Lucene search
K

3816 matches found

Debian CVE
Debian CVE
added 2026/06/04 11:4 p.m.9 views

CVE-2026-11069

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00209EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/04 1:56 p.m.15 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
CVE
CVE
added 2026/06/04 1:22 p.m.18 views

CVE-2019-25736

LabF nfsAxe 3.7 Ping Client is affected by a buffer overflow in the Host IP field that enables local code execution via a crafted input file containing shellcode and a overwritten return address, potentially running commands such as calc.exe. The CVSS metrics reported a high-severity, local-explo...

8.6CVSS6.4AI score0.00146EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 1:22 p.m.14 views

CVE-2019-25733

NetShareWatcher 1.5.8.0 contains a structured exception handler (SEH) buffer overflow in which a malicious input in the Restrictions custom filter field can overwrite SEH/NSEH pointers and cause code execution when Find is invoked. This is a local vulnerability with high impact (CVSSv3.1/8.4, CVS...

8.6CVSS6.6AI score0.00148EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/04 12:42 p.m.15 views

CVE-2026-47319

A flaw was found in rlottie, an open-source library for rendering Lottie animations. A remote attacker could exploit this vulnerability by providing a specially crafted input that leads to excessive memory allocation. This excessive allocation can cause resource exhaustion, resulting in a Denial ...

6.1CVSS5.8AI score0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 8:7 a.m.11 views

EUVD-2026-34226

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS6.2AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46158

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS6.2AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/03 9:23 p.m.13 views

CVE-2026-3276

A flaw was found in the unicodedata.normalize function in Python. This vulnerability allows a remote attacker to cause excessive CPU consumption by providing specially crafted Unicode input. Successful exploitation can lead to a Denial of Service DoS on the affected system. Mitigation Mitigation...

6.3CVSS5.7AI score0.00492EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/03 10:53 a.m.16 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2026/06/03 12:0 a.m.18 views

Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: denial of service via crafted XML input CVE-2026-45186 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/02 10:22 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the serialization algorithm in the PrefetchPageLinks function. An attacker can cause a denial of service by supplying specially crafted user input that is reflected and processed...

8.7CVSS5.9AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 6:28 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the deserialization process. An attacker can execute arbitrary code, tamper with data, or access sensitive information by providing specially crafted input to the deserialization mechanism. Details...

8.5CVSS6.1AI score0.0017EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.12 views

SUSE CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 10:16 p.m.12 views

CVE-2018-25432

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

8.6CVSS0.00162EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 9:0 p.m.19 views

CVE-2018-25432

Arm Whois 3.11 is affected by a local buffer overflow that allows code execution via exception handler hijacking. An input file crafted with a 672-byte offset can overwrite nSEH and SEH pointers, enabling arbitrary code execution when the structured exception handler is triggered. CVSS data prese...

8.6CVSS6.7AI score0.00162EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/01 8:24 a.m.11 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the readanimations function of the Half-Life 1 MDL Loader component. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input files. Remediation There is no...

5.6CVSS6.3AI score0.00127EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/31 11:16 p.m.8 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the ImportEmbeddedTextures function of the TF File Handler component. An attacker can cause a denial of service by providing specially crafted input files that trigger a null pointer dereference during...

5.5CVSS5.5AI score0.00115EPSS
Exploits0References2
OSV
OSV
added 2026/05/31 8:16 p.m.9 views

DEBIAN-CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/31 7:43 p.m.15 views

EUVD-2026-33517

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

5.8AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/31 7:43 p.m.36 views

CVE-2026-8796 Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

0.00399EPSS
Exploits0References2
Rows per page
Query Builder