137634 matches found
CVE-2026-50144
ncnn (mobile-optimized neural network framework) contains an out-of-bounds heap write in ParamDict::load_param() when loading a malicious .param model, caused by a negative parameter id indexing before params[NCNN_MAX_PARAM_COUNT]. This is exploitable via Net::load_param() and is fixed by commit ...
CVE-2026-62349
TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString checks space for only one byte before processing SQL string escape sequences %, , or \x, allowing a one-byte out-of-bounds write to the...
CVE-2026-62351
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, source/libs/transport/src/transComm.c transDecompressMsg read STransCompMsg.contLen when pHead-comp == 1 without first validating that the RPC packet contained the 8-byte STransCompMsg structure, causi...
CVE-2026-62353
TDengine before version 3.4.1.14 contains an out-of-bounds read in the SQL lexer (parTokenizer.c tGetToken) where a trailing backslash in a string literal can cause the parser to read beyond the null terminator, potentially crashing the server and leaking adjacent memory. The issue requires an au...
CVE-2026-62351
TDengine before 3.4.1.15 is affected. In transDecompressMsg() within source/libs/transport/src/transComm.c, the code reads STransCompMsg.contLen when pHead->comp == 1 without first validating that the RPC packet contains the 8-byte STransCompMsg structure. This can cause an unauthenticated out...
CVE-2026-10673
The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver drivers/ethernet/ethadin2111.c reassembles received Ethernet frames in OPEN Alliance OA SPI mode by copying device-supplied 64-byte data chunks into a fixed static buffer ctx-buf of size CONFIGETHADIN2111BUFFERSIZE default 1524 bytes. In...
EUVD-2026-44746
The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver drivers/ethernet/ethadin2111.c reassembles received Ethernet frames in OPEN Alliance OA SPI mode by copying device-supplied 64-byte data chunks into a fixed static buffer ctx-buf of size CONFIGETHADIN2111BUFFERSIZE default 1524 bytes. In...
CVE-2026-20156
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20156
CVE-2026-20156 relates to Cisco RoomOS and a set of buffer management vulnerabilities (CWE-119) arising from improper bounds checks. The hardening release addresses multiple internally discovered issues; CVSSv3.1 metrics indicate network-access, high impact on confidentiality, integrity, and avai...
EUVD-2026-44717
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...
kernel: smb: client: fix OOB reads parsing symlink error response
A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...
CVE-2026-58553
CVE-2026-58553 is described as an out-of-bounds read in the image codec module with potential impact to service confidentiality. Metrics show CVSSv3.1: Local attack vector, Low attack complexity, No privileges required, No user interaction, Confidentiality impact None, Integrity impact None, Avai...
CVE-2026-58553
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2026-44657
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-58552
CVE-2026-58552 describes an out-of-bounds read in the image codec module. The CVSS v3.1 base score is 5.1 (MEDIUM); attack vector: LOCAL , no privileges required, no user interaction. Impacts: confidentiality and availability may be affected; integrity: NONE . The connected documents provide no c...
CVE-2026-58552
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
EUVD-2026-44656
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-58551
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2026-58551
CVE-2026-58551 is an out-of-bounds read vulnerability in the image codec module. The CVSS 3.1 vector indicates LOCAL attack, low complexity, no privileges required, no user interaction, with Confidentiality and Availability impacts listed as LOW; Integrity impact is NONE. Base score 5.1 (MEDIUM)....