By weakness (CWE)

CWE-125: related vulnerabilities

CVEs classified under CWE-125. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

26 published vulnerabilities

  • CVE-2026-10941HIGH 8.8

    A memory access vulnerability in the Skia graphics engine used by Google Chrome allows attackers to run malicious code within Chrome's sandbox by tricking users into visiting a specially crafted webpage. The attack requires user interaction (clicking a link or visiting a site) but needs no special privileges. While the code runs in a sandbox environment, successful exploitation could compromise data confidentiality, integrity, and availability within that isolated context.

  • CVE-2026-10017HIGH 8.3

    A memory read vulnerability exists in Google Chrome's Headless mode that could allow an attacker to escape the browser's security sandbox. If an attacker first compromises the renderer process—the part of Chrome that interprets web pages—they could craft a malicious HTML page to trigger an out-of-bounds read, potentially breaking out of the sandbox and gaining broader system access. This vulnerability requires the renderer to already be compromised, which is a significant precondition, but the consequence of successful exploitation is severe.

  • CVE-2026-10889HIGH 8.3

    A memory reading flaw in Chrome's ANGLE graphics library can let an attacker who has already gained control of the browser's rendering process break out of the Chrome sandbox and access the underlying system. The attack requires a specially crafted web page and user interaction, but once the renderer is compromised, this vulnerability opens a direct path to full system compromise. Chrome versions before 149.0.7827.53 are affected.

  • CVE-2026-10927HIGH 8.3

    A memory reading flaw in Google Chrome's graphics component (Dawn) prior to version 149.0.7827.53 allows attackers who have already compromised the browser's renderer process to escape the sandbox through a specially crafted webpage. This is a two-stage attack: first an attacker must find a way into the renderer, then this vulnerability allows them to break out entirely.

  • CVE-2026-10930HIGH 8.1

    An out-of-bounds read vulnerability in ANGLE (the graphics translation layer used by Chrome on macOS) allows attackers to read sensitive memory from your system by tricking you into visiting a malicious website. The flaw affects Chrome versions before 149.0.7827.53 on Apple macOS. While the attacker cannot directly modify data or take control of your system through this specific vulnerability, they can extract confidential information—including passwords, encryption keys, or other sensitive data stored in memory—and cause Chrome to crash.

  • CVE-2026-11015HIGH 8.1

    A memory reading flaw in Google Chrome's WebGPU component allows attackers to read data outside the intended memory boundaries when a user visits a specially crafted website. The vulnerability requires user interaction (visiting a malicious page) but does not require special privileges, and while the attacker cannot modify data or directly crash the browser, they can extract sensitive information from the process's memory—such as passwords, keys, or other confidential data stored there.

  • CVE-2026-46138HIGH 8.1

    A flaw in the Linux kernel's Bluetooth event handler can cause the kernel to read memory beyond the bounds of a data structure and enter an infinite loop. The vulnerability occurs when a Bluetooth controller sends a specific event (LE_Create_BIG_Complete) with mismatched or insufficient data. An attacker with local or adjacent network access to a vulnerable system could exploit this to cause a denial of service by freezing the kernel with a lock held, making the system unresponsive.

  • CVE-2025-41278HIGH 7.8

    A memory read vulnerability exists in Waterfall Security's WF-500 RX Host (version 7.10.0.0 R2601141040) that allows an attacker with access to the TX Host to execute arbitrary code. The flaw stems from improper memory access controls, enabling an authenticated insider to move laterally within the Waterfall appliance and gain control of the receive-side components. This is a serious concern for organizations using Waterfall's unidirectional security gateways, as it undermines the trust boundary between the TX and RX sides of the architecture.

  • CVE-2026-0076HIGH 7.8

    CVE-2026-0076 is a local privilege escalation vulnerability in Android's ResourceTypes.cpp component. An attacker with local access to a device can trigger an out-of-bounds memory read through a flawed bounds check in the validateNode function. Successful exploitation allows the attacker to escalate privileges without requiring additional permissions or user interaction, potentially gaining elevated system access.

