VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 7 of 126
  • CVE-2026-5734CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2018-25254CriApr 4, 2026
    risk 0.64cvss 9.8epss 0.01

    NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH…

  • CVE-2018-25223CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.01

    Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed…

  • CVE-2018-25221CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.01

    EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing…

  • CVE-2018-25220CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.01

    Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented…

  • CVE-2017-20229CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.01

    MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a…

  • CVE-2017-20227CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.01

    JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to…

  • CVE-2017-20225CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.01

    TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application,…

  • CVE-2016-20049CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.01

    JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack,…

  • CVE-2026-4181CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.01

    A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack…

  • CVE-2026-1668CriMar 13, 2026
    risk 0.64cvss 9.8epss 0.01

    The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.An…

  • CVE-2026-2807CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and…

  • CVE-2026-2793CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…

  • CVE-2026-2792CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2020-36964CriJan 28, 2026
    risk 0.64cvss 9.8epss 0.00

    YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service…

  • CVE-2021-47781CriJan 15, 2026
    risk 0.64cvss 9.8epss 0.00

    Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console…

  • CVE-2021-47774CriJan 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and gain remote code…

  • CVE-2026-22189CriJan 7, 2026
    risk 0.64cvss 9.8epss 0.00

    The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph…

  • CVE-2018-25154CriDec 24, 2025
    risk 0.64cvss 9.8epss 0.00

    GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.

  • CVE-2025-65084CriNov 25, 2025
    risk 0.64cvss 9.8epss 0.00

    An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code.