| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2025-10585 | 8.8 | high |
CVE-2025-10585. Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
| CVE-2017-14919 | 7.5 | high |
CVE-2017-14919. Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
|
| CVE-2022-37434 | 9.8 | critical |
CVE-2022-37434. zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
|
| CVE-2026-22184 | 0.0 | unknown |
CVE-2026-22184. zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
|
| CVE-2016-9842 | 8.8 | high |
CVE-2016-9842. The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
|
| CVE-2023-45853 | 9.8 | critical |
CVE-2023-45853. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
|
| CVE-2016-9840 | 8.8 | high |
CVE-2016-9840. inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
|
| CVE-2018-25032 | 7.5 | high |
CVE-2018-25032. zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
|
| CVE-2005-2096 | 7.3 | high |
CVE-2005-2096. zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
|
| CVE-2016-9841 | 9.8 | critical |
CVE-2016-9841. inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
|
| CVE-2025-13223 | 8.8 | high |
CVE-2025-13223. Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
| Vendor | Product | Asset Type | Purdue Level | Firmware |
|---|---|---|---|---|
| Siemens | Unknown | plc |
L1
|
-- |
| Siemens | Unknown | plc |
L1
|
-- |
| Siemens | Unknown | plc |
L1
|
-- |
| Siemens | Unknown | plc |
L1
|
-- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |
| Siemens | Unknown | network_device | -- | -- |