CWE-787: Out-of-bounds Write — known CVE vulnerabilities
CVEs classified under CWE-787 (Out-of-bounds Write), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-42369 — CVSS 10.0 (critical): GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a…
CVE-2026-4746: Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is associated with…
CVE-2024-42479 — CVSS 10.0 (critical): llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address…
CVE-2023-45318 — CVSS 10.0 (critical): A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A…
CVE-2024-23622 — CVSS 10.0 (critical): A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can…
CVE-2022-43605 — CVSS 10.0 (critical): An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer…
CVE-2022-43604 — CVSS 10.0 (critical): An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer…
CVE-2021-26730 — CVSS 10.0 (critical): A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to…
CVE-2022-2972 — CVSS 10.0 (critical): MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to…
CVE-2022-2970 — CVSS 10.0 (critical): MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not…
CVE-2022-20749 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20712 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20711 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20710 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20709 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20707 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20706 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20705 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20704 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2022-20702 — CVSS 10.0 (critical): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the…
CVE-2021-21961 — CVSS 10.0 (critical): A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A…
CVE-2021-21940 — CVSS 10.0 (critical): A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A…
CVE-2021-34770 — CVSS 10.0 (critical): A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco…
CVE-2020-25066 — CVSS 10.0 (critical): A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service…
CVE-2019-5049 — CVSS 10.0 (critical): An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A…
CVE-2019-5684 — CVSS 10.0 (critical): NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause…
CVE-2019-6235 — CVSS 10.0 (critical): A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2…
CVE-2018-3991 — CVSS 10.0 (critical): An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version…
CVE-2018-17160 — CVSS 10.0 (critical): In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can…
CVE-2018-2913 — CVSS 10.0 (critical): Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Supported versions that are…
CVE-2018-6692 — CVSS 10.0 (critical): Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local…
CVE-2018-10718 — CVSS 10.0 (critical): Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute…
CVE-2016-9343 — CVSS 10.0 (critical): An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware…
CVE-2015-5105 — CVSS 10.0 (critical): Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic…
CVE-2015-5098 — CVSS 10.0 (critical): Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic…
CVE-2015-5096 — CVSS 10.0 (critical): Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic…
CVE-2015-0235 — CVSS 10.0 (critical): Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows…
CVE-2014-1478 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers…
CVE-2013-5610 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers…
CVE-2012-3957 — CVSS 10.0 (critical): Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-0751 — CVSS 10.0 (critical): The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary…
CVE-2011-1807 — CVSS 10.0 (critical): Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified…