out-of-bounds read

CVE-2026-6920 is not just another line item in Chrome’s fast-moving security ledger; it is a sharp reminder that browser GPU pipelines remain one of the most sensitive attack surfaces in modern computing. The flaw, described as an out-of-bounds read in the GPU component of Google Chrome on...

CVE-2026-23447 is a narrow Linux kernel bug with broader implications for anyone running USB networking stacks on affected systems. The flaw sits in the cdc_ncm driver’s NDP32 verification path, where the kernel failed to account for ndpoffset when checking the bounds of the descriptor pointer...

CVE-2026-31497 is a small Linux kernel Bluetooth bug with outsized meaning for maintainers and downstream vendors. The issue sits in the btusb driver, where the kernel maps the number of active SCO links to USB alternate settings through a fixed lookup table, but failed to clamp the index before...

CVE-2026-31512 is a small-looking Linux kernel flaw with the kind of security significance that only packet-processing code can really deliver. The issue sits in the Bluetooth L2CAP path, where l2cap_ecred_data_rcv() can read the SDU length field before first confirming that the incoming skb...

A malformed cluster-bus packet in Valkey can crash the server process and trigger a remote denial-of-service condition unless operators apply the vendor patch or isolate the cluster bus interface, a weakness tracked as CVE-2026-21863 and disclosed by the Valkey maintainers and vulnerability...

A subtle bounds-checking bug in GNU Binutils’ VMS debugging parser can be coaxed into reading past its intended buffer, producing crashes and potential information disclosure that operators should treat as a real risk when processing untrusted object files or debug sections. This flaw — tracked...

A small but important Linux kernel networking bug — tracked as CVE‑2025‑40252 — was fixed upstream after a static-analysis finding showed a potential out‑of‑bounds read in the QLogic QEDE driver. The vulnerable code lived in two packet-aggregation helper routines, qede_tpa_cont and qede_tpa_end...

A newly disclosed vulnerability in Windows Routing and Remote Access Service (RRAS) — tracked as CVE-2025-53806 in the Microsoft Security Response Center entry provided by the reporter — is an out‑of‑bounds read / buffer over‑read that can allow an attacker to obtain memory contents from an...

CVE-2025-55225 is an out‑of‑bounds read (information‑disclosure) vulnerability in the Windows Routing and Remote Access Service (RRAS) that can allow a remote attacker to cause RRAS to return memory contents it should not disclose. Overview What it is: an out‑of‑bounds read /...

A newly disclosed Microsoft Excel vulnerability tracked as CVE-2025-54902 is an out‑of‑bounds read flaw in Excel’s file‑parsing logic that Microsoft warns could allow an attacker to achieve code execution on a targeted machine when a user opens a specially crafted spreadsheet, and organizations...

Microsoft’s security tracker lists CVE-2025-54898 as an out-of-bounds read vulnerability in Microsoft Excel that can be triggered by a crafted spreadsheet and may allow an attacker to achieve local code execution when a user opens a malicious file. Background Microsoft Excel remains one of the...

CVE-2025-54097 — Windows RRAS Information‑Disclosure Vulnerability An in‑depth feature for security teams and administrators Summary What it is: An out‑of‑bounds read in the Windows Routing and Remote Access Service (RRAS) that can cause RRAS to disclose contents of memory to a remote...

Microsoft’s Security Response Center lists CVE-2025-54095 as an out-of-bounds read in the Windows Routing and Remote Access Service (RRAS) that can disclose memory contents to a remote attacker over the network. Background / Overview Routing and Remote Access Service (RRAS) is a long‑standing...

Microsoft has published an advisory for CVE-2025-54096, a vulnerability in the Windows Routing and Remote Access Service (RRAS) that allows an out-of-bounds read and can be abused by a remote attacker to disclose sensitive information over a network — a high-priority fix for any server running...

Microsoft’s security team has published an advisory for an information‑disclosure bug in the Windows Routing and Remote Access Service (RRAS) — tracked as CVE‑2025‑53797 — describing an out‑of‑bounds / uninitialized‑resource read that can allow an attacker to obtain memory contents across the...

A series of newly discovered vulnerabilities in Rockwell Automation’s Arena simulation software have jolted the industrial software ecosystem, underscoring the persistent security challenges faced by critical manufacturing sectors worldwide. Carrying a high CVSS v4 base score of 8.4, these...

The cybersecurity landscape remains in a state of constant flux, and the importance of timely response to emergent vulnerabilities has never been higher. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) made a significant update to its Known Exploited Vulnerabilities (KEV)...

Siemens Solid Edge SE2025, widely deployed in critical manufacturing and engineering environments across the globe, has come under recent scrutiny following the disclosure of several significant vulnerabilities that could potentially compromise system integrity and user security. The urgency...

Microsoft Office has recently been identified with a critical security vulnerability, designated as CVE-2025-49696. This flaw, stemming from an out-of-bounds read error, allows unauthorized attackers to execute arbitrary code on affected systems. Given the widespread use of Microsoft Office in...

In the ever-evolving landscape of cybersecurity, vulnerabilities within virtualization platforms like Microsoft's Hyper-V pose significant risks to enterprise environments. A recent disclosure, identified as CVE-2025-48822, highlights a critical flaw in Hyper-V's Discrete Device Assignment (DDA)...