CVEs classified under CWE-680, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2026-8376 — CVSS 9.8 (critical): Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds…
CVE-2025-54952 — CVSS 9.8 (critical): An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated…
CVE-2024-33078 — CVSS 9.8 (critical): Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code…
CVE-2025-53510 — CVSS 8.8 (high): A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a…
CVE-2025-52930 — CVSS 8.8 (high): A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When…
CVE-2025-52456 — CVSS 8.8 (high): A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a…
CVE-2025-46407 — CVSS 8.8 (high): A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When…
CVE-2025-32468 — CVSS 8.8 (high): A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading…
CVE-2021-21852 — CVSS 8.8 (high): Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced…
CVE-2019-18568 — CVSS 8.8 (high): Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.
CVE-2025-20263 — CVSS 8.6 (high): A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall…
CVE-2024-2608 — CVSS 8.4 (high): `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer…
CVE-2026-55200 — CVSS 8.1 (high): libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to…
CVE-2025-21442 — CVSS 7.8 (high): Memory corruption while transmitting packet mapping information with invalid header payload size.
CVE-2026-25541 — CVSS 7.5 (high): Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in…
CVE-2025-23326 — CVSS 7.5 (high): NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a…
CVE-2024-24478 — CVSS 7.5 (high): An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb…
CVE-2025-32023 — CVSS 7.0 (high): Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated…
CVE-2024-28219 — CVSS 6.7 (medium): In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
CVE-2024-6381 — CVSS 4.0 (medium): The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free…
CVE-2024-55626 — CVSS 3.3 (low): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a…