CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3251 matches found

CVE•added 2026/04/23 9:57 p.m.•11 views

CVE-2026-41334

OpenClaw before 2026.3.31 is affected by a decompression bomb DoS in image processing. The vulnerability stems from failing to properly enforce pixel-limit guards on sips, allowing attackers to upload oversized images that exhaust memory and cause denial of service. The CVSS metrics indicate netw...

7.1CVSS5.8AI score0.00315EPSS

Exploits0References3Affected Software1

OSV•added 2026/04/23 4:25 p.m.•6 views

CLSA-2026-1776961553 bzip2: Fix of 2 CVEs

CVE-2019-12900: fix out-of-bounds write in BZ2decompress when many selectors are present - CVE-2016-3189: fix use-after-free in bzip2recover...

9.8CVSS6.8AI score0.15685EPSS

Exploits0References1

Positive Technologies•added 2026/04/23 12:0 a.m.•6 views

PT-2026-34765

OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized images to cause denial of service through excessive memory consumption...

7.1CVSS5.8AI score0.00315EPSS

Exploits0References5

CNNVD•added 2026/04/23 12:0 a.m.•5 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a decompression bomb vulnerability in image processing, which failed to properly execute pixel limit...

7.1CVSS5.9AI score0.00315EPSS

Exploits0References1

OSV•added 2026/04/22 9:48 p.m.•2 views

SUSE-SU-2026:21382-1 Security update for python-Pillow

This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks bsc1262184...

8.7CVSS5.3AI score0.00485EPSS

Exploits0References3

OSV•added 2026/04/22 9:45 p.m.•5 views

OPENSUSE-SU-2026:20617-1 Security update for python-Pillow

8.7CVSS5.3AI score0.00485EPSS

Exploits0References2

OSV•added 2026/04/21 6:24 p.m.•3 views

GHSA-R65V-XGWC-G56J OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

Summary ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's...

3.1CVSS5.8AI score0.00218EPSS

Exploits1References6

Github Security Blog•added 2026/04/21 6:24 p.m.•8 views

OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

6.5CVSS5.8AI score0.00218EPSS

Exploits1References6Affected Software1

EUVD•added 2026/04/21 6:24 p.m.•4 views

EUVD-2026-24031

OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction DoS...

3.1CVSS5.7AI score0.00218EPSS

Exploits1References5

RedhatCVE•added 2026/04/21 12:50 p.m.•3 views

CVE-2026-39396

A flaw was found in OpenBao. An attacker who controls or compromises the Open Container Initiative OCI registry can exploit a vulnerability in OpenBao's OCI plugin downloader. By serving a specially crafted container image, the attacker can cause the system to decompress an arbitrarily large file...

6.5CVSS5.7AI score0.00218EPSS

Exploits1References2

SUSE CVE•added 2026/04/21 12:16 p.m.•2 views

SUSE CVE-2026-39396

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

6.5CVSS5.8AI score0.00218EPSS

Exploits1References3

IBM Security Bulletins•added 2026/04/21 12:1 p.m.•4 views

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...

7.5CVSS5.6AI score0.00244EPSS

Exploits1Affected Software1

OSV•added 2026/04/21 2:16 a.m.•6 views

DEBIAN-CVE-2026-39886

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K High-Throughput JPEG 2000 decompression path. The htundoimp...

5.3CVSS5.5AI score0.00302EPSS

Exploits1References1

ATTACKERKB•added 2026/04/21 1:27 a.m.•5 views

CVE-2026-39886

8.6CVSS5.8AI score0.00463EPSS

Exploits3References3Affected Software1

NVD•added 2026/04/21 1:16 a.m.•7 views

CVE-2026-39396

6.5CVSS0.00218EPSS

Exploits1References1

Cvelist•added 2026/04/21 12:44 a.m.•26 views

CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

3.1CVSS0.00218EPSS

Exploits1References1

Vulnrichment•added 2026/04/21 12:44 a.m.•3 views

CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

3.1CVSS5.8AI score0.00218EPSS

Exploits1References1

CVE•added 2026/04/21 12:44 a.m.•15 views

CVE-2026-39396

OpenBao is vulnerable to a DoS via a decompression bomb in its OCI plugin extraction. Before version 2.5.3, ExtractPluginFromImage() streams decompressed tar data with no upper bound, using io.Copy without size checks. If an attacker controls the OCI registry, they can serve a crafted image that ...

6.5CVSS5.8AI score0.00218EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/04/21 12:44 a.m.•2 views

CVE-2026-39396

3.1CVSS5.8AI score0.00218EPSS

Exploits1References2Affected Software1