By weakness (CWE)

CWE-122: related vulnerabilities

CVEs classified under CWE-122. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

18 published vulnerabilities

  • CVE-2026-10989HIGH 8.8

    A flaw in Google Chrome's V8 JavaScript engine allows attackers to corrupt memory on a victim's computer through a specially crafted web page, but only if the user performs specific interactions with the page. The vulnerability requires user action and comes from an inappropriate implementation in Chrome versions before 149.0.7827.53. Once exploited, an attacker could read sensitive data, modify files, or crash the browser.

  • CVE-2026-10995HIGH 8.8

    A heap buffer overflow vulnerability exists in Google Chrome's TabStrip component that could allow an attacker to corrupt memory on a user's system. The attack requires convincing a user to perform specific gestures while viewing a malicious webpage. While Chromium's maintainers classified this as medium severity, the actual impact—potential code execution with high integrity and confidentiality compromise—warrants close attention from security teams.

  • CVE-2026-44420HIGH 8.8

    FreeRDP, a widely-used open-source Remote Desktop Protocol implementation, contains a flaw in its clipboard handling that allows an authenticated attacker to crash the RDP server or potentially execute arbitrary code. A malicious RDP client can send a specially crafted clipboard message with an invalid size parameter, causing the server to write past the bounds of allocated memory. This affects FreeRDP versions prior to 3.26.0. The vulnerability requires valid RDP credentials to exploit, limiting the attack surface to authenticated threat actors.

  • CVE-2026-44421HIGH 8.8

    FreeRDP, an open-source Remote Desktop Protocol client, contains a memory safety flaw that can be exploited by a malicious RDP server. When a FreeRDP client connects to an attacker-controlled server with graphics acceleration enabled, the attacker can send specially crafted network packets that trigger a heap buffer overflow during graphics operations. This memory corruption can crash the client or potentially allow remote code execution on the user's machine. The vulnerability requires user interaction (initiating an RDP connection) but does not require authentication, making it a practical attack vector against organizations that rely on remote desktop functionality.

  • CVE-2026-10929HIGH 8.3

    A memory safety flaw in ANGLE (the graphics abstraction layer used by Chrome) allows an attacker who has already compromised Chrome's sandboxed renderer process to escape that sandbox and gain full system access on Android devices. The attacker must trick a user into visiting a malicious webpage. This affects Chrome versions prior to 149.0.7827.53 on Android.

  • CVE-2026-10949HIGH 8.3

    A heap buffer overflow vulnerability in Google Chrome's video handling component allows an attacker who has already compromised Chrome's renderer process to escape the browser sandbox and gain system-level access. The attacker would need to craft a malicious HTML page to trigger the overflow, but exploitation requires the renderer to be already compromised—making this a post-compromise escape vector rather than a direct attack from an untrusted webpage. Chrome versions before 149.0.7827.53 are vulnerable on Windows, macOS, and Linux systems.

  • CVE-2026-0059HIGH 8.0

    A heap buffer overflow vulnerability in Android's SDP (Session Description Protocol) discovery module allows an attacker on the same network segment to execute code with the privileges of the affected process. No user action is required, and the attacker needs only basic network access—the flaw can be triggered remotely through specially crafted SDP packets. This is a serious local/adjacent network attack vector that bypasses normal authentication and user interaction requirements.

  • CVE-2026-20452HIGH 8.0

    A heap buffer overflow vulnerability exists in MediaTek's wireless LAN access point driver that allows a nearby attacker with local user privileges to corrupt memory and achieve remote code execution. The flaw requires the attacker to be on the same local network segment but does not require any user interaction to trigger. Exploitation would grant the attacker the same privilege level as the user running the affected driver—typically limited, but sufficient to compromise the integrity and confidentiality of the device.

  • CVE-2026-0100HIGH 7.8

    A heap buffer overflow vulnerability exists in Android's resource loading code (LoadedArsc.cpp) that allows a local attacker with standard user privileges to write data beyond the intended buffer boundaries. This memory corruption can be exploited to gain elevated system privileges without requiring special permissions or user interaction, making it a serious local privilege escalation vector.

