Total
432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4371 | 1 Mozilla | 1 Thunderbird | 2026-03-27 | 7.4 High |
| A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. | ||||
| CVE-2026-3203 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.5 Medium |
| RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | ||||
| CVE-2024-4853 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2026-03-27 | 3.6 Low |
| Memory handling issue in editcap could cause denial of service via crafted capture file | ||||
| CVE-2024-11596 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 7.8 High |
| ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2026-20846 | 1 Microsoft | 31 Office, Windows 10 1607, Windows 10 1809 and 28 more | 2026-03-16 | 7.5 High |
| Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-28364 | 1 Ocaml | 1 Ocaml | 2026-03-06 | 7.9 High |
| In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data. | ||||
| CVE-2025-59600 | 1 Qualcomm | 329 Ar8031, Ar8031 Firmware, Ar8035 and 326 more | 2026-03-04 | 7.8 High |
| Memory Corruption when adding user-supplied data without checking available buffer space. | ||||
| CVE-2026-26271 | 1 Freerdp | 1 Freerdp | 2026-02-27 | 5.3 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by crafted RDP Window Icon (TS_ICON_INFO) data. The bug is reachable over the network when a client processes icon data from an RDP server (or from a man-in-the-middle). Version 3.23.0 fixes the issue. | ||||
| CVE-2026-27798 | 2 Dlemstra, Imagemagick | 2 Magick.net, Imagemagick | 2026-02-27 | 4 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||||
| CVE-2026-27799 | 2 Dlemstra, Imagemagick | 2 Magick.net, Imagemagick | 2026-02-27 | 4 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | ||||
| CVE-2025-21271 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 4 more | 2026-02-26 | 7.8 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2025-21176 | 4 Apple, Linux, Microsoft and 1 more | 25 Macos, Linux Kernel, .net and 22 more | 2026-02-26 | 8.8 High |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-45568 | 1 Qualcomm | 26 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 23 more | 2026-02-26 | 6.7 Medium |
| Memory corruption due to improper bounds check while command handling in camera-kernel driver. | ||||
| CVE-2025-21475 | 1 Qualcomm | 80 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 77 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing escape code, when DisplayId is passed with large unsigned value. | ||||
| CVE-2025-21421 | 1 Qualcomm | 91 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 88 more | 2026-02-26 | 7.8 High |
| Memory corruption while processing escape code in API. | ||||
| CVE-2025-21428 | 1 Qualcomm | 138 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 135 more | 2026-02-26 | 7.5 High |
| Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. | ||||
| CVE-2025-21429 | 1 Qualcomm | 364 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 361 more | 2026-02-26 | 7.5 High |
| Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. | ||||
| CVE-2025-32704 | 1 Microsoft | 8 365 Apps, Excel, Excel 2016 and 5 more | 2026-02-26 | 8.4 High |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-47971 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 7.8 High |
| Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-47317 | 1 Qualcomm | 107 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 104 more | 2026-02-26 | 7.8 High |
| Memory corruption due to global buffer overflow when a test command uses an invalid payload type. | ||||