Lucene search
K

369 matches found

NVD
NVD
added 15 hours ago6 views

CVE-2026-27690

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS
Exploits0References2
EUVD
EUVD
added 16 hours ago6 views

EUVD-2026-43584

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score
Exploits0References2
CVE
CVE
added 16 hours ago10 views

CVE-2026-27690

CVE-2026-27690 describes an HTTP Request Smuggling vulnerability in SAP Approuter. An unauthenticated attacker can send specially crafted requests to trigger request–response desynchronization, potentially exposing user responses and causing service unavailability. The CVE’s impact is listed as h...

9.1CVSS6AI score
Exploits0References2
EUVD
EUVD
added 5 days ago12 views

EUVD-2026-33941

mint: Content-Length header accepts non-RFC "+" sign prefix...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-53655

A flaw was found in node-tar. This vulnerability arises because node-tar incorrectly applies PAX extended header size records to subsequent intermediary metadata headers, leading to a desynchronization of the tar stream cursor compared to other standard tar implementations. A remote attacker coul...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 6 days ago4 views

gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS6AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago3 views

gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS6AI score0.0031EPSS
Exploits0References5
CVE
CVE
added 6 days ago13 views

CVE-2026-56362

CVE-2026-56362 affects ImageMagick prior to 7.1.2-15 with a heap-buffer-overflow read in GetPixelIndex caused by OpenPixelCache updating image channel metadata before memory allocation. Multiple sources (NVD, Red Hat, Debian security tracker, Alpine, CIRCL, PT Security, Luke/Snyk feeds) corrobora...

4.2CVSS6AI score0.00188EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-56362 ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...

3.3CVSS0.00188EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-57241 Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS0.00107EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42180

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56340

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue occurs when the application opens a PDF and JavaScript performs operations on the page and document. This causes page-related objects to lose synchronization, while t...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-58470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows...

6.9CVSS6.3AI score0.00247EPSS
Exploits0References3
NVD
NVD
added last week9 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added last week39 views

CVE-2026-58470 GNU Wget 1.25.0 Integer Overflow via Content-Range Header Parsing

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS0.00247EPSS
Exploits0References2
OSV
OSV
added last week5 views

CVE-2026-58470 GNU Wget 1.25.0 Integer Overflow via Content-Range Header Parsing

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
Rows per page
Query Builder