CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
We have discovered 5,946,357 live websites that are affected by CWE-125.
CVEs
- Count - 80
CWE References
Website Distribution by Country
Number of websites using CWE-125 United States | 1,580,611 websites |
 Russia | 740,399 websites |
 France | 445,878 websites |
 Germany | 414,859 websites |
 British Virgin Islands | 283,080 websites |
 China | 195,128 websites |
 Netherlands | 192,661 websites |
 GB | 177,246 websites |
 Italy | 127,611 websites |
 Taiwan | 124,524 websites |
Website Distribution by TLD
Number of websites using CWE-125| .com | 2,366,419 websites |
| .ru | 679,059 websites |
| .org | 247,175 websites |
| .net | 206,348 websites |
| .de | 197,810 websites |
| .fr | 162,808 websites |
| .nl | 148,916 websites |
| .com.br | 111,049 websites |
| .it | 110,033 websites |
| .co.uk | 105,549 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-125| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Apr, 2026 | CVE-2026-28386 | Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support | 2,035 |
| Mar, 2026 | CVE-2026-33515 | Squid has issues in ICP message handling | 9,103 |
| Mar, 2026 | CVE-2026-32647 | NGINX ngx_http_mp4_module vulnerability | 3,092,114 |
| Dec, 2025 | CVE-2025-14177 | Information Leak of Memory in getimagesize | 1,103,198 |
| Sep, 2025 | CVE-2025-9230 | Out-of-bounds read & write in RFC 3211 KEK Unwrap | 93,783 |
| Sep, 2025 | CVE-2025-9232 | Out-of-bounds read in HTTP client no_proxy handling | 50,924 |
| Aug, 2025 | CVE-2025-53859 | NGINX ngx_mail_smtp_module vulnerability | 3,002,155 |
| Mar, 2025 | CVE-2025-30347 | Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an o... | 54,224 |
| Dec, 2024 | CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability | 2,426 |
| Nov, 2024 | CVE-2024-49527 | Animate | Out-of-bounds Read (CWE-125) | 162 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-125| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Mar, 2026 | CVE-2026-32647 | NGINX ngx_http_mp4_module vulnerability | 3,092,114 |
| Aug, 2025 | CVE-2025-53859 | NGINX ngx_mail_smtp_module vulnerability | 3,002,155 |
| Oct, 2023 | CVE-2023-31122 | Apache HTTP Server: mod_macro buffer over-read | 1,428,964 |
| Jun, 2022 | CVE-2022-28330 | read beyond bounds in mod_isapi | 1,334,135 |
| Dec, 2025 | CVE-2025-14177 | Information Leak of Memory in getimagesize | 1,103,198 |
| Apr, 2020 | CVE-2020-7064 | Use-of-uninitialized-value in exif | 296,595 |
| Feb, 2020 | CVE-2020-7059 | OOB read in php_strip_tags_ex | 285,127 |
| Feb, 2020 | CVE-2020-7060 | global buffer-overflow in mbfl_filt_conv_big5_wchar | 285,127 |
| Dec, 2019 | CVE-2019-11046 | Buffer underflow in bc_shift_addsub | 279,258 |
| Dec, 2019 | CVE-2019-11047 | Heap-buffer-overflow READ in exif | 279,258 |
Websites affected by CWE-125
Top websites that are affected by CWE-125. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.***********.com | United States | ** | |
| **********.***********.com | United States | ** | |
| *****.com | United States | ** | |
| *******.com |  Singapore | *** | |
| ************.org | Singapore | *** | |
| ****************.com | United States | *** | |
| *.me | British Virgin Islands | *** | |
| *****.org | United States | *** | |
| ******.com | British Virgin Islands | *** | |
| ****.*********.com | British Virgin Islands | *** |