Threats Tagged 'cwe-129'

CVE-2026-32682 is a medium severity vulnerability in F5 NGINX Gateway Fabric version 1.3.0. It involves improper validation of array indexes (CWE-129) when the product is configured using GRPCRoutes. An authenticated remote attacker with permission to create or modify GRPCRoute resources can cause the control plane to terminate by submitting crafted GRPCRoute configurations containing backendRef filters. No patch or official remediation is currently documented.

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

CVE-2026-25276 is a high-severity vulnerability in Qualcomm Snapdragon platforms involving improper validation of array index, leading to memory corruption when using Strongbox due to a missing bounds check. It affects multiple Snapdragon 8 series mobile platforms. The vulnerability has a CVSS score of 8.8, indicating a significant risk to confidentiality, integrity, and availability. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.

CVE-2026-42500 is a medium severity vulnerability in the golang.org/x/image/bmp package where decoding a paletted BMP file with an out-of-range palette index causes a panic due to improper validation of the array index. This results in a denial of service condition by crashing the image decoding process. There is no indication of confidentiality, integrity, or privilege impact. No patch or official remediation has been confirmed yet.