Vulnerabilities (CVE)

Filtered by CWE-122
Total 1188 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-49670 2025-07-11 N/A 6.5 MEDIUM
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-22881 1 Deltaww 1 Cncsoft-g2 2025-07-11 N/A 7.8 HIGH
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2025-22880 1 Deltaww 1 Cncsoft-g2 2025-07-11 N/A 7.8 HIGH
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2025-43582 1 Adobe 1 Substance 3d Viewer 2025-07-11 N/A 7.8 HIGH
Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47099 3 Adobe, Apple, Microsoft 3 Incopy, Macos, Windows 2025-07-11 N/A 7.8 HIGH
InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-48910 1 Huawei 1 Harmonyos 2025-07-11 N/A 5.5 MEDIUM
Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-53630 2025-07-10 N/A N/A
llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.
CVE-2025-47122 2 Adobe, Microsoft 2 Framemaker, Windows 2025-07-10 N/A 7.8 HIGH
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47123 2 Adobe, Microsoft 2 Framemaker, Windows 2025-07-10 N/A 7.8 HIGH
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47125 2 Adobe, Microsoft 2 Framemaker, Windows 2025-07-10 N/A 7.8 HIGH
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47131 2 Adobe, Microsoft 2 Framemaker, Windows 2025-07-10 N/A 7.8 HIGH
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47134 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2025-07-10 N/A 7.8 HIGH
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-43591 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2025-07-10 N/A 7.8 HIGH
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-47103 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2025-07-10 N/A 7.8 HIGH
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-33064 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-10 N/A 8.8 HIGH
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-33066 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-10 N/A 8.8 HIGH
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-21221 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-10 N/A 8.8 HIGH
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-21205 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-10 N/A 8.8 HIGH
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2024-45993 1 Giflib Project 1 Giflib 2025-07-10 N/A 6.5 MEDIUM
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
CVE-2025-29811 1 Microsoft 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more 2025-07-10 N/A 7.8 HIGH
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.