CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/09 9:33 p.m.•1 views

CVE-2026-28686 ImageMagick has a write heap-buffer-overflow in PCL encoder via undersized output buffer

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-...

6.8CVSS6AI score0.00019EPSS

Cvelist•added 2026/03/09 9:33 p.m.•35 views

CVE-2026-28686 ImageMagick has a write heap-buffer-overflow in PCL encoder via undersized output buffer

6.8CVSS0.00019EPSS

CVE•added 2026/03/09 9:33 p.m.•10 views

CVE-2026-28686

CVE-2026-28686 affects ImageMagick’s PCL encoder. A heap-buffer-overflow is caused by an undersized output buffer allocation in the PCL encode path, allowing memory corruption. The issue is limited to the PCL encoding routine and is exploitable locally (no user interaction) with a medium overall ...

6.8CVSS6AI score0.00019EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/09 12:8 a.m.•2 views

OSV-2026-370 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=490658507 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.lang.System$2.encodeASCII java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop...

Packet Storm News•added 2026/03/08 12:0 a.m.•0 views

VoiceSHIELD-Small: Real-Time Malicious Speech Detection and Transcription

Voice interfaces are quickly becoming a common way for people to interact with AI systems. This also brings new security risks, such as prompt injection, social engineering, and harmful voice commands. Traditional security methods rely on converting speech to text and then filtering that text,...

Fedora•added 2026/03/07 12:34 a.m.•5 views

[SECURITY] Fedora 44 Update: libsixel-1.10.5-6.fc44

An encoder/decoder implementation for DEC SIXEL graphics...

4CVSS5.8AI score0.00017EPSS

Rapid7 Blog•added 2026/03/06 6:28 p.m.•7 views

Metasploit Wrap-Up 03/06/2026

Encoder exposed! Some of our releases add new ways in; this one adds new ways to stay in. There are, of course, still new RCE toys in the box Tactical RMM via Jinja2 SSTI and an unauthenticated MajorDoMo exploit. Still, the underlying theme is payloads: more control over how they are packaged and...

9.8CVSS5.6AI score0.55581EPSS

Exploits7

Fedora•added 2026/03/06 1:27 a.m.•7 views

[SECURITY] Fedora 42 Update: libsixel-1.10.5-5.fc42

An encoder/decoder implementation for DEC SIXEL graphics...

4CVSS5.9AI score0.00017EPSS

Fedora•added 2026/03/06 1:9 a.m.•4 views

[SECURITY] Fedora 43 Update: libsixel-1.10.5-5.fc43

An encoder/decoder implementation for DEC SIXEL graphics...

4CVSS5.9AI score0.00017EPSS

Packet Storm News•added 2026/03/05 12:0 a.m.•1 views

Deep Learning-Driven Friendly Jamming for Secure Multicarrier ISAC under Channel Uncertainty

Integrated sensing and communication ISAC systems promise efficient spectrum utilization by jointly supporting radar sensing and wireless communication. This paper presents a deep learning-driven framework for enhancing physical-layer security in multicarrier ISAC systems under imperfect channel...

OSV•added 2026/03/04 5:32 p.m.•3 views

CLSA-2026-1772452097 ImageMagick: Fix of 9 CVEs

CVE-2026-25798: fix NULL pointer dereference in ClonePixelCacheRepository - CVE-2026-24481: fix heap information disclosure in PSD handler - CVE-2026-25799: fix division-by-zero in YUV sampling factor validation - CVE-2026-26284: fix out-of-bounds read in PCD Huffman decoder - CVE-2026-25897: fix...

9.8CVSS6.8AI score0.00065EPSS

OSV•added 2026/03/03 12:49 p.m.•2 views

SUSE-SU-2026:0763-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. - CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. - CVE-2026-24677:...

9.1CVSS5.9AI score0.00026EPSS

Exploits0References23

IBM Security Bulletins•added 2026/02/27 11:52 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735.

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven...

6.5CVSS5.9AI score0.00024EPSS

Exploits1Affected Software1

OSV•added 2026/02/25 11:7 p.m.•1 views

GO-2026-4548 Sliver has Potential Zip Bomb Denial of Service in GzipEncoder in github.com/bishopfox/sliver

Sliver has Potential Zip Bomb Denial of Service in GzipEncoder in github.com/bishopfox/sliver...

5.4AI score

Exploits0References3

Github Security Blog•added 2026/02/25 5:36 p.m.•6 views

Sliver has Potential Zip Bomb Denial of Service in GzipEncoder

Summary GzipEncoder does not limit output size when processing compressed data. This allows unauthenticated remote attackers to crash sliver server by sending a http request with highly compressed gzip data aka zip bomb. Details In util/encoders/gzip.go, Decode method decompresses given data by...