  • CVE-2026-38570HIGH 7.5

    CVE-2026-38570 is a denial-of-service vulnerability in bacnet_stack version 1.3.1 that stems from an out-of-bounds read flaw in the bacnet_tag_number_decode function. An attacker can trigger this flaw remotely without authentication to crash or hang systems running the vulnerable library, disrupting BACnet (Building Automation and Control Networks) operations. The vulnerability does not enable data theft or system compromise, but availability impact is significant in industrial and building automation environments where BACnet is critical infrastructure.

  • CVE-2026-39929HIGH 7.5

    Lakeside SysTrack Agent contains a vulnerability that allows an attacker on the network to crash the application by sending a malicious UDP packet. No authentication is required, and the attack does not require user interaction. The vulnerability affects multiple recent versions of the agent and results in denial of service, making it a significant availability risk for organizations relying on SysTrack for endpoint management and monitoring.

  • CVE-2026-46133HIGH 7.5

    A flaw in the Linux kernel's RDMA/rxe (Soft RoCE) driver allows an unauthenticated attacker to crash the system by sending a specially crafted UDP packet with an invalid opcode. The vulnerability exists in how the driver validates incoming packets before processing checksums. When a packet uses an undefined opcode value, the driver fails to properly validate packet length, leading to an out-of-bounds memory read that triggers a kernel panic. An attacker needs only network access to the RDMA port and can exploit this without authentication, credentials, or any prior connection setup.

  • CVE-2026-46130HIGH 7.1

    A bug in the Linux kernel's dm-verity-fec (forward error correction) component can cause it to read data from outside the intended memory buffer. This occurs when parity bytes used to verify disk integrity are split across storage blocks in a specific way. Under certain non-default configurations and low-memory conditions, the code attempts to access more data than is available, leading to potential information disclosure or system instability. The issue only manifests with particular combinations of error correction parameters and buffer allocation scenarios.

  • CVE-2026-46140HIGH 7.1

    A flaw in the Linux kernel's Bluetooth driver (btmtk) fails to verify that incoming firmware responses contain sufficient data before reading from them. If a Bluetooth device sends a truncated or malformed response, the kernel code will read beyond the valid data boundaries, potentially exposing sensitive kernel memory. A local attacker with Bluetooth access could exploit this to leak information or crash the system.

  • CVE-2025-70101MEDIUM 6.5

    CVE-2025-70101 is a memory safety flaw in the lwext4 library, a lightweight ext4 filesystem implementation. When processing a specially crafted ext4 disk image, the library can read past the end of allocated memory due to missing validation checks. An attacker who tricks a user into opening a malicious filesystem image can trigger this out-of-bounds read, causing the application to crash. This is primarily a denial-of-service risk rather than a gateway to data theft or system compromise.

  • CVE-2026-10979MEDIUM 6.5

    A flaw in the ANGLE graphics library used by Google Chrome before version 149.0.7827.53 allows attackers to read memory outside intended bounds. An attacker can craft a malicious HTML page that, when visited by a user, extracts sensitive data from Chrome's process memory—such as authentication tokens, encryption keys, or other confidential information. Exploitation requires user interaction (clicking a link or visiting a site) but no special privileges.

  • CVE-2026-10985MEDIUM 6.5

    A flaw in Skia, the graphics rendering engine used by Google Chrome, allows attackers to read data they shouldn't have access to by crafting a malicious web page. When a user visits such a page, the browser's memory can leak information from other websites or origins, potentially exposing sensitive data. The attack requires user interaction—clicking a link or visiting a hostile site—but doesn't require any special browser permissions or configuration.

