Total
8825 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33062 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33061 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33060 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33059 | 1 Microsoft | 20 Windows, Windows 10 1507, Windows 10 1607 and 17 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33058 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-32720 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-32719 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-32716 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-20 | 7.8 High |
| Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-32715 | 1 Microsoft | 27 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 24 more | 2026-02-20 | 6.5 Medium |
| Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55225 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-20 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-54097 | 1 Microsoft | 13 Windows, Windows Server, Windows Server 2008 and 10 more | 2026-02-20 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-54096 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-20 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-54095 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-02-20 | 6.5 Medium |
| Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-62468 | 1 Microsoft | 9 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 6 more | 2026-02-20 | 5.5 Medium |
| Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-63649 | 2 Monkey, Monkey-project | 2 Monkey, Monkey | 2026-02-19 | 7.5 High |
| An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server. | ||||
| CVE-2025-63650 | 2 Monkey, Monkey-project | 2 Monkey, Monkey | 2026-02-19 | 7.5 High |
| An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server. | ||||
| CVE-2026-24811 | 2 Riot Project, Root | 2 Riot, Root | 2026-02-19 | 9.8 Critical |
| Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root. | ||||
| CVE-2026-0665 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-02-19 | 6.5 Medium |
| An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption. | ||||
| CVE-2026-26264 | 1 Bacnetstack | 1 Bacnet Stack | 2026-02-18 | 8.1 High |
| BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack, leading to an out‑of‑bounds read and a crash (DoS). The issue is in wp.c within wp_decode_service_request. When decoding the optional priority context tag, the code passes apdu_len - apdu_size to bacnet_unsigned_context_decode without validating that apdu_size <= apdu_len. If a truncated APDU reaches this path, apdu_len - apdu_size underflows, resulting in a large size being used for decoding and an out‑of‑bounds read. This vulnerability is fixed in 1.5.0rc4 and 1.4.3rc2. | ||||
| CVE-2025-66624 | 1 Bacnetstack | 1 Bacnet Stack | 2026-02-18 | 7.5 High |
| BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. Prior to 1.5.0.rc2, The npdu_is_expected_reply function in src/bacnet/npdu.c indexes request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4] without verifying that those APDU bytes exist. bacnet_npdu_decode() can return offset == 2 for a 2-byte NPDU, so tiny PDUs pass the version check and then get read out of bounds. On ASan/MPU/strict builds this is an immediate crash (DoS). On unprotected builds it is undefined behavior and can mis-route replies; RCE is unlikely because only reads occur, but DoS is reliable. | ||||