  • CVE-2026-10946HIGH 7.5

    Google Chrome versions before 149.0.7827.53 contain a heap buffer overflow vulnerability in its media processing component. An attacker can exploit this by hosting a specially crafted HTML page and convincing a user to interact with it in specific ways—such as clicking, dragging, or performing other UI gestures. If successful, the attacker gains the ability to run arbitrary code, but crucially, that code executes within Chrome's sandbox, limiting lateral damage to the user's system. The vulnerability requires active user involvement, which raises the bar for exploitation but remains a meaningful risk given how often users interact with web content.

  • CVE-2026-10993MEDIUM 6.5

    A heap buffer overflow vulnerability exists in Skia, the graphics rendering engine used by Google Chrome. By visiting a specially crafted webpage, an attacker can read sensitive data from Chrome's memory without requiring any special user permissions beyond clicking the link. The vulnerability affects Chrome versions before 149.0.7827.53 and has a CVSS severity rating of Medium.

  • CVE-2026-10194MEDIUM 6.3

    A heap-based buffer overflow exists in OFFIS DCMTK 3.7.0 within the query/retrieve service component (dcmqrscp). An authenticated attacker can trigger this flaw remotely by sending specially crafted requests to the image deletion function, potentially causing memory corruption, data loss, or service disruption. The vulnerability requires valid credentials to exploit but poses moderate risk in networked medical imaging environments where DCMTK is deployed.

  • CVE-2025-55664MEDIUM 5.5

    CVE-2025-55664 is a heap buffer overflow vulnerability in GPAC MP4Box version 2.4 that can be triggered when processing a specially crafted MP4 file. An attacker can exploit this by tricking a user into opening a malicious MP4 file, causing the application to crash or become unresponsive. This is a local, user-interaction-based attack that does not allow data theft or system compromise, but disrupts availability of the MP4Box tool.

  • CVE-2026-10200MEDIUM 5.3

    Assimp, a popular open-source 3D model import library, contains a heap-based buffer overflow vulnerability in its glTF file format parser. An attacker with local access to a system can craft a malicious glTF file with a specially crafted 4x4 matrix to overflow memory and trigger a crash, information disclosure, or potential code execution. The vulnerability affects Assimp versions up to 6.0.4 and has been publicly disclosed.

  • CVE-2026-10229MEDIUM 5.3

    Assimp, a widely-used 3D model import library, contains a heap-based buffer overflow in its Half-Life 1 MDL file loader. An attacker with local system access can craft a malicious .MDL file that, when processed by an application using vulnerable Assimp versions up to 6.0.4, triggers memory corruption. This could lead to information disclosure, data corruption, or process crash. The vulnerability requires local execution and has been publicly disclosed.

  • CVE-2026-10230MEDIUM 5.3

    Assimp, a popular open-source 3D model import library, contains a heap buffer overflow vulnerability in its Half-Life 1 MDL file loader. The vulnerability exists in the animation-reading function and can be triggered by a malicious or crafted MDL file. An attacker with local access can exploit this to read sensitive memory, modify data, or crash the application. The vulnerability affects Assimp versions up to 6.0.4.

  • CVE-2026-10231MEDIUM 5.3

    Assimp, a popular open-source 3D model importing library, contains a heap buffer overflow vulnerability in its Half-Life 1 MDL file loader. By crafting a malicious MDL file that manipulates the animation value counter, an attacker with local system access can trigger memory corruption. This flaw requires the attacker to be already present on the system and execute code that processes a specially crafted model file, making it a local-origin threat rather than a remote network attack.

  • CVE-2026-40528LOW 3.8

    OpenSC, a widely-used open-source library for working with smart cards and cryptographic tokens, contains a buffer overflow vulnerability in its profile configuration parser. When OpenSC's pkcs15-init tool processes a maliciously crafted configuration file, it can be tricked into copying more data than a buffer can hold, corrupting memory. An attacker would need local access to supply the malicious file and convince a user to run the initialization tool, but successful exploitation could allow memory corruption and potential code execution.