CWE-126— Buffer Over-read
436 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-126page 9 of 9
- CVE-2025-62462HIGHCVSS 7.8EG 7.82025-12-09
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-62464HIGHCVSS 7.8EG 7.82025-12-09
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-62467HIGHCVSS 7.8EG 7.82025-12-09
Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-62473MEDIUMCVSS 6.5EG 6.52025-12-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-62560HIGHCVSS 7.8EG 7.82025-12-09
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-62787HIGHCVSS 7.5EG 7.52025-10-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt() when child_attr[p]->attributes[j] is accessed, because the corresponding index (j) i…
- CVE-2025-62792HIGHCVSS 7.5EG 7.52025-10-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not b…
- CVE-2025-63602HIGHCVSS 7.3EG 7.32025-11-18
A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0…
- CVE-2025-66692HIGHCVSS 7.5EG 7.52026-01-20
A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-7745MEDIUMCVSS 5.8EG 5.82025-07-24
Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.
- CVE-2026-0930MEDIUMCVSS 4.3EG 4.32026-04-20
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory t…
- CVE-2026-20846HIGHCVSS 7.5EG 7.52026-02-10
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
- CVE-2026-21367HIGHCVSS 7.6EG 7.62026-04-06
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
- CVE-2026-21371HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when retrieving output buffer with insufficient size validation.
- CVE-2026-21373HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
- CVE-2026-21374HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
- CVE-2026-21375HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
- CVE-2026-21376HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
- CVE-2026-21378HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
- CVE-2026-21381HIGHCVSS 7.6EG 7.62026-04-06
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
- CVE-2026-2394MEDIUMCVSS 6.5EG 6.52026-04-01
Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0…
- CVE-2026-25646HIGHCVSS 8.1EG 8.12026-02-10
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function.…
- CVE-2026-26155MEDIUMCVSS 6.5EG 6.52026-04-14
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- CVE-2026-26169MEDIUMCVSS 6.1EG 6.12026-04-14
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
- CVE-2026-26184HIGHCVSS 7.8EG 7.82026-04-14
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-34059HIGHCVSS 7.5EG 7.52026-05-04
Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
- CVE-2026-34336HIGHCVSS 7.8EG 7.82026-05-12
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-37532HIGHCVSS 7.1EG 7.12026-05-01
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, …
- CVE-2026-40341LOWCVSS 3.5EG 3.52026-04-18
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b3…
- CVE-2026-41898CRITICALCVSS 9.8EG 9.82026-04-24
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_state…
- CVE-2026-45684MEDIUMCVSS 4.9EG 4.92026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using …
- CVE-2026-5772MEDIUMCVSS 5.3EG 5.32026-04-09
A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the …
- CVE-2026-6238MEDIUMCVSS 6.5EG 6.52026-04-28
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which …
- CVE-2026-6532MEDIUMCVSS 5.5EG 5.52026-04-30
Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6575MEDIUMCVSS 4.3EG 4.32026-05-14
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that arra…
- CVE-2026-8463MEDIUMCVSS 5.3EG 5.32026-05-13
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without check…
Map vulnerabilities like CWE-126 to your infrastructure
EchelonGraph correlates every CVE — across CWE-126 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →