CWE-125: Out-of-bounds Read — known CVE vulnerabilities
CVEs classified under CWE-125 (Out-of-bounds Read), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-24826: Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion…
CVE-2024-22004 — CVSS 10.0 (critical): Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the…
CVE-2021-41556 — CVSS 10.0 (critical): sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code…
CVE-2021-21777 — CVSS 10.0 (critical): An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development…
CVE-2017-14451 — CVSS 10.0 (critical): An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart…
CVE-2013-0767 — CVSS 10.0 (critical): The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1…
CVE-2009-2523 — CVSS 10.0 (critical): The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message…
CVE-2026-33642 — CVSS 9.9 (critical): Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c…
CVE-2026-34987 — CVSS 9.9 (critical): Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default…
CVE-2023-28445 — CVSS 9.9 (critical): Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions…
CVE-2023-26489 — CVSS 9.9 (critical): wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64…
CVE-2025-15646 — CVSS 9.8 (critical): HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the <template> element was added to libgumbo…
CVE-2026-29013 — CVSS 9.8 (critical): libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in…
CVE-2026-31405 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The…
CVE-2026-33669 — CVSS 9.8 (critical): SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface…
CVE-2026-2771 — CVSS 9.8 (critical): Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8…
CVE-2026-3062 — CVSS 9.8 (critical): Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds…
CVE-2026-22984 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done()…
CVE-2025-69992 — CVSS 9.8 (critical): phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the…
CVE-2025-55086 — CVSS 9.8 (critical): In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked…
CVE-2025-57052 — CVSS 9.8 (critical): cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote…
CVE-2025-54950 — CVSS 9.8 (critical): An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code…
CVE-2025-4918 — CVSS 9.8 (critical): An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox…
CVE-2025-30458 — CVSS 9.8 (critical): A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files…
CVE-2025-24265 — CVSS 9.8 (critical): An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS…
CVE-2025-24256 — CVSS 9.8 (critical): The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5…
CVE-2025-24230 — CVSS 9.8 (critical): An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6…
CVE-2024-11131 — CVSS 9.8 (critical): A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via…
CVE-2025-29913 — CVSS 9.8 (critical): CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure…
CVE-2024-54506 — CVSS 9.8 (critical): An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be…
CVE-2017-17772 — CVSS 9.8 (critical): In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.
CVE-2024-11403 — CVSS 9.8 (critical): There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used…
CVE-2021-47274 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've…
CVE-2024-32659 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to…
CVE-2024-32658 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to…
CVE-2024-32459 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to…
CVE-2024-32458 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or…
CVE-2024-32041 — CVSS 9.8 (critical): FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or…
CVE-2024-32286 — CVSS 9.8 (critical): Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.
CVE-2024-32301 — CVSS 9.8 (critical): Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.
CVE-2024-23086 — CVSS 9.8 (critical): Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this…
CVE-2024-28515 — CVSS 9.8 (critical): Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of…
CVE-2024-30630 — CVSS 9.8 (critical): Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function.
CVE-2024-30587 — CVSS 9.8 (critical): Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.
CVE-2024-30596 — CVSS 9.8 (critical): Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.
CVE-2024-29943 — CVSS 9.8 (critical): An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This…
CVE-2024-28537 — CVSS 9.8 (critical): Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.
CVE-2024-0794 — CVSS 9.8 (critical): Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due…
CVE-2021-42144 — CVSS 9.8 (critical): Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via…