CWE-126— Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.— MITRE CWE catalog
451 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-126page 8 of 10
- CVE-2025-27065HIGHCVSS 7.5EG 7.52025-08-06
Transient DOS while processing a frame with malformed shared-key descriptor.
- CVE-2025-27068HIGHCVSS 7.8EG 7.82025-08-06
Memory corruption while processing an IOCTL command with an arbitrary address.
- CVE-2025-29956MEDIUMCVSS 5.4EG 5.42025-05-13
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
- CVE-2025-32052MEDIUMCVSS 6.5EG 6.52025-04-03
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
- CVE-2025-32053MEDIUMCVSS 6.5EG 6.52025-04-03
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
- CVE-2025-32704HIGHCVSS 8.4EG 8.42025-05-13
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-36855HIGHCVSS 8.8EG 8.82025-09-08
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product rea…
- CVE-2025-4207MEDIUMCVSS 5.9EG 5.92025-05-08
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and …
- CVE-2025-4582HIGHCVSS 7.1EG 7.12025-09-23
Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.…
- CVE-2025-47295LOWCVSS 3.7EG 3.72025-05-28
A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, unde…
- CVE-2025-47317HIGHCVSS 7.8EG 7.82025-09-24
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
- CVE-2025-47318HIGHCVSS 7.5EG 7.52025-09-24
Transient DOS while parsing the EPTM test control message to get the test pattern.
- CVE-2025-47326HIGHCVSS 7.5EG 7.52025-09-24
Transient DOS while handling command data during power control processing.
- CVE-2025-47328HIGHCVSS 7.5EG 7.52025-09-24
Transient DOS while processing power control requests with invalid antenna or stream values.
- CVE-2025-47330MEDIUMCVSS 5.5EG 5.52026-01-07
Transient DOS while parsing video packets received from the video firmware.
- CVE-2025-47331MEDIUMCVSS 6.1EG 6.12026-01-07
Information disclosure while processing a firmware event.
- CVE-2025-47362MEDIUMCVSS 6.1EG 6.12025-11-04
Information disclosure while processing message from client with invalid payload.
- CVE-2025-47368HIGHCVSS 7.8EG 7.82025-11-04
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
- CVE-2025-47390HIGHCVSS 7.8EG 7.82026-04-06
Memory corruption while preprocessing IOCTL request in JPEG driver.
- CVE-2025-47395MEDIUMCVSS 6.5EG 6.52026-01-07
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
- CVE-2025-47400HIGHCVSS 7.1EG 7.12026-04-06
Cryptographic issue while copying data to a destination buffer without validating its size.
- CVE-2025-47401MEDIUMCVSS 6.5EG 6.52026-05-04
Transient DOS when processing target power rate tables during channel configuration.
- CVE-2025-47402MEDIUMCVSS 6.5EG 6.52026-02-02
Transient DOS when processing a received frame with an excessively large authentication information element.
- CVE-2025-47403MEDIUMCVSS 6.5EG 6.52026-05-04
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
- CVE-2025-47406MEDIUMCVSS 6.1EG 6.12026-05-04
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
- CVE-2025-47971HIGHCVSS 7.8EG 7.82025-07-08
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
- CVE-2025-47973HIGHCVSS 7.8EG 7.82025-07-08
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
- CVE-2025-49659HIGHCVSS 7.8EG 7.82025-07-08
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
- CVE-2025-49684MEDIUMCVSS 5.5EG 5.52025-07-08
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
- CVE-2025-53736MEDIUMCVSS 6.8EG 6.82025-08-12
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- CVE-2025-53796MEDIUMCVSS 6.5EG 6.52025-09-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53797MEDIUMCVSS 6.5EG 6.52025-09-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53798MEDIUMCVSS 6.5EG 6.52025-09-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53806MEDIUMCVSS 6.5EG 6.52025-09-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-54901MEDIUMCVSS 5.5EG 5.52025-09-09
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2025-55081CRITICALCVSS 9.1EG 9.12025-10-15
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method l…
- CVE-2025-55083MEDIUMCVSS 5.3EG 5.32025-10-15
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
- CVE-2025-55084MEDIUMCVSS 5.3EG 5.32025-10-16
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
- CVE-2025-55090MEDIUMCVSS 6.5EG 6.52025-10-16
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
- CVE-2025-55091MEDIUMCVSS 6.5EG 6.52025-10-16
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.
- CVE-2025-55092MEDIUMCVSS 5.3EG 5.32025-10-17
In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing an IPv4 packet with the timestamp option.
- CVE-2025-55093MEDIUMCVSS 5.3EG 5.32025-10-17
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP messages that could cause corruption of 4 bytes o…
- CVE-2025-55325MEDIUMCVSS 5.5EG 5.52025-10-14
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
- CVE-2025-59192HIGHCVSS 7.8EG 7.82025-10-14
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
- CVE-2025-59609MEDIUMCVSS 5.5EG 5.52026-06-01
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
- CVE-2025-59933HIGHCVSS 7.8EG 7.82025-09-29
libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when pa…
- CVE-2025-60003HIGHCVSS 7.5EG 7.52026-01-15
A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives…
- CVE-2025-60720HIGHCVSS 7.8EG 7.82025-11-11
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
- CVE-2025-60729MEDIUMCVSS 5.3EG 5.32025-10-24
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
- CVE-2025-62461HIGHCVSS 7.8EG 7.82025-12-09
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
Map vulnerabilities like CWE-126 to your infrastructure
EchelonGraph correlates every CVE — across CWE-126 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →