CWE-126— Buffer Over-read
436 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-126page 8 of 9
- CVE-2025-27065HIGHCVSS 7.5EG 7.52025-08-06
Transient DOS while processing a frame with malformed shared-key descriptor.
- CVE-2025-27068HIGHCVSS 7.8EG 7.82025-08-06
Memory corruption while processing an IOCTL command with an arbitrary address.
- CVE-2025-29956MEDIUMCVSS 5.4EG 5.42025-05-13
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
- CVE-2025-32052MEDIUMCVSS 6.5EG 6.52025-04-03
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
- CVE-2025-32053MEDIUMCVSS 6.5EG 6.52025-04-03
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
- CVE-2025-32704HIGHCVSS 8.4EG 8.42025-05-13
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-36855HIGHCVSS 8.8EG 8.82025-09-08
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product rea…
- CVE-2025-4207MEDIUMCVSS 5.9EG 5.92025-05-08
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and …
- CVE-2025-4582HIGHCVSS 7.1EG 7.12025-09-23
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.…
- CVE-2025-47295LOWCVSS 3.7EG 3.72025-05-28
A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, unde…
- CVE-2025-47317HIGHCVSS 7.8EG 7.82025-09-24
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
- CVE-2025-47318HIGHCVSS 7.5EG 7.52025-09-24
Transient DOS while parsing the EPTM test control message to get the test pattern.
- CVE-2025-47326HIGHCVSS 7.5EG 7.52025-09-24
Transient DOS while handling command data during power control processing.
- CVE-2025-47328HIGHCVSS 7.5EG 7.52025-09-24
Transient DOS while processing power control requests with invalid antenna or stream values.
- CVE-2025-47330MEDIUMCVSS 5.5EG 5.52026-01-07
Transient DOS while parsing video packets received from the video firmware.
- CVE-2025-47331MEDIUMCVSS 6.1EG 6.12026-01-07
Information disclosure while processing a firmware event.
- CVE-2025-47362MEDIUMCVSS 6.1EG 6.12025-11-04
Information disclosure while processing message from client with invalid payload.
- CVE-2025-47368HIGHCVSS 7.8EG 7.82025-11-04
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
- CVE-2025-47390HIGHCVSS 7.8EG 7.82026-04-06
Memory corruption while preprocessing IOCTL request in JPEG driver.
- CVE-2025-47395MEDIUMCVSS 6.5EG 6.52026-01-07
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
- CVE-2025-47400HIGHCVSS 7.1EG 7.12026-04-06
Cryptographic issue while copying data to a destination buffer without validating its size.
- CVE-2025-47401MEDIUMCVSS 6.5EG 6.52026-05-04
Transient DOS when processing target power rate tables during channel configuration.
- CVE-2025-47402MEDIUMCVSS 6.5EG 6.52026-02-02
Transient DOS when processing a received frame with an excessively large authentication information element.
- CVE-2025-47403MEDIUMCVSS 6.5EG 6.52026-05-04
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
- CVE-2025-47406MEDIUMCVSS 6.1EG 6.12026-05-04
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
- CVE-2025-47971HIGHCVSS 7.8EG 7.82025-07-08
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
- CVE-2025-47973HIGHCVSS 7.8EG 7.82025-07-08
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
- CVE-2025-49659HIGHCVSS 7.8EG 7.82025-07-08
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
- CVE-2025-49684MEDIUMCVSS 5.5EG 5.52025-07-08
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
- CVE-2025-53736MEDIUMCVSS 6.8EG 6.82025-08-12
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- CVE-2025-53796MEDIUMCVSS 6.5EG 6.52025-09-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53797MEDIUMCVSS 6.5EG 6.52025-09-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53798MEDIUMCVSS 6.5EG 6.52025-09-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53806MEDIUMCVSS 6.5EG 6.52025-09-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-54901MEDIUMCVSS 5.5EG 5.52025-09-09
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2025-55081CRITICALCVSS 9.1EG 9.12025-10-15
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method l…
- CVE-2025-55083MEDIUMCVSS 5.3EG 5.32025-10-15
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
- CVE-2025-55084MEDIUMCVSS 5.3EG 5.32025-10-16
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
- CVE-2025-55090MEDIUMCVSS 6.5EG 6.52025-10-16
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
- CVE-2025-55091MEDIUMCVSS 6.5EG 6.52025-10-16
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.
- CVE-2025-55092MEDIUMCVSS 5.3EG 5.32025-10-17
In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option.
- CVE-2025-55093MEDIUMCVSS 5.3EG 5.32025-10-17
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes o…
- CVE-2025-55325MEDIUMCVSS 5.5EG 5.52025-10-14
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- CVE-2025-59192HIGHCVSS 7.8EG 7.82025-10-14
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
- CVE-2025-59609MEDIUMCVSS 5.5EG 5.52026-06-01
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
- CVE-2025-59933HIGHCVSS 7.8EG 7.82025-09-29
libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when pa…
- CVE-2025-60003HIGHCVSS 7.5EG 7.52026-01-15
A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives…
- CVE-2025-60720HIGHCVSS 7.8EG 7.82025-11-11
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
- CVE-2025-60729MEDIUMCVSS 5.3EG 5.32025-10-24
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
- CVE-2025-62461HIGHCVSS 7.8EG 7.82025-12-09
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
Map vulnerabilities like CWE-126 to your infrastructure
EchelonGraph correlates every CVE — across CWE-126 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →