Export limit exceeded: 364917 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9647 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-62603 2 Debian, Eprosima 2 Debian Linux, Fast Dds 2026-02-18 7.5 High
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as crypto-token exchange, rekeying, re-authentication, and token delivery for newly appearing endpoints. On receive, the CDR parser is invoked first and deserializes the `message_data` (i .e., the `DataHolderSeq`) via the `readParticipantGenericMessage → readDataHolderSeq` path. The `DataHolderSeq` is parsed sequentially: a sequence count (`uint32`), and for each DataHolder the `class_id` string (e.g. `DDS:Auth:PKI-DH:1.0+Req`), string properties (a sequence of key/value pairs), and binary properties (a name plus an octet-vector). The parser operat es at a stateless level and does not know higher-layer state (for example, whether the handshake has already completed), s o it fully unfolds the structure before distinguishing legitimate from malformed traffic. Because RTPS permits duplicates, delays, and retransmissions, a receiver must perform at least minimal structural parsing to check identity and sequence n umbers before discarding or processing a message; the current implementation, however, does not "peek" only at a minimal header and instead parses the entire `DataHolderSeq`. As a result, prior to versions 3.4.1, 3.3.1, and 2.6.11, this parsi ng behavior can trigger an out-of-memory condition and remotely terminate the process. Versions 3.4.1, 3.3.1, and 2.6.11 p atch the issue.
CVE-2025-70121 1 Free5gc 1 Free5gc 2026-02-18 7.5 High
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_MobileIdentity5GS.go) when accessing index 5 of a 5-element array, leading to a runtime panic and AMF crash.
CVE-2025-20703 1 Mediatek 63 Modem, Mt2735, Mt2737 and 60 more 2026-02-17 6.5 Medium
In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708.
CVE-2025-20659 1 Mediatek 170 Mt2735, Mt2735 Firmware, Mt2737 and 167 more 2026-02-17 6.5 Medium
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768.
CVE-2026-2574 1 Gnome 1 Glib-networking 2026-02-17 5.4 Medium
A flaw was found in glib-networking. A malicious Transport Layer Security (TLS) server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory is accessed outside of its allocated buffer and subsequently freed incorrectly. This can lead to a denial-of-service and potentially disclose limited heap memory.
CVE-2025-62202 1 Microsoft 13 365, 365 Apps, Excel and 10 more 2026-02-13 7.1 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-60728 1 Microsoft 8 365, 365 Apps, Office and 5 more 2026-02-13 4.3 Medium
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2025-60726 1 Microsoft 13 365, 365 Apps, Excel and 10 more 2026-02-13 7.1 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-60706 1 Microsoft 23 Hyper-v, Windows, Windows 10 and 20 more 2026-02-13 5.5 Medium
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2025-59513 1 Microsoft 25 Windows, Windows 10, Windows 10 1607 and 22 more 2026-02-13 5.5 Medium
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
CVE-2025-63653 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-13 7.5 High
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-63656 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-13 7.5 High
An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-63657 2 Monkey, Monkey-project 2 Monkey, Monkey 2026-02-13 7.5 High
An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-21245 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 8.8 High
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 8.8 High
Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21374 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2026-02-13 5.5 Medium
Windows CSC Service Information Disclosure Vulnerability
CVE-2025-21324 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.6 Medium
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21310 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.6 Medium
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21261 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.6 Medium
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-21256 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.6 Medium
Windows Digital Media Elevation of Privilege Vulnerability