threat
engine
.sh
Back
·
··:··
Home
/
CWE
/
Out-of-bounds Write
Weakness
Out-of-bounds Write
CWE-787 · Base · Draft
The product writes data past the end, or before the beginning, of the intended buffer.
△
Weakness Relationships
Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOf
CWE-119 · Improper Restriction of Operations within the Bounds of a Memory Buffer
Children (more specific)
ParentOf
CWE-120 · Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ParentOf
CWE-121 · Stack-based Buffer Overflow
ParentOf
CWE-122 · Heap-based Buffer Overflow
ParentOf
CWE-123 · Write-what-where Condition
ParentOf
CWE-124 · Buffer Underwrite ('Buffer Underflow')
⚠
CVEs With This Weakness
16,359
A sample of the 16,359 CVEs tagged with this weakness.
CVE
CVE-2026-8669
CVE
CVE-2026-8569
CVE
CVE-2026-8558
CVE
CVE-2026-8548
CVE
CVE-2026-8526
CVE
CVE-2026-8524
CVE
CVE-2026-8507
CVE
CVE-2026-8454
CVE
CVE-2026-8263
CVE
CVE-2026-8092
CVE
CVE-2026-8053
CVE
CVE-2026-7957
◉
Nuclei Scanner Templates
7
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
critical
Cisco Smart Install - Configuration Download
critical
Ivanti Connect Secure - Stack-based Buffer Overflow
critical
Tenda Router AC11 - Remote Command Injection
critical
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
critical
VMware vCenter Server - Out-of-Bounds Write
critical
VMware ESXi SLP - Heap Overflow DoS
high
H3C Magic R300-2100M - Remote Code Execution
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin