Lucene search
+L

1721 matches found

OSV
OSV
added 2026/04/27 6:33 p.m.14 views

JLSEC-2026-261 Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter...

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

4.7CVSS8AI score0.00152EPSS
Exploits1References9
Chainguard
Chainguard
added 2026/04/11 2:19 a.m.8 views

CVE-2026-39324 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, ruby3.2-rails, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, ruby3.3-rails, logstash...

9.8CVSS6.1AI score0.0027EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/06 1:18 a.m.10 views

CVE-2026-34831 vulnerabilities

Vulnerabilities for packages: ruby4.0-rack, gitlab-rails-ce, gitlab-cng, ruby3.2-rack, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, logstash, gitlab-rails-ce-fips, kube-fluentd-operator, ruby3.4-rack...

6.5CVSS6.3AI score0.00147EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/06 1:18 a.m.10 views

GHSA-QV7J-4883-HWH7 vulnerabilities

Vulnerabilities for packages: ruby4.0-rack, gitlab-rails-ce, gitlab-cng, ruby3.2-rack, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, logstash, gitlab-rails-ce-fips, kube-fluentd-operator, ruby3.4-rack...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/06 1:18 a.m.10 views

CVE-2026-26961 vulnerabilities

Vulnerabilities for packages: ruby4.0-rack, gitlab-rails-ce, gitlab-cng, ruby3.2-rack, ruby3.2-rails, ruby3.3-rack, ruby3.4-rails, pact-broker-docker-fips, pact-broker-docker, logstash, gitlab-rails-ce-fips, kube-fluentd-operator, ruby3.4-rack...

5.3CVSS5.5AI score0.00253EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/04 1:51 p.m.29 views

CVE-2018-25253 Termite 3.4 Denial of Service via Settings Buffer Overflow

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the...

6.9CVSS0.0018EPSS
Exploits1References4
CVE
CVE
added 2026/04/04 1:51 p.m.13 views

CVE-2018-25253

Termite 3.4 contains a local denial-of-service vulnerability caused by a buffer overflow in the Settings -> User interface language settings field. A 2000-byte payload can crash the application, indicating a vulnerable input handling path in the UI language setting. The available sources descr...

6.9CVSS6.2AI score0.0018EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.8 views

PT-2026-30373

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the...

6.9CVSS6.2AI score0.0018EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.14 views

Compuphase Termite 缓冲区错误漏洞

Compuphase Termite is a serial terminal tool developed by the Dutch company Compuphase. Version 3.4 of Compuphase Termite contains a buffer overflow vulnerability. This vulnerability stems from an issue with the user interface language settings field, which may lead to local attackers causing the...

6.9CVSS6AI score0.0018EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.3 views

Python Library OpenEXR 3.4.x < 3.4.7 Heap Buffer Overflow (OOB Read)

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.7. It is, therefore, affected by a heap buffer overflow vulnerability: - A heap-buffer-overflow out-of-bounds read occurs in the the HTJ2K decoder in OpenEXR when copying decompressed samples from OpenJPH...

8.8CVSS6.2AI score0.00611EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2026/03/31 7:14 p.m.8 views

K000160557: OpenSSL vulnerability CVE-2025-69418

Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...

4CVSS5.8AI score0.00115EPSS
Exploits1
Chainguard
Chainguard
added 2026/03/30 1:17 p.m.9 views

CVE-2026-33658 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips, ruby3.4-rails...

6.5CVSS6.3AI score0.00434EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:36 p.m.4 views

CVE-2026-22731

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

Issue Summary: A TLS 1.3 connection that uses certificate compression can be forced to allocate a large buffer before decompression, without checking against the configured certificate size limit. Impact Summary: An attacker can cause per-connection memory allocations of up to approximately 22 Mi...

5.9CVSS6AI score0.00403EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/16 12:33 p.m.16 views

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

9.8CVSS5.5AI score0.79807EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2025-68160)

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out- of-bounds write can cause memory corruption which typically results in a crash, leading...

4.7CVSS5.7AI score0.00152EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.8 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-005350)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005350 advisory. Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer...

7.5CVSS6.2AI score0.00844EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.13 views

CVE-2025-15468

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...

5.9CVSS5.8AI score0.00748EPSS
Exploits1
EUVD
EUVD
added 2026/01/27 3:59 p.m.7 views

EUVD-2025-206402

Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...

6.3AI score0.00515EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 9:3 a.m.15 views

Security Bulletin: IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika (CVE-2025-54988)

Summary IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika CVE-2025-54988. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika...

9.8CVSS5.8AI score0.02962EPSS
Exploits4Affected Software1
Rows per page
Query Builder