Total
8221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53805 | 1 Microsoft | 6 Internet Information Services, Windows, Windows 11 and 3 more | 2025-09-16 | 7.5 High |
| Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-55225 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-09-16 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-54902 | 1 Microsoft | 11 365, 365 Apps, Excel and 8 more | 2025-09-16 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54898 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2025-09-16 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54097 | 1 Microsoft | 5 Windows, Windows Server, Windows Server 2008 and 2 more | 2025-09-16 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-54096 | 2025-09-16 | 6.5 Medium | ||
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-54095 | 2025-09-16 | 6.5 Medium | ||
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2021-47153 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-16 | 6 Medium |
| In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction. | ||||
| CVE-2024-3017 | 1 Silabs | 1 Sisdk | 2025-09-16 | 6.5 Medium |
| In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service. | ||||
| CVE-2024-46724 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error | ||||
| CVE-2024-46723 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds. | ||||
| CVE-2024-46722 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds. | ||||
| CVE-2025-49796 | 1 Redhat | 12 Discovery, Enterprise Linux, Insights Proxy and 9 more | 2025-09-15 | 9.1 Critical |
| A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. | ||||
| CVE-2025-9086 | 1 Curl | 1 Curl | 2025-09-15 | 7.5 High |
| 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay. | ||||
| CVE-2023-4042 | 2 Artifex, Redhat | 9 Ghostscript, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 6 more | 2025-09-12 | 5.5 Medium |
| A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. | ||||
| CVE-2023-38559 | 4 Artifex, Debian, Fedoraproject and 1 more | 4 Ghostscript, Debian Linux, Fedora and 1 more | 2025-09-12 | 5.5 Medium |
| A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | ||||
| CVE-2025-54260 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | 7.8 High |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | ||||
| CVE-2025-9136 | 1 Libretro | 1 Retroarch | 2025-09-12 | 5.3 Medium |
| A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-54241 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | 5.5 Medium |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54240 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2025-09-12 | 5.5 Medium |
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||