CVE-2026-49841 — CVSS 9.8 (critical): FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software…
CVE-2026-47291 — CVSS 9.8 (critical): Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-8175 — CVSS 9.8 (critical): IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix…
CVE-2026-41096 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-28780 — CVSS 9.8 (critical): Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this…
CVE-2025-70067 — CVSS 9.8 (critical): Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryPr…
CVE-2026-32956 — CVSS 9.8 (critical): SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect…
CVE-2026-40504 — CVSS 9.8 (critical): Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write…
CVE-2026-5264 — CVSS 9.8 (critical): Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap…
CVE-2026-5187 — CVSS 9.8 (critical): Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates…
CVE-2026-32945 — CVSS 9.8 (critical): PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer…
CVE-2026-4395 — CVSS 9.8 (critical): Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write…
CVE-2026-3549 — CVSS 9.8 (critical): Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which…
CVE-2006-10003 — CVSS 9.8 (critical): XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize -…
CVE-2026-31806 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes…
CVE-2026-22891 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master…
CVE-2026-0006 — CVSS 9.8 (critical): In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code…
CVE-2019-25327 — CVSS 9.8 (critical): Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute…
CVE-2026-26011 — CVSS 9.8 (critical): navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in…
CVE-2020-37162 — CVSS 9.8 (critical): Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute…
CVE-2026-23534 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-23533 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-23532 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the…
CVE-2026-23531 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present…
CVE-2026-23530 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not…
CVE-2026-22854 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a…
CVE-2025-67268 — CVSS 9.8 (critical): gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540…
CVE-2025-50343 — CVSS 9.8 (critical): An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not…
CVE-2025-11788 — CVSS 9.8 (critical): Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is…
CVE-2025-11778 — CVSS 9.8 (critical): Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory…
CVE-2025-65085 — CVSS 9.8 (critical): A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions…
CVE-2025-64693 — CVSS 9.8 (critical): Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length…
CVE-2025-60724 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-26416 — CVSS 9.8 (critical): In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to…
CVE-2025-34523 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP)…
CVE-2025-34522 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be…
CVE-2025-54462 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch…
CVE-2025-53853 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master…
CVE-2025-53557 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch…
CVE-2025-53511 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch…
CVE-2025-48005 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master…
CVE-2025-53766 — CVSS 9.8 (critical): Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2025-54951 — CVSS 9.8 (critical): A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially…
CVE-2025-54949 — CVSS 9.8 (critical): A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable…