Lucene search
K

293 matches found

RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.5 views

CVE-2026-27691

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...

6.2CVSS5.4AI score0.0016EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/25 2:40 p.m.4 views

EUVD-2026-8641

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release when strlen reads past a heap buffer while parsing ICC profile XML text description tags,...

7.1CVSS5.5AI score0.00164EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/25 2:36 p.m.4 views

EUVD-2026-8640

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...

6.2CVSS5.4AI score0.0016EPSS
Exploits1References4
OSV
OSV
added 2026/02/25 2:36 p.m.7 views

CVE-2026-27691 iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...

6.2CVSS5.5AI score0.0016EPSS
Exploits1References6
CVE
CVE
added 2026/02/25 2:36 p.m.18 views

CVE-2026-27691

CVE-2026-27691 affects iccDEV up to version 2.3.1.4. The root cause is a signed integer overflow in iccFromCube.cpp during multiplication, causing undefined behavior that can lead to crashes or generation of incorrect ICC profiles when processing crafted or large cube inputs. The issue has been f...

6.2CVSS5.4AI score0.0016EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/25 12:27 a.m.6 views

EUVD-2026-8576

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

7.1CVSS6AI score0.00571EPSS
Exploits1References2
CVE
CVE
added 2026/02/10 6:58 p.m.17 views

CVE-2026-26009

CVE-2026-26009 affects the Catalyst platform used for enterprise game server hosting, game communities, and billing panel integrations. The issue arises because install scripts defined in server templates run on the host OS via bash -c without sandboxing or containerization. Any user with templat...

9.9CVSS6.8AI score0.00483EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/10 6:58 p.m.26 views

CVE-2026-26009 Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

9.9CVSS0.00483EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:58 p.m.3 views

CVE-2026-26009

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

9.9CVSS6.8AI score0.00483EPSS
Exploits0References3
CVE
CVE
added 2026/02/02 10:54 p.m.11 views

CVE-2026-25144

CVE-2026-25144 affects Talishar’s in-game chat system. A Stored XSS vulnerability exists where the playerID parameter in SubmitChat.php is saved without sanitization and may be executed when a user views the current game page. The issue is publicly documented across multiple sources (NVD/Red Hat/...

5.3CVSS5.3AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.7 views

PT-2026-5441

Name of the Vulnerable Software and Affected Versions Cybersecurity AI CAI versions up to and including 0.5.10 Description The Cybersecurity AI CAI framework contains multiple argument injection vulnerabilities within its function tools. User-controlled input is directly passed to shell commands...

9.6CVSS6.2AI score0.008EPSS
Exploits3References17
ATTACKERKB
ATTACKERKB
added 2026/01/23 11:50 p.m.6 views

CVE-2026-24474

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References3
OSV
OSV
added 2026/01/22 1:15 a.m.8 views

AZL-75360 CVE-2026-23893 affecting package opencryptoki 3.17.0-1

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS6AI score0.00162EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/22 1:15 a.m.5 views

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS5.9AI score0.00162EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 12:1 a.m.7 views

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS5.7AI score0.00162EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/21 10:52 p.m.6 views

GHSA-RJR4-V43M-PXQ6 Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

6.3CVSS5.7AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/20 3:28 p.m.13 views

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS5.6AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/19 11:25 p.m.4 views

CVE-2026-23644

esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...

8.7CVSS5.5AI score0.00476EPSS
Exploits1References1
NVD
NVD
added 2026/01/19 9:15 p.m.7 views

CVE-2026-23880

OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin wh...

7.3CVSS0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/01/19 4:15 p.m.6 views

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS0.00332EPSS
Exploits0References2
Rows per page
Query Builder