CWE-126: Buffer Over-read — known CVE vulnerabilities
CVEs classified under CWE-126 (Buffer Over-read), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-41898 — CVSS 9.8 (critical): rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind…
CVE-2025-12106 — CVSS 9.1 (critical): Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing…
CVE-2023-51773 — CVSS 9.1 (critical): BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.
CVE-2021-34584 — CVSS 9.1 (critical): Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a…
CVE-2025-36855 — CVSS 8.8 (high): A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer…
CVE-2021-1373 — CVSS 8.6 (high): A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller…
CVE-2026-5260 — CVSS 8.2 (high): A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server…
CVE-2025-21488 — CVSS 8.2 (high): Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2025-21487 — CVSS 8.2 (high): Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the…
CVE-2025-21484 — CVSS 8.2 (high): Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2024-53026 — CVSS 8.2 (high): Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
CVE-2024-53020 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
CVE-2024-53019 — CVSS 8.2 (high): Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
CVE-2024-45552 — CVSS 8.2 (high): Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC…
CVE-2024-23359 — CVSS 8.2 (high): Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
CVE-2023-24848 — CVSS 8.2 (high): Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
CVE-2026-28364 — CVSS 7.9 (high): In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution…
CVE-2026-42828 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-26184 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-21378 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-21376 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-21375 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2026-21374 — CVSS 7.8 (high): Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
CVE-2026-21373 — CVSS 7.8 (high): Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2025-62560 — CVSS 7.8 (high): Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62467 — CVSS 7.8 (high): Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62464 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62462 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62461 — CVSS 7.8 (high): Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-60720 — CVSS 7.8 (high): Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
CVE-2025-47368 — CVSS 7.8 (high): Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
CVE-2025-59192 — CVSS 7.8 (high): Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59933 — CVSS 7.8 (high): libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with…
CVE-2025-47317 — CVSS 7.8 (high): Memory corruption due to global buffer overflow when a test command uses an invalid payload type.