7230 matches found
CVE-2026-53441
A flaw was found in Jenkins. This vulnerability, a stored cross-site scripting XSS issue, allows attackers with Agent/Configure permission to inject malicious scripts into the user-provided description of a generic offline cause. When other users view this description, the injected script can...
CVE-2026-48294
CVE-2026-48294 concerns Adobe Acrobat PDF Extension (Chrome)
CVE-2026-0155
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.
A flaw was found in ncurses. This vulnerability, a buffer overflow, exists within the analyzestring function. An attacker could potentially exploit this to execute unauthorized code on the affected system, which might lead to a denial of service in the affected application, the corruption of data...
CVE-2026-1765
CVE-2026-1765 concerns GNOME localsearch’s tracker-miners: the tracker-extract-mp3 component is vulnerable to a heap buffer overflow when processing crafted MP3 files, potentially causing Denial of Service (crash) and, in some cases, information disclosure from memory. The issue is confirmed acro...
PT-2026-49876
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Centralized Third Party Jars. The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence...
EUVD-2026-36770
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...
CVE-2026-52722 Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...
CVE-2026-53703
A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...
CVE-2026-49875
A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...
CVE-2026-50872
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...
ROS-20260615-73-0032
The vulnerability of the RDP client FreeRDP relates to reading beyond the memory boundaries. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system...
ROS-20260615-73-0039
The vulnerability of the RDP client FreeRDP relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of protected information...
CVE-2026-50872
The CVE-2026-50872 entry affects fossar selfoss v2.20-SNAPSHOT, with a vulnerability in the loopback request handling component that could allow arbitrary command execution and leakage of sensitive data via a crafted HTTP request. The issue is described across multiple sources (NVD/ENISA/CVE list...
PT-2026-49335
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description An out-of-bounds read occurs in the VA JPEG decoder within the gst-plugins-bad module. The JPEG parser reads a segment length value from the bitstream without validating it...
The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages relates to operations that occur outside of the buffer in memory, allowing attackers to disclose protected information.
The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by these applications...
[SECURITY] [DSA 6344-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6344-1 [email protected] https://www.debian.org/security/ Andres Salomon June 13, 2026 https://www.debian.org/security/faq -...
Debian dsa-6344 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6344 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6344-1 [email protected]...
CVE-2026-45085 Discourse: Chat misauthorization and information disclosure
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...
CVE-2026-45085 Discourse: Chat misauthorization and information disclosure
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...