CWE-125 (跨界内存读) — Vulnerability Class 2871

2871 vulnerabilities classified as CWE-125 (跨界内存读). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-21303	Substance3D - Modeler \| Out-of-bounds Read (CWE-125) — Substance3D - Modeler	5.5	Medium	2026-01-13
CVE-2026-21302	Substance3D - Modeler \| Out-of-bounds Read (CWE-125) — Substance3D - Modeler	5.5	Medium	2026-01-13
CVE-2026-21308	Substance3D - Designer \| Out-of-bounds Read (CWE-125) — Substance3D - Designer	5.5	Medium	2026-01-13
CVE-2026-21278	InDesign Desktop \| Out-of-bounds Read (CWE-125) — InDesign Desktop	5.5	Medium	2026-01-13
CVE-2026-20936	Windows NDIS Information Disclosure Vulnerability — Windows 10 Version 1607	4.3	Medium	2026-01-13
CVE-2026-20946	Microsoft Excel Remote Code Execution Vulnerability — Microsoft 365 Apps for Enterprise	7.8	High	2026-01-13
CVE-2026-20944	Microsoft Word Remote Code Execution Vulnerability — Microsoft 365 Apps for Enterprise	8.4	High	2026-01-13
CVE-2026-20851	Capability Access Management Service (camsvc) Information Disclosure Vulnerability — Windows 11 Version 24H2	6.2	Medium	2026-01-13
CVE-2026-20835	Capability Access Management Service (camsvc) Information Disclosure Vulnerability — Windows 11 Version 24H2	5.5	Medium	2026-01-13
CVE-2026-20829	TPM Trustlet Information Disclosure Vulnerability — Windows 10 Version 1809	5.5	Medium	2026-01-13
CVE-2026-20828	Windows rndismp6.sys Information Disclosure Vulnerability — Windows 10 Version 1607	4.6	Medium	2026-01-13
CVE-2026-22801	LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_* — libpng	6.8	Medium	2026-01-12
CVE-2026-22695	LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix) — libpng	6.1	Medium	2026-01-12
CVE-2025-15506	AcademySoftwareFoundation OpenColorIO FileRules.cpp ConvertToRegularExpression out-of-bounds — OpenColorIO	3.3	Low	2026-01-11
CVE-2025-53470	Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver — Apache Mynewt NimBLE	6.5	-	2026-01-10
CVE-2026-22023	CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern — CryptoLib	9.1	-	2026-01-10
CVE-2026-21900	CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern — CryptoLib	9.1	-	2026-01-10
CVE-2026-21899	CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string — CryptoLib	4.7	Medium	2026-01-10
CVE-2026-21898	CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity — CryptoLib	8.2	High	2026-01-10
CVE-2026-22185	OpenLDAP <= 2.6.10 LMDB mdb_load Heap Buffer Underflow in readline() — OpenLDAP	7.1	-	2026-01-07
CVE-2025-15382	Client SCP Request Triggers Buffer Overread by 1 Byte — wolfSSH	8.1	-	2026-01-06
CVE-2026-21489	iccDEV has Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) — iccDEV	6.1	Medium	2026-01-06
CVE-2025-10933	Silicon Labs Z-Wave Protocol Controller Integer underflow vulnerability leads to out of bounds read — Z-Wave Protocol Controller	9.1	-	2026-01-05
CVE-2025-52871	License Center — License Center	7.5	-	2026-01-02
CVE-2025-54166	QTS, QuTS hero — QTS	4.9	-	2026-01-02
CVE-2025-54165	QTS, QuTS hero — QTS	4.9	-	2026-01-02
CVE-2025-54164	QTS, QuTS hero — QTS	4.9	-	2026-01-02
CVE-2025-15412	WebAssembly wabt wasm-decompile VarName out-of-bounds — wabt	5.3	Medium	2026-01-01
CVE-2025-68431	libheif has Potential Heap Buffer Over-Read — libheif	6.5	Medium	2025-12-29
CVE-2025-14177	Information Leak of Memory in getimagesize — PHP	9.1	-	2025-12-27

Vulnerabilities classified as CWE-125 (跨界内存读) represent 2871 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-125 (跨界内存读) — Vulnerability Class 2871