CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5955 matches found

Positive Technologies•added 2026/01/01 12:0 a.m.•2 views

PT-2026-7615

Name of the Vulnerable Software and Affected Versions libjxl affected versions not specified Description A crafted file can lead to libjxl's decoder writing pixel data to uninitialized and unallocated memory. Subsequently, data from another uninitialized region is copied to pixel data. This occur...

8.7CVSS5.2AI score0.00031EPSS

Exploits1References22

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

PT-2026-24131

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 ImageMagick versions prior to 6.9.13-41 Description ImageMagick is software used for editing and manipulating digital images. A heap over-read issue exists in the MAT decoder due to incorrect...

4.8CVSS5.8AI score0.00063EPSS

Exploits0References103

Positive Technologies•added 2026/01/01 12:0 a.m.•4 views

PT-2026-24123

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 Description ImageMagick is software used for editing and manipulating digital images. A flaw exists in the SIXEL decoder that allows an attacker to cause an out-of-bounds write through a specially crafted...

6.5CVSS5.8AI score0.00067EPSS

Exploits0References97

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

PT-2026-25337

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A division by zero error exists in the MS-ADPCM and IMA-ADPCM decoders when the nBlockAlign variable is 0, resulting in a crash. The...

9.8CVSS5.8AI score0.00164EPSS

Exploits7References71

Positive Technologies•added 2026/01/01 12:0 a.m.•3 views

PT-2026-5330

Name of the Vulnerable Software and Affected Versions alsa-lib versions 1.2.2 through 1.2.15.2 Description alsa-lib contains a heap-based buffer overflow in the topology mixer control decoder. The tplg decode control mixer1 function reads the num channels field from untrusted .tplg data and uses ...

4.6CVSS5.7AI score0.00008EPSS

Exploits0References17

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

PT-2026-24126

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 ImageMagick versions prior to 6.9.13-41 Description ImageMagick is software for editing and manipulating digital images. A heap use-after-free issue exists in ImageMagick’s MSL decoder. By crafting a...

5.3CVSS5.8AI score0.00063EPSS

Exploits0References102

Positive Technologies•added 2026/01/01 12:0 a.m.•0 views

PT-2026-24130

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 ImageMagick versions prior to 6.9.13-41 Description ImageMagick is software used for editing and manipulating digital images. A flaw exists in the JBIG decoder due to a missing check, leading to an...

7.8CVSS5.8AI score0.00067EPSS

Exploits0References107

Github Security Blog•added 2025/12/31 10:1 p.m.•11 views

CBORDecoder reuse can leak shareable values across decode calls

Summary When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag 29. This allows an attacker-controlled message to read data from previously decoded...

7.5CVSS6.8AI score0.00019EPSS

Exploits1References6Affected Software1

EUVD•added 2025/12/31 10:1 p.m.•4 views

EUVD-2025-205866

CBORDecoder reuse can leak shareable values across decode calls...

6.9CVSS6.3AI score0.00019EPSS

Exploits1References3

OSV•added 2025/12/31 10:1 p.m.•1 views

GHSA-WCJ4-JW5J-44WH CBORDecoder reuse can leak shareable values across decode calls

6.9CVSS6.7AI score0.00019EPSS

Exploits1References6

RedhatCVE•added 2025/12/31 3:48 p.m.•2 views

CVE-2023-54284

In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in writetstodecoder The buf4 value comes from the user via tsplay. It is a value in the u8 range. The final length we pass to av7110ipackinstantrepack is "len - buf4 + 1 - 4" so add a check to...

5.8AI score0.0004EPSS

Exploits0References4

Snyk•added 2025/12/31 2:41 a.m.•2 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview cbor2 is a CBOR deserializer with extensive tag support Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the CBORDecoder instance. An attacker can access data from previously decoded messages with a message that...

7.5CVSS6.7AI score0.00019EPSS

Exploits1References2

NVD•added 2025/12/31 2:15 a.m.•2 views

CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

7.5CVSS0.00019EPSS

Exploits1References2

OSV•added 2025/12/31 2:15 a.m.•0 views

PYSEC-2025-90

7.5CVSS5.8AI score0.00019EPSS

Exploits1References2