Lucene search
K

2232 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007190)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007190 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode pa...

9.8CVSS6.1AI score0.00434EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007189)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007189 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP clients...

9.8CVSS6.1AI score0.00434EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/15 10:57 a.m.6 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

9.8CVSS7.3AI score0.00424EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/15 10:48 a.m.7 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corrupti...

9.8CVSS7.3AI score0.00424EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.5 views

SUSE SLES12 Security Update : libpng16 (SUSE-SU-2026:1311-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1311-1 advisory. This update for libpng16 fixes the following issue: - CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to...

7.5CVSS6.2AI score0.01052EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/14 11:13 p.m.10 views

Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck

Summary The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at...

7.8CVSS6.1AI score0.00144EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/14 10:16 p.m.7 views

CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS0.00191EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 9:57 p.m.13 views

CVE-2026-33021

CVE-2026-33021 (libsixel) is a use-after-free in sixel_encoder_encode_bytes() affecting libsixel 1.8.7 and earlier. The bug arises because sixel_frame_init() stores a caller-owned pixel buffer pointer directly in frame->pixels without copying. On a subsequent resize, sixel_frame_convert_to_rgb...

7.3CVSS6AI score0.00247EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/14 9:45 p.m.17 views

CVE-2026-33018

libsixel 1.8.7 and prior contain a heap use‑after‑free in load_gif() (fromgif.c): a single sixel_frame_t is reused across all frames of an animated GIF and gif_init_frame() frees/reallocates frame->pixels between frames regardless of reference counts. A callback using sixel_frame_get_pixels() ...

7CVSS5.8AI score0.00191EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Fortinet FortiWeb 缓冲区错误漏洞

Fortinet FortiWeb is a Web application layer firewall developed by the American company Fortinet. It can block threats such as cross-site scripting, SQL injection, cookie poisoning, and schema poisoning, ensuring the security of web applications and protecting sensitive database content. Fortinet...

7.2CVSS7.6AI score0.06438EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

libsixel 资源管理错误漏洞

Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7 and earlier contained a resource management vulnerability. This vulnerability stemmed from a problem in the...

7.3CVSS5.9AI score0.00247EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/13 10:40 a.m.6 views

CVE-2026-32146

A flaw was found in the Gleam compiler. A malicious direct or transitive git dependency can exploit an improper path validation vulnerability in the Gleam compiler's handling of git dependencies during dependency download. This allows for arbitrary file system modification, including the deletion...

8.6CVSS6AI score0.00239EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/04/13 10:37 a.m.4 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

9.8CVSS7.3AI score0.00424EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:16 a.m.7 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

9.8CVSS7.3AI score0.00424EPSS
Exploits0References6
OSV
OSV
added 2026/04/11 2:5 p.m.4 views

OESA-2026-1878 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS6AI score0.0035EPSS
Exploits0References4
OSV
OSV
added 2026/04/11 2:5 p.m.6 views

OESA-2026-1877 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS6AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/11 12:59 p.m.30 views

CVE-2026-32146 Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

8.3CVSS0.00239EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/04/11 12:59 p.m.7 views

CVE-2026-32146

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

8.3CVSS6AI score0.00239EPSS
Exploits1References6
CVE
CVE
added 2026/04/11 12:59 p.m.14 views

CVE-2026-32146

CVE-2026-32146 is an improper path validation flaw in the Gleam compiler’s handling of git dependencies during dependency download. Attacker-controlled paths (via relative traversal like ../ or absolute paths) can target filesystem locations outside the intended dependency directory, enabling del...

8.6CVSS5.9AI score0.00239EPSS
Exploits1References8Affected Software1
Snyk
Snyk
added 2026/04/10 10:11 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

9.8CVSS6.3AI score
Exploits0References2
Rows per page
Query Builder