Login Sign Up

CWE-131: CWE-131

37
Total CVEs
11
Critical
16
High
7.9
Avg CVSS

Yearly Trend

2026
4
2025
11
2024
12
2023
4
2022
1

Top Affected Vendors

1 Linux 4
2 Ibm 3
3 Php 2
4 Openbsd 2
5 Qualcomm 2
6 Accusoft 2
7 Aiscatcher 1
8 Quickjs Project 1
9 Google 1
10 Libbiosig Project 1

All CWE-131 CVEs (37)

CVE-2024-23621
10.0

A critical buffer overflow vulnerability in IBM Merge Healthcare eFilm Workstation license server allows remote, unauthenticated attackers to execute ...

Jan 26, 2024
CVE-2026-1188
9.8

CVE-2026-1188 is a buffer overflow vulnerability in Eclipse OMR's port library component where an API function fails to properly account for separator...

Jan 29, 2026
CVE-2025-66216
9.8

A heap buffer overflow vulnerability in AIS-catcher allows attackers to write approximately 1KB of arbitrary data into a 128-byte buffer, potentially ...

Nov 29, 2025
CVE-2025-1861
9.8

This CVE describes a buffer size limitation vulnerability in PHP's HTTP redirect parsing. When PHP processes HTTP redirect responses, it truncates loc...

Mar 30, 2025
CVE-2024-23606
9.8

This vulnerability allows arbitrary code execution via an out-of-bounds write in libbiosig's FAMOS file parser. Attackers can exploit it by providing ...

Feb 20, 2024
CVE-2023-5941
9.8

A heap buffer overflow vulnerability in FreeBSD's libc stdio function __sflush() allows attackers to corrupt data or execute arbitrary code when write...

Nov 8, 2023
CVE-2023-24819
9.8

CVE-2023-24819 is a critical buffer overflow vulnerability in RIOT-OS's 6LoWPAN network stack that allows remote attackers to execute arbitrary code o...

Apr 24, 2023
CVE-2021-21824
9.8

This vulnerability allows an attacker to execute arbitrary code by exploiting an out-of-bounds write in Accusoft ImageGear's JPG processing. Attackers...

Jun 11, 2021
CVE-2021-0254
9.8

This is a critical buffer overflow vulnerability in Juniper Junos OS overlayd service that handles VXLAN overlay OAM packets. Unauthenticated remote a...

Apr 22, 2021
CVE-2021-27378
9.8

This vulnerability in the rand_core Rust crate allows attackers to seed random number generators with insufficient data, potentially compromising cryp...

Feb 18, 2021
CVE-2023-50736
9.0

A memory corruption vulnerability in the PostScript interpreter of Lexmark devices allows attackers to execute arbitrary code. This affects various Le...

Feb 28, 2024
CVE-2025-27074
8.8

This vulnerability involves memory corruption while processing a GP command response in Qualcomm components, potentially allowing attackers to execute...

Nov 4, 2025
CVE-2021-21793
8.8

This vulnerability allows remote code execution through memory corruption when processing malicious JPG files in Accusoft ImageGear. Attackers can exp...

Jul 8, 2021
CVE-2025-27053
7.8

This vulnerability allows memory corruption in Qualcomm's PlayReady APP implementation when processing TA commands, potentially enabling arbitrary cod...

Oct 9, 2025
CVE-2017-13315
7.8

CVE-2017-13315 is an Android privilege escalation vulnerability in the DcParamObject.java component where a write size mismatch allows attackers to by...

Nov 19, 2024
CVE-2024-46729
7.8

This CVE-2024-46729 is a buffer overrun vulnerability in the AMD display driver component of the Linux kernel. It allows attackers to potentially exec...

Sep 18, 2024
CVE-2021-46943
7.8

A vulnerability in the Linux kernel's Intel IPU3 media driver allows attackers to cause a denial-of-service (system crash) or potentially execute arbi...

Feb 27, 2024
CVE-2026-20049
7.7

This vulnerability allows authenticated remote attackers to cause denial of service on Cisco ASA and FTD firewalls by sending specially crafted GCM-en...