  • CVE-2026-10999MEDIUM 6.5

    An integer overflow vulnerability exists in ANGLE (a graphics abstraction layer) within Google Chrome on Windows. Before version 149.0.7827.53, this flaw could allow an attacker who already controls the Chrome renderer process to read sensitive data from memory by tricking a user into viewing a specially crafted webpage. The vulnerability requires user interaction (clicking a link or visiting a malicious site) but does not allow the attacker to modify data or crash the browser.

  • CVE-2026-11006MEDIUM 6.5

    A memory safety flaw in Google Chrome's Dawn graphics component (used for GPU rendering) allows attackers to read sensitive data from a user's memory by tricking them into visiting a specially crafted webpage. The vulnerability does not enable code execution or system crashes, but confidentiality is at risk. Chrome versions prior to 149.0.7827.53 are affected.

  • CVE-2026-10305MEDIUM 6.1

    Samsung's rlottie animation library contains a vulnerability that allows reading data beyond the intended buffer boundaries. When processing specially crafted animation files, the library may access memory it shouldn't, potentially exposing sensitive information or causing the application to crash. The issue stems from insufficient bounds checking during buffer operations. While the vulnerability requires user interaction (opening a malicious animation file) and is limited to local access, the combination of integrity impact and high availability risk warrants prompt attention.

  • CVE-2026-11004MEDIUM 5.3

    CVE-2026-11004 is a memory disclosure vulnerability in Google Chrome's ANGLE graphics library. An attacker who has already compromised Chrome's renderer process can craft a malicious HTML page to read sensitive data from the browser's memory. While this requires prior compromise of the renderer, the ability to extract potentially sensitive information makes it a meaningful security concern for organizations running Chrome.

  • CVE-2026-11005MEDIUM 5.3

    A flaw in ANGLE, the graphics abstraction layer used by Google Chrome on Windows, allows a remote attacker to read sensitive data from Chrome's renderer process memory. The attacker must first compromise the renderer process and trick a user into visiting a malicious webpage. Once those conditions are met, the attacker can extract potentially sensitive information from memory that they shouldn't have access to. This is an out-of-bounds read vulnerability—the code accesses memory locations it wasn't intended to reach.

  • CVE-2026-36613MEDIUM 4.3

    Mercusys AC12G (EU) V1 routers running firmware AC12G(EU)_V1_200909 leak sensitive internal memory to unauthenticated attackers on the same network. When an attacker sends HTTP POST requests to non-existent paths on the router's web interface, the device inadvertently returns 128 bytes of uninitialized buffer memory. This exposed data may contain router state information, configuration details, or other sensitive runtime values. The vulnerability requires physical or network adjacency—an attacker must be on the same local network segment—but no authentication or user interaction is needed to trigger it.

  • CVE-2026-10998MEDIUM 4.0

    CVE-2026-10998 is a memory safety issue in Google Chrome's media handling code that allows an attacker positioned on the same local network to read data from memory locations they shouldn't have access to. The vulnerability exists in Chrome versions before 149.0.7827.53. An attacker would need to send specially crafted network traffic to trigger an out-of-bounds read, which could potentially expose sensitive information resident in the browser's memory. This is a local-network-only threat, meaning the attacker must be on your network segment to exploit it.

  • CVE-2026-10233LOW 3.3

    Assimp, a popular open-source 3D model importing library, contains an out-of-bounds read vulnerability in its Half-Life 1 MDL file loader. When processing specially crafted MDL files, the vulnerability allows an attacker with local access to read memory outside intended boundaries. While the issue has been publicly disclosed, the impact is limited to information disclosure with no ability to modify or crash systems. This vulnerability requires local file system access and authenticated user privileges to trigger.

  • CVE-2026-10267LOW 3.3

    A flaw in the Janet programming language (version 1.41.0 and earlier) allows a local user to read memory beyond intended boundaries in the debug frame handling code. The vulnerability requires local system access and valid user credentials to exploit, but poses a confidentiality risk by enabling unauthorized disclosure of sensitive data in memory.