Lucene search
K

2238 matches found

Debian CVE
Debian CVE
added 2026/05/19 8:7 p.m.7 views

CVE-2026-32882

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay in libheif/pixelimage.cc. When compositing an overlay image iovl whose child image has a different bit depth for the alpha channel than for the color...

7.1CVSS5.8AI score0.00323EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/19 7:54 p.m.5 views

com.squareup.wire:wire-grpc-client (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-schema (>=7.0.0-alpha01 <=7.0.0-alpha02) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=7.0.0-alpha01 <=7.0.0-alpha02)

com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source cves: CVE-2026-45799 Source advisory: SNYK:JAVA-COMSQUAREUPWIRE-16771313...

5.4AI score0.00055EPSS
Exploits0
Patchstack
Patchstack
added 2026/05/19 3:49 p.m.9 views

NPM: Nuxt: Reflected XSS in `navigateTo()` external redirect

NPM: Nuxt: Reflected XSS in navigateTo external redirect vulnerability discovered by ? in WordPress Npm nuxt versions = 3.4.3, = 3.21.5...

5.8AI score0.00164EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/19 12:31 p.m.6 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-37979 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

6.5CVSS5.4AI score0.00366EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-42007

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description A heap buffer over-read exists in the HeifPixelImage::overlay function within libheif/pixelimage.cc. This occurs when compositing an overlay image where the child image uses a different bit depth fo...

7.1CVSS5.9AI score0.00323EPSS
Exploits1References80
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.4 views

@antv/f2-site (=5.0.0-alpha.1) potentially affected by unknown CVE via @antv/f2-react (=5.14.0)

@antv/f2-react NPM version =5.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f2-react and may be impacted: - @antv/f2-site =5.0.0-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVF2REACT-16754807...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/14 4:37 p.m.6 views

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +29 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.3)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.0.14, =0.3.0, =0.3.0, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =1.97.4, =1.120.20 and more Source cves: unknown CVE Source advisory:...

5.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/12 6:1 p.m.7 views

CVE-2026-42348 OpAMP client reads unbounded HTTP response bodies

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...

5.9CVSS5.9AI score0.00311EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 6:1 p.m.18 views

CVE-2026-42348

OpenTelemetry.OpAmp.Client (OpenTelemetry .NET) is affected before version 0.2.0-alpha.1. The HTTP transport reads HttpResponseMessage.Content into memory using ReadAsByteArrayAsync without a size cap, allowing an unbounded read of the entire response body. This can cause memory exhaustion in the...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 6:1 p.m.59 views

CVE-2026-42348 OpAMP client reads unbounded HTTP response bodies

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...

5.9CVSS0.00311EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 3:9 p.m.18 views

EUVD-2026-29476

sealed-env: TOTP secret embedded in unseal token payload enterprise mode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 1:34 p.m.12 views

CVE-2026-43930 Parse Server: MFA SMS one-time password accepted twice under concurrent login

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive...

2.1CVSS5.8AI score0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 1:34 p.m.32 views

CVE-2026-43930 Parse Server: MFA SMS one-time password accepted twice under concurrent login

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive...

2.1CVSS0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 1:31 p.m.31 views

CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

8.7CVSS0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 1:31 p.m.19 views

CVE-2026-43916

Summary: pam_authnft is affected by a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134) that could allow a crafted NETLINK_SOCK_DIAG reply to bypass the message-size check and dereference past the end of the allocation. This vulnerability exists prior to version 0.2.0-alpha and is ...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:20 p.m.6 views

CVE-2026-45091

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 1:20 p.m.60 views

CVE-2026-45091 sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS0.00326EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Intel AI Playground 代码问题漏洞

Intel AI Playground is an online platform operated by Intel Corporation in the United States. Previous versions of Intel AI Playground, including 3.0.0 alpha, had code vulnerabilities that stemmed from uncontrolled search paths, which could lead to privilege escalation...

5.4CVSS5.9AI score0.00089EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-40031

pam authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer lookup tcp src/peer lookup.c:134, prior to the fix allowed a crafted NETLINK SOCK DIAG reply to slip past the message-size check...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References3
Rows per page
Query Builder