CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21064 matches found

SUSE CVE•added 2026/05/16 1:11 a.m.•6 views

SUSE CVE-2026-44638

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

2.5CVSS5.8AI score0.00131EPSS

Exploits1References3

Tenable Nessus•added 2026/05/16 12:0 a.m.•4 views

SUSE SLED15 / SLES15 Security Update : Mesa (SUSE-SU-2026:1845-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1845-1 advisory. This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU becau...

9.8CVSS5.8AI score0.00348EPSS

Exploits0References4

RedhatCVE•added 2026/05/15 6:28 p.m.•7 views

CVE-2026-44638

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. An incorrect NULL check after a memory allocation call in the sixeldecoderaw and sixeldecode functions can lead to a NULL pointer dereference. This occurs when memory allocation fails, causing the process to crash and resulting...

2.5CVSS5.8AI score0.00131EPSS

Exploits1References2

RustSec•added 2026/05/15 12:0 p.m.•10 views

Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

7.5CVSS6.2AI score0.0046EPSS

Exploits0Affected Software1

OSV•added 2026/05/15 8:50 a.m.•2 views

BIT-NGINX-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS6AI score0.00932EPSS

Exploits0References2

OSV•added 2026/05/15 8:42 a.m.•3 views

BIT-GRAFANA-2026-28383 Grafana plugin resources can lead to unbounded memory allocation

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...

6.5CVSS5.8AI score0.00328EPSS

Exploits0References2

OSV•added 2026/05/15 8:42 a.m.•5 views

BIT-GRAFANA-2026-28376 Grafana Live push endpoint allows unbounded memory allocation leading to OOM

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS

Exploits0References2

SUSE CVE•added 2026/05/15 1:58 a.m.•11 views

SUSE CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00413EPSS

Exploits1References3

SUSE CVE•added 2026/05/15 1:58 a.m.•9 views

SUSE CVE-2026-44216

Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is...

7.5CVSS6AI score0.00243EPSS

Exploits0References3

Tenable Nessus•added 2026/05/15 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw a...

2.5CVSS5.8AI score0.00131EPSS

Exploits1References3

OSV•added 2026/05/14 8:23 p.m.•5 views

GHSA-77VG-94RM-HX3P Svelte devalue: DoS via sparse array deserialization

devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption...

7.5CVSS5.8AI score0.00346EPSS

Exploits0References5

OSV•added 2026/05/14 8:17 p.m.•4 views

DEBIAN-CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.8CVSS6.3AI score0.00104EPSS

Exploits0References1

OSV•added 2026/05/14 8:17 p.m.•6 views

DEBIAN-CVE-2026-44638

2.5CVSS5.8AI score0.00131EPSS

Exploits1References1