Out-of-Bounds Read

NVIDIA CUDA-Q is vulnerable to an out-of-bounds read via a maliciously crafted request to an endpoint, potentially leading to denial of service and information disclosure as tracked by CVE-2026-24189.

An out-of-bounds read vulnerability in Microsoft Office Excel (CVE-2026-32188) allows a local attacker to potentially disclose sensitive information through a maliciously crafted Excel file.

A vulnerability in the go-markdown library exists where processing a malformed input containing a '<' character that is not followed by a '>' character with a SmartypantsRenderer can lead to an out-of-bounds read or a panic, causing a denial of service.

An out-of-bounds read vulnerability (CVE-2026-27289) in Adobe Photoshop Desktop versions 27.4 and earlier allows for potential code execution via a crafted file, requiring user interaction to trigger the exploit.

A memory corruption vulnerability exists in NI LabVIEW due to an out-of-bounds read in mgcore_SH_25_3!aligned_free(), potentially leading to information disclosure or arbitrary code execution if a user opens a specially crafted VI file.

A memory corruption vulnerability due to an out-of-bounds read in NI LabVIEW's `sentry_transaction_context_set_operation()` function could lead to information disclosure or arbitrary code execution by opening a specially crafted VI file.

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability (CVE-2026-32929) in VS6ComFile!get_macro_mem_COM, where opening a crafted V7 file may lead to information disclosure.

V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in the VS6ComFile!load_link_inf function, allowing for potential information disclosure when opening a crafted V7 file.

Unauthenticated attackers can exploit CVE-2026-3055 (out-of-bounds read) to exfiltrate sensitive data from NetScaler ADC and Gateway, while CVE-2026-4368 (race condition) enables user session hijacking, necessitating immediate patching and enhanced monitoring.

RetroDebugger before v0.64.72 is vulnerable to an out-of-bounds read (CVE-2026-4753), potentially leading to information disclosure or denial of service.

CVE-2026-4750 is a critical out-of-bounds read vulnerability affecting fabiangreffrath woof versions before 15.3.0, potentially leading to information disclosure or denial of service.

A remote attacker can trigger an out-of-bounds memory read in Google Chrome's WebAudio implementation by crafting a malicious HTML page (CVE-2026-4677), affecting versions prior to 146.0.7680.165.

A remote attacker can exploit an out-of-bounds read vulnerability (CVE-2026-4674) in Google Chrome versions prior to 146.0.7680.165 to achieve out-of-bounds memory access via a crafted HTML page, impacting confidentiality, integrity, and availability.

CVE-2026-31613 is an out-of-bounds read vulnerability in the SMB client when parsing symlink error responses, requiring patching to prevent potential information disclosure or denial-of-service.

MikroTik RouterOS 6.49.8 is vulnerable to an out-of-bounds read in the SCEP endpoint component, triggered by remote manipulation of the transactionID/messageType argument, potentially leading to denial of service or information disclosure.