Mar 4, 2026
CVE-2024-11425
7.5

An unauthenticated attacker can send a specially crafted HTTPS packet to the webserver, causing a buffer size calculation error that leads to a denial...

Jan 17, 2025
CVE-2024-8361
7.5

A vulnerability in SiWx91x devices causes the SHA2/224 algorithm to return an incorrect 256-bit hash instead of the expected 224-bit hash, triggering ...

Jan 7, 2025
CVE-2024-5000
7.5

An unauthenticated remote attacker can send a malicious OPC UA request to CODESYS products, causing a denial-of-service (DoS) due to incorrect buffer ...

Jun 4, 2024
CVE-2023-52557
7.5

This vulnerability in OpenBSD's npppd (Point-to-Point Protocol daemon) allows remote attackers to cause a denial of service by sending specially craft...

Mar 1, 2024
CVE-2024-23805
7.5

This vulnerability allows undisclosed requests to cause the Traffic Management Microkernel (TMM) to terminate, leading to denial of service. It affect...

Feb 14, 2024
CVE-2023-45871
7.5

A buffer overflow vulnerability exists in the Intel IGB Ethernet driver in Linux kernels before 6.5.3. When processing frames larger than the configur...

Oct 15, 2023
CVE-2023-0568
7.5

A buffer overflow vulnerability in PHP's path resolution function allows writing a null byte beyond allocated memory when processing paths near system...

Feb 16, 2023
CVE-2021-44510
7.5

CVE-2021-44510 is a buffer overflow vulnerability in FIS GT.M (and related YottaDB) where crafted input causes an extremely large memset calculation, ...

Apr 15, 2022
CVE-2021-22391
7.5

This vulnerability in Huawei smartphones involves an incorrect buffer size calculation that could allow attackers to trigger a system reset. It affect...

Aug 2, 2021
CVE-2026-22791
6.6

openCryptoki versions 3.25.0 and 3.26.0 contain a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation. An attacker with loc...

Jan 13, 2026
CVE-2025-33124
6.5

IBM DB2 Merge Backup contains an incorrect buffer size calculation vulnerability that allows authenticated users to crash the program. This affects IB...

Feb 17, 2026
CVE-2025-33126
6.5

This CVE describes an incorrect buffer size calculation vulnerability in IBM DB2 High Performance Unload that could allow authenticated users to cause...

Oct 28, 2025
CVE-2025-30334
6.5

A vulnerability in OpenBSD's wg(4) WireGuard implementation allows specially crafted network traffic to cause a kernel crash (denial of service). This...

Mar 20, 2025
CVE-2024-49776
6.5

A negative-size-param vulnerability in tsMuxer allows attackers to cause Denial of Service (DoS) by processing a specially crafted TS video file. This...

Nov 14, 2024
CVE-2025-0395
6.2

A buffer overflow vulnerability exists in the GNU C Library's assert() function when assertion failures occur with specific message sizes. This could ...

Jan 22, 2025
CVE-2025-46688
5.6

This vulnerability is a heap-based buffer overflow in QuickJS and quickjs-ng JavaScript engines due to incorrect size calculation in JS_ReadBigInt for...

Apr 27, 2025
CVE-2022-48889
5.5

This CVE describes a buffer overflow vulnerability in the Linux kernel's ASoC Intel sof-nau8825 driver where module alias names exceed the 20-characte...

Aug 21, 2024
CVE-2024-28052
5.3

CVE-2024-28052 is a buffer overflow vulnerability in the WBR-6012 wireless SOHO router's web interface. Attackers can exploit this by sending speciall...

Oct 30, 2024
CVE-2025-61661
4.8

A vulnerability in GRUB bootloader allows local attackers to cause denial of service by connecting malicious USB devices during boot. The flaw involve...

Nov 18, 2025

About CWE-131 (CWE-131)

Our database tracks 37 CVEs classified as CWE-131, with 11 rated critical and 16 rated high severity. The average CVSS score for CWE-131 vulnerabilities is 7.9.

External reference: View CWE-131 on MITRE CWE →

Monitor CWE-131 Vulnerabilities

Get alerted when new CWE-131 CVEs affect your infrastructure.

Start Monitoring Free