PT-2026-43270

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An out-of-bounds read exists in the NetFlow v9 data flowset processor within the src/netflow plugin/netflow v9 collector.cpp file. The Data template branch iterates over flow...

Advisory ROSA-SA-2026-3270

software: nginx 1.30.1 OS: ROSA-CHROME unaffected versions = nginx-1.30.1-1 affected versions nginx-1.30.1-1 CVE-ID: CVE-2026-42926 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX Open Source allows an attacker to inject frame headers and data into the upstream when proxying...

EUVD-2026-27975

Object lifecycle issue in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

PT-2026-38021

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux parse svq3 stsd data function within qtdemux.c. In the FOURCC SMI case, seqh size is read from the input file without proper validation. If seqh size is greater than the...

Astra Linux - уязвимость в postgresql-11

A flaw was discovered in PostgreSQL. A specially crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can carry out this attack at will. The attack does not require the ability to create objects. If the server settings include...

CVE-2026-5720

The CVE-2026-5720 issue affects the MiniUPnP daemon (miniupnpd). The vulnerability is an integer underflow in SOAPAction header parsing within ParseHttpHeaders(), where improper length validation can cause an underflow to a large unsigned value and an out-of-bounds memchr() read. This can lead to...

Linux Distros Unpatched Vulnerability : CVE-2026-34941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to...

Google Chrome Out-of-Bounds Read Vulnerability (CNVD-2026-15402)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause an out-of-bounds memory read to be performed via a specially crafted HTML page...

KLA90950 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Base can be exploited to...

CVE-2026-25139 RIOT Vulnerable to Multiple Out-of-Bounds Read When Processing Received 6LoWPAN SFR Fragments

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...

CVE-2019-2249

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081,...

CVE-2025-10933 Silicon Labs Z-Wave Protocol Controller Integer underflow vulnerability leads to out of bounds read

An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads...

CVE-2022-50709 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg syzbot is reporting uninit value at ath9khtcrxmsg 1, for ioctlUSBRAWIOCTLEPWRITE can call ath9khifusbrxstream with pktlen = 0 but ath9khifusbrxstream uses devallocskbpktlen +...

CVE-2025-66409

CVE-2025-66409 affects ESF-IDF (Espressif ESP32) where, when AVRCP is enabled, a malformed VENDOR DEPENDENT command can cause the Bluetooth stack to read memory beyond the validated buffer length. Affected versions include 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6 and earlier. Root cause is insufficient ...

CVE-2025-33192

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service...

CVE-2025-61839 Format Plugins | Out-of-bounds Read (CWE-125)

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

EUVD-2017-3341

Malware in sbrugna...

EUVD-2010-4784

Malware in sbrugna...

EUVD-2019-14623

Malware in sbrugna...

EUVD-2021-18173

Malware in sbrugna...