Lucene search
+L

238 matches found

NVD
NVD
added yesterday7 views

CVE-2026-49208

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, when a LiveProp is typed as DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value, allowing client-supplied...

6.9CVSS
Exploits0References4
Fedora
Fedora
added 2026/07/10 1:6 a.m.10 views

[SECURITY] Fedora 43 Update: python-pendulum-3.2.0-1.fc43

Unlike other datetime libraries for Python, Pendulum is a drop-in replacement for the standard datetime class it inherits from it, so, basically, you can replace all your datetime instances by DateTime instances in you code. It also removes the notion of naive datetimes: each Pendulum instance is...

5.9AI score
Exploits0
Circl
Circl
added 2026/07/08 7:3 p.m.8 views

CVE-2026-0282

creationtimestamp| type| source ---|---|--- 2026-07-08 19:03:50+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3mq5spheeb723 2026-07-09 04:46:18+00:00| seen| https://www.hkcert.org/security-bulletin/palo-alto-products-multiple-vulnerabilities20260709 2026-07-09 21:04:25+00:00| seen...

6.9CVSS6.6AI score0.00288EPSS
Exploits0References4
Circl
Circl
added 2026/07/01 10:26 p.m.8 views

CVE-2026-53340

creationtimestamp| type| source ---|---|--- 2026-07-01 22:26:33+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmkrk2x5l2r...

5.8AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 1:19 p.m.18 views

CVE-2026-58011

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

7.5CVSS0.00344EPSS
Exploits1References4
OSV
OSV
added 2026/06/30 1:19 p.m.5 views

UBUNTU-CVE-2026-58011

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

7.5CVSS5.7AI score0.00344EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/30 12:57 p.m.7 views

CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

6.5CVSS5.7AI score0.00344EPSS
Exploits1References3
CVE
CVE
added 2026/06/30 12:57 p.m.28 views

CVE-2026-58011

CVE-2026-58011 (GLib) : A flaw in GLib’s g_date_time_get_ymd (glib/gdatetime.c) allows an out-of-bounds read of 2 bytes when an invalid GDateTime object from g_date_time_add_full is processed. This can corrupt date output and potentially cause logic errors leading to a denial of service. Exploita...

7.5CVSS5.7AI score0.00344EPSS
Exploits1References4Affected Software2
AlpineLinux
AlpineLinux
added 2026/06/30 12:57 p.m.9 views

CVE-2026-58011

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

7.5CVSS5.7AI score0.00344EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/30 12:57 p.m.51 views

CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

6.5CVSS0.00344EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 12:57 p.m.3 views

CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

6.5CVSS5.9AI score0.00344EPSS
Exploits1References8
OSV
OSV
added 2026/06/19 7:23 p.m.8 views

GHSA-89G7-22C8-3J23 ux-live-component: Format-less date LiveProps parsed with the permissive DateTime constructor

Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value. The DateTime / DateTimeImmutable constructors accept relative strings such as "now", "tomorrow",...

6.9CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51049

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.8.0 through 2.35.0 Symfony UX versions 3.0.0 through 3.0.x Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, the function hydrateObjectValue in...

6.9CVSS5.4AI score
Exploits0References7
Circl
Circl
added 2026/06/18 8:15 a.m.24 views

CVE-2026-10736

creationtimestamp| type| source ---|---|--- 2026-06-18 08:15:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mokf5nzsdj2z 2026-06-19 02:33:25+00:00| seen| https://bsky.app/profile/pmloik.bsky.social/post/3momciyt73y2g...

4.9CVSS5.8AI score0.00363EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44241

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

7.5CVSS5.6AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.6AI score0.00358EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:30 a.m.14 views

EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/02 11:27 p.m.47 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS0.00128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:32 p.m.13 views

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/12 9:20 p.m.6 views

CVE-2026-44241 Micronaut Framework: Unbounded formattersCache in TimeConverterRegistrar Allows Memory Exhaustion via Accept-Language Header

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, 3.10.6, and 3.8.14, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the...

7.5CVSS6.2AI score0.0055EPSS
Exploits0References9
Rows per page
Query Builder