Lucene search
K

1272 matches found

Snyk
Snyk
added 2026/02/24 1:50 a.m.3 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in CastDoubleToInt calculations. An attacker can cause the application to crash or become unresponsive by supplying a malicious SVG file. Remediation A fix was pushed into the master branch but not yet published...

8.7CVSS5.6AI score0.00594EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 1:50 a.m.5 views

CVE-2026-25989 ImageMagick has integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

7.5CVSS5.6AI score0.00594EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-25989

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/22 11:31 p.m.5 views

CVE-2026-2588

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN sizet to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems sizet is typically 32-bits while an unsigned long long is at least 64-bi...

5.6AI score0.00346EPSS
Exploits0References4
CVE
CVE
added 2026/02/22 11:31 p.m.12 views

CVE-2026-2588

Crypt::NaCl::Sodium for Perl has an integer overflow in 32‑bit environments, affecting versions up to 2.001. The Sodium.xs code casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium, creating an overflow risk where 32‑bit size_t is 32‑bit but unsigned long long ...

9.1CVSS5.6AI score0.00346EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/18 10:16 p.m.7 views

CVE-2019-25351

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using cu...

8.8CVSS0.00282EPSS
Exploits0References3
CVE
CVE
added 2026/02/18 9:54 p.m.11 views

CVE-2019-25351

CVE-2019-25351 affects Centova Cast 3.2.11. A vulnerability in the server.copyfile API endpoint allows authenticated attackers to retrieve arbitrary system files by supplying crafted parameters, enabling downloads such as /etc/passwd via curl or wget. Impact is high on confidentiality; no remedia...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/18 9:54 p.m.27 views

CVE-2019-25351 Centova Cast 3.2.11 - Arbitrary File Download

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using cu...

8.8CVSS0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/18 9:54 p.m.4 views

CVE-2019-25351 Centova Cast 3.2.11 - Arbitrary File Download

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using cu...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

Centova Cast 安全漏洞

Centova Cast is an internet-based broadcast streaming media management control panel provided by the Canadian company Centova. Version 3.2.11 of Centova Cast contains a security vulnerability. This vulnerability allows authenticated attackers to retrieve arbitrary system files through the...

8.8CVSS5.9AI score0.00282EPSS
Exploits0References3
NVD
NVD
added 2026/02/16 3:18 p.m.6 views

CVE-2026-2562

A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function caststreen of the file /jdcapi of the component jdcwebrpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. Th...

8.8CVSS0.00317EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/16 3:2 p.m.11 views

CVE-2026-2562 JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privileges management

A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function caststreen of the file /jdcapi of the component jdcwebrpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. Th...

6.5CVSS6.1AI score0.00317EPSS
Exploits0References4
CVE
CVE
added 2026/02/16 3:2 p.m.16 views

CVE-2026-2562

JingDong JD Cloud Box AX6600 firmware up to 4.5.1.r4533 is affected by CVE-2026-2562 in the jdcweb_rpc/jdcapi path (cast_streen). The vulnerability arises from a manipulated File argument in /jdcapi, enabling remote privilege escalation. The attack is described as remote and publicly disclosed. T...

8.8CVSS5.2AI score0.00317EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/12 11:16 p.m.13 views

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS0.004EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.7 views

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.1 views

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/12 10:48 p.m.27 views

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS0.004EPSS
Exploits0References3
CVE
CVE
added 2026/02/12 10:48 p.m.15 views

CVE-2019-25342

CVE-2019-25342 affects Centova Cast 3.2.12. The vulnerability is a denial-of-service in which repeatedly calling the database export API endpoint (via /api.php) with crafted parameters and multiple concurrent requests can drive the system to 100% CPU. Metrics indicate high impact to availability ...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.9 views

PT-2026-7941

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.5 views

Centova Cast 安全漏洞

Centova Cast is an internet-based broadcast streaming media management control panel developed by Centova Corporation in Canada. Version 3.2.12 of Centova Cast contains a security vulnerability. This vulnerability stems from the repeated invocation of the database export API endpoint, which could...

7.5CVSS5.8AI score0.004EPSS
Exploits0References3
Rows per page
Query Builder