CWE-125
Out-of-bounds Read
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 50 of 150- CVE-2026-47223Medium· 5.4EPSS 0%3 h ago
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the up
- CVE-2025-9033High· 7.88 h ago
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows
- CVE-2025-9032High· 7.88 h ago
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on
- CVE-2025-8351High· 7.8EPSS 0%8 h ago
Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antiviru
- CVE-2025-10101High· 7.8EPSS 0%8 h ago
Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Mach-O file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norto
- CVE-2025-7017High· 7.89 h ago
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on
- CVE-2025-7011High· 7.89 h ago
Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus,
- CVE-2025-7009High· 7.89 h ago
Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, N
- CVE-2025-7008High· 7.89 h ago
Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antiviru
- CVE-2025-7003High· 7.89 h ago
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows
- CVE-2025-7002High· 7.89 h ago
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows
- CVE-2026-46690—EPSS 0%11 h ago
unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
crates.io - CVE-2026-47926Medium· 5.5EPSS 0%11 h ago
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive inform
- CVE-2026-11786Low· 1.9EPSS 0%12 h ago
A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumenta
- CVE-2026-47222Medium· 5.4EPSS 0%13 h ago
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the up
- CVE-2026-12033Medium· 5.3EPSS 0%13 h ago
Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium sec
- CVE-2026-45608Medium· 6.8EPSS 0%13 h ago
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
- CVE-2026-45634Medium· 5.5EPSS 0%13 h ago
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
- CVE-2026-47224Medium· 4.3EPSS 0%14 h ago
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip (via the upstream 7-
- CVE-2026-44808High· 7.8EPSS 0%14 h ago
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-44814Medium· 5.5EPSS 0%14 h ago
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
- CVE-2023-36424High· 7.8KEVEPSS 10%14 h ago
Microsoft Windows Out-of-Bounds Read Vulnerability
- CVE-2026-3055Critical· 9.8KEVEXPLOITEPSS 90%14 h ago
Citrix NetScaler Out-of-Bounds Read Vulnerability
- CVE-2024-53150High· 7.1KEVEPSS 1%14 h ago
Linux Kernel Out-of-Bounds Read Vulnerability
- CVE-2016-5198High· 8.8KEVEPSS 79%14 h ago
Google Chromium V8 Out-of-Bounds Memory Vulnerability
- CVE-2017-5030High· 8.8KEVEPSS 50%14 h ago
Google Chromium V8 Memory Corruption Vulnerability
- CVE-2025-5419High· 8.8KEVEPSS 4%14 h ago
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
- CVE-2025-22226High· 7.1KEVEPSS 4%14 h ago
VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability
- CVE-2023-42916Medium· 6.5KEVEPSS 0%14 h ago
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
- CVE-2023-28204Medium· 6.5KEVEPSS 0%14 h ago
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
- CVE-2020-11899Medium· 5.4KEVEPSS 35%14 h ago
Treck TCP/IP stack Out-of-Bounds Read Vulnerability
- CVE-2014-0160High· 7.5KEVEXPLOITEPSS 94%14 h ago
OpenSSL Information Disclosure Vulnerability
- CVE-2025-24991Medium· 5.5KEVEPSS 2%14 h ago
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
- CVE-2022-22675High· 7.8KEVEPSS 1%14 h ago
Apple macOS Out-of-Bounds Write Vulnerability
- CVE-2022-22674Medium· 5.5KEVEPSS 0%14 h ago
Apple macOS Out-of-Bounds Read Vulnerability
- CVE-2025-5777High· 7.5KEVEXPLOITEPSS 71%14 h ago
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
- CVE-2026-11645High· 8.8KEVEPSS 5%14 h ago
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
- CVE-2021-25487High· 7.3KEVEPSS 3%14 h ago
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
- CVE-2026-47961Medium· 5.5EPSS 0%16 h ago
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive inform
- CVE-2026-12026—EPSS 0%18 h ago
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Ch
- CVE-2026-52859—EPSS 0%1 d ago
Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it wal
- CVE-2026-42968Medium· 5.5EPSS 0%1 d ago
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
- CVE-2026-42914Medium· 5.3EPSS 0%1 d ago
Windows Kerberos Denial of Service Vulnerability
- CVE-2026-47166Medium· 5.7EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in
- CVE-2026-45624Medium· 5.1EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifyin
- CVE-2026-45359Medium· 5.7EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing
- CVE-2026-45358Medium· 5.3EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta en
- CVE-2026-42326Medium· 5.1EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single b
- CVE-2026-45604Medium· 5.5EPSS 0%1 d ago
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
- CVE-2026-44821Medium· 5.5EPSS 0%1 d ago
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.