buffer over-read

A newly disclosed libsoup vulnerability tracked as CVE-2026-2369 deserves attention because it combines a classic integer-underflow bug with a very practical impact: a buffer overread triggered while processing a zero-length resource. Red Hat’s CVE entry describes the flaw as a buffer overread...

A heap-based buffer over-read has been assigned CVE-2026-24821 after researchers identified a flaw in the Lua parsing code of turanszkij’s WickedEngine that can be triggered when the engine compiles untrusted Lua code; the flaw is rooted in lparser.C and affects WickedEngine releases through...

Microsoft’s advisory classifies CVE-2025-54901 as a buffer over-read (out‑of‑bounds read) in Microsoft Office Excel that can disclose process memory contents when a crafted spreadsheet is opened. Executive summary What it is: CVE-2025-54901 is an information‑disclosure vulnerability in...

Microsoft has assigned CVE-2025-53796 to a newly disclosed vulnerability in the Windows Routing and Remote Access Service (RRAS) that can cause a buffer over‑read / use of an uninitialized resource, allowing an attacker to disclose memory contents over a network; organizations that run RRAS as a...

Microsoft has confirmed CVE-2025-53798 — an information-disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) — and released a vendor update; administrators who run RRAS must treat exposed RRAS endpoints as high-priority to remediate or isolate until patches are...

Honeywell’s OneWireless Wireless Device Manager (WDM) has been the subject of a high-severity coordinated disclosure: multiple vulnerabilities in the Control Data Access (CDA) component allow remote attackers to cause information disclosure, denial-of-service, and, in the worst cases, remote...

Microsoft’s Security Update Guide lists CVE-2025-53736 as a Microsoft Word information-disclosure vulnerability caused by a buffer over-read in Word that can allow an unauthorized local actor to read memory and disclose sensitive information on a victim machine; administrators are strongly...

A critical security vulnerability, identified as CVE-2025-49659, has been discovered in the Windows Transport Driver Interface (TDI) Translation Driver, specifically within the tdx.sys component. This flaw allows authorized attackers to elevate their privileges locally by exploiting a buffer...

A newly disclosed security vulnerability—CVE-2025-47973—has cast a spotlight on the inner workings and potential risks associated with Microsoft’s Virtual Hard Disk (VHDX) technology. Central to many enterprise virtual environments, VHDX files form the backbone of countless Hyper-V deployments...

A recently disclosed vulnerability in Microsoft’s Virtual Hard Disk (VHDX) system, tracked as CVE-2025-47971, has sent ripples through the Windows ecosystem, raising concerns for system administrators, virtualization professionals, and anyone relying on virtualized storage. This security flaw...

A critical new security flaw has emerged in one of the foundational components of Microsoft’s operating system, underscoring both the relentless sophistication of modern cyber threats and the continuing imperative for rigorous defense-in-depth strategies. Known officially as CVE-2025-24068, this...

In the rapidly evolving landscape of cybersecurity, Microsoft Office products remain frequent targets for sophisticated attacks. The latest disclosed vulnerability, CVE-2025-32704, underscores this ongoing risk—this time centering on Microsoft Excel and its deep integration across business...

Windows Server Message Block (SMB) vulnerabilities consistently make headlines due to their profound impact on enterprise environments, end-user privacy, and the evolving cybersecurity landscape. The recent disclosure and patching of CVE-2025-29956—a buffer over-read vulnerability in Windows...

The recent disclosure of CVE-2025-29832 has thrust the Windows Routing and Remote Access Service (RRAS) into the cybersecurity spotlight, raising urgent questions about the security posture of enterprise and cloud environments built atop Microsoft’s networking infrastructure. RRAS, a...

In today’s ever-evolving cybersecurity landscape, even the backbone services you trust to keep your network running smoothly can harbor hidden vulnerabilities. The recently disclosed CVE-2025-26664, a buffer over-read in Windows Routing and Remote Access Service (RRAS), has emerged as a critical...

The Windows Routing and Remote Access Service (RRAS) has long been an integral part of Windows network infrastructures, facilitating VPN connections, remote dial-ins, and efficient routing between networks. However, as with many core services, a small oversight can lead to a serious...

In the fast-evolving landscape of cybersecurity, even a seemingly mundane service like Windows Routing and Remote Access Service (RRAS) can harbor vulnerabilities that may have far-reaching implications. One such vulnerability, CVE-2025-26676, has caught the attention of security professionals...

CVE-2025-24992: NTFS Buffer Over-read Exposes Local Information The Windows NTFS file system has long been a stalwart in Windows storage design, but even this cornerstone isn’t immune to vulnerabilities. CVE-2025-24992 is the latest issue that security professionals and system administrators...

In the ever-evolving landscape of cybersecurity, staying informed about vulnerabilities and updates is paramount for Windows users. A recent notification from the Microsoft Security Response Center (MSRC) concerning CVE-2024-5535 highlights a significant buffer overread vulnerability in OpenSSL...