VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 68 of 549
  • CVE-2026-9360HigMay 24, 2026
    risk 0.57cvss 8.8epss 0.00

    A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be…

  • CVE-2026-9348HigMay 24, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack…

  • CVE-2026-9346HigMay 24, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote.…

  • CVE-2026-9345HigMay 24, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument ssid/manualssid/ip/mask/gateway results in buffer overflow. The attack is…

  • CVE-2026-9344HigMay 24, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can…

  • CVE-2026-9295HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be…

  • CVE-2026-9294HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to…

  • CVE-2026-8975HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in…

  • CVE-2026-8974HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox…

  • CVE-2026-8973HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8836CriMay 18, 2026
    risk 0.57cvss 9.8epss 0.01

    A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer…

  • CVE-2026-45495HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2026-8776HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of the argument pptpUserName leads to buffer overflow. It is possible to…

  • CVE-2026-8775HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely.…

  • CVE-2023-31317HigMay 15, 2026
    risk 0.57cvss epss 0.00

    Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.

  • CVE-2025-62623HigMay 13, 2026
    risk 0.57cvss epss 0.00

    A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2026-8389HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

  • CVE-2026-28955HigMay 11, 2026
    risk 0.57cvss 8.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected…

  • CVE-2026-28940HigMay 11, 2026
    risk 0.57cvss 8.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing a maliciously crafted image may corrupt process memory.

  • CVE-2026-28847HigMay 11, 2026
    risk 0.57cvss 8.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected…