Lucene search
K

95396 matches found

Microsoft CVE
Microsoft CVE
added 4 days ago3 views

NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled

...

7.5CVSS6.1AI score0.00593EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago2 views

NATS Server: Remote crash via integer overflow in Connz pagination

...

7.7CVSS6.1AI score0.0056EPSS
Exploits0
OSV
OSV
added 5 days ago2 views

CVE-2026-55213 h2o: musl libc stack overflow (QPACK)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References4
NVD
NVD
added 5 days ago5 views

CVE-2026-55780

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS0.00112EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-39244

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

7.5CVSS0.00432EPSS
Exploits0References3
CVE
CVE
added 5 days ago8 views

CVE-2026-55780

NanaZip (7‑Zip derivative) prior to version 6.5.1749.0 is vulnerable due to its .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp, which sizes the extraction buffer from the bundle entry Size field without validating against the real file size. This allows an attacker...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-55780 NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-55780 NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References5
NVD
NVD
added 5 days ago8 views

CVE-2026-56373

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS0.0023EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-53877

A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-14461 Out-of-bound read in mtr

mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...

5.1CVSS6.1AI score0.00303EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42866

mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...

5.1CVSS6.1AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-40454

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS0.00278EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42834

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

7.5CVSS6.1AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score0.00421EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42712

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42714

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...

8.7CVSS5.9AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42718

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42715

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service DoS.When sFlow is configured in a Virtual Chassis VC scenario...

7.1CVSS6.1AI score0.00269EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago10 views

GStreamer < 1.28.5 Multiple Vulnerabilities

The version of GStreamer installed on the remote host is prior to 1.28.5. It is, therefore, affected by multiple vulnerabilities: - A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer...

7.1CVSS7.1AI score0.0031EPSS
Exploits0References4
Rows per page
Query Builder