Lucene search
+L

5015 matches found

NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.5CVSS0.00112EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 6:3 p.m.39 views

CVE-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...

5.9CVSS0.00579EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:40 p.m.7 views

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/26 3:40 p.m.3 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS6AI score0.00113EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 3:40 p.m.9 views

EUVD-2026-39790

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 3:40 p.m.42 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS0.00113EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

RHEL 9 : webkit2gtk3 (RHSA-2026:28147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28147 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

8.8CVSS6.8AI score0.00693EPSS
Exploits0References34
EUVD
EUVD
added 2026/06/25 9:52 p.m.10 views

EUVD-2026-36184

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:52 p.m.2 views

GHSA-8PJ9-6897-74XC ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions

A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operations...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 7:16 p.m.13 views

CVE-2026-56788

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

7.1CVSS0.00119EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 7:16 p.m.11 views

CVE-2026-54092

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after...

6.5CVSS0.00484EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:14 p.m.6 views

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6.2AI score0.00239EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/25 6:13 p.m.9 views

EUVD-2026-39530

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

4.8CVSS5.9AI score0.00119EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/25 6:8 p.m.10 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS6AI score0.00411EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 6:6 p.m.19 views

CVE-2026-56770

Libais 0.15 is affected by an out-of-bounds vector access in VdmStream::AddLine caused by an unchecked sentinel value used as a vector index when handling AIS sentences with empty or out-of-range sequential IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM senten...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 4:16 p.m.19 views

CVE-2026-57455

Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...

7.8CVSS0.0012EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 1:49 p.m.9 views

EUVD-2026-39411

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:49 p.m.22 views

CVE-2026-6432

The CVE-2026-6432 entry concerns EmberZNet SDK versions 9.0.2 and earlier, with a root cause of improper bounds validation. This can lead to crashes or dynamic memory leakage. The available documents do not specify additional details such as affected products beyond EmberZNet SDK, release version...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:49 p.m.5 views

CVE-2026-6432

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 1:49 p.m.4 views

CVE-2026-6432 Improper bounds validation in EmberZNet SDK

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

5.3CVSS5.9AI score0.00308EPSS
Exploits0References5
Rows per page
Query Builder