Lucene search
K

95041 matches found

NVD
NVD
added yesterday5 views

CVE-2026-55780

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-39244

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

7.5CVSS
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-55780

NanaZip (7‑Zip derivative) prior to version 6.5.1749.0 is vulnerable due to its .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp, which sizes the extraction buffer from the bundle entry Size field without validating against the real file size. This allows an attacker...

2.4CVSS6.2AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-56373

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-53877

A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-42866

mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...

5.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-40454

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS0.00139EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-42834

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

7.5CVSS6.1AI score0.00177EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score0.00411EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-42718

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-42714

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...

8.7CVSS5.9AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-42715

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service DoS.When sFlow is configured in a Virtual Chassis VC scenario...

7.1CVSS6.1AI score0.00269EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-42712

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6.1AI score0.00131EPSS
Exploits0
CVE
CVE
added 2 days ago11 views

CVE-2026-59857

Vim (up to version 9.2.0724) is affected by an out-of-bounds write in spell_soundfold_sal() in src/spell.c. The single-byte branch translates words via a SAL sound-folding rule into a caller-owned buffer, but reslen

5.6CVSS6AI score0.00131EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2 days ago8 views

CVE-2026-57023

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service DoS. When TCP proxy is engaged in a flow session,...

8.7CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-57025

A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service DoS. On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific...

6.8CVSS0.00141EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-33800

An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS.Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for...

7.1CVSS0.00269EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-31267

Mercusys MW302R MW302REUV11.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a...

5.7CVSS0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57032 Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS0.00411EPSS
Exploits0References1
Rows per page
Query Builder