VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 31 of 126
  • CVE-2026-10907HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10897HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10883HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-45700CriMay 29, 2026
    risk 0.57cvss 9.8epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination…

  • CVE-2026-9973HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9965HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9910HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9896HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9879HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-32740HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap…

  • CVE-2026-33642CriMay 19, 2026
    risk 0.57cvss 9.9epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to…

  • CVE-2026-27648HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

  • CVE-2026-8507CriMay 17, 2026
    risk 0.57cvss 9.8epss 0.01

    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with…

  • CVE-2026-8558HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8526HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8524HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-43909HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to…

  • CVE-2026-43908HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i * 3 inside ConvertCbYCrYToRGB() causes the…

  • CVE-2026-8053HigMay 13, 2026
    risk 0.57cvss 8.8epss 0.01

    An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping…

  • CVE-2025-53844HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.