| Windows NTFS integer underflow enabling kernel privilege escalation (reverse-engineering writeup) |
CVE-2021-31956 |
No |
Stack exhaustion in Libc posix_spawnp() via an oversized PATH |
CVE-2025-43295 |
Yes |
Stack buffer overflow in Libc setsourcefilter() via an unvalidated ss_len |
CVE-2025-43299 |
Yes |
Heap buffer overflow in Libinfo clnt_sperror() |
CVE-2025-43353 |
Yes |
Static path buffer overflow in rpcgen’s -Y option |
CVE-2025-43370 |
Yes |
Stack buffer overflow in rpcgen’s get_prog_declaration() |
CVE-2025-43375 |
Yes |
Remote pre-authentication global buffer overflow in LLDB’s debugserver |
CVE-2025-43504 |
Yes |
| Signed integer overflow to heap corruption in gm4’s frozen state loader |
CVE-2025-43505 |
Yes |
| Out-of-bounds heap read in Safari’s Web Audio resampler |
CVE-2026-20652 |
Yes |
| macOS TCC bypass via custom file-extension ownership |
CVE-2026-28845 |
Yes |
TOCTOU race in JavaScriptCore’s TypedArray toReversed() and toSorted() |
CVE-2026-28857 |
Yes |
| Out-of-bounds read in otool via a crafted universal binary |
CVE-2026-28890 |
Yes |
TOCTOU heap buffer overflow in JavaScriptCore’s TypedArray.prototype.with() |
CVE-2026-28902 |
Yes |
| XNU kernel heap information disclosure via uninitialized CMSG padding |
CVE-2026-43654 |
Yes |
| Out-of-bounds heap read in WebKit’s Yarr JIT via a Unicode backreference |
CVE-2026-43740 |
Yes |