Lucene search
K

135 matches found

NVD
NVD
added 2026/06/29 12:16 p.m.8 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-430 OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

9.8CVSS7.7AI score0.03166EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in hdf5

A issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5ACunpinentry, located in H5AC.c. This allows an attacker to cause a Denial of Service attack...

5.5CVSS6.8AI score0.01419EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/16 7:33 a.m.5 views

mysql: JSON unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

6.5CVSS6.9AI score0.00303EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

decompress 安全漏洞

Decompress is a file decompression tool personally developed by Kevin Mårtensson. Decompress has a security vulnerability; this vulnerability arises when decompressing a ZIP archive that contains two entries with the same path. Due to issues with the order of micro-task processing, arbitrary file...

7.5CVSS5.5AI score0.00521EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/22 8:59 p.m.12 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.8AI score0.00302EPSS
Exploits1
Snyk
Snyk
added 2026/05/05 8:13 p.m.8 views

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber/v2 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...

6.1CVSS6AI score0.00212EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 1:21 p.m.8 views

JLSEC-2026-330

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FLblkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed...

5.3CVSS4.3AI score0.00229EPSS
Exploits1References4
OSV
OSV
added 2026/04/29 1:21 p.m.10 views

JLSEC-2026-293

HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

7.4CVSS8.8AI score0.00223EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013784)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013784 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor,...

5.6AI score0.00207EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/16 1:33 a.m.5 views

CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

4.9CVSS5.8AI score0.00134EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.16 views

Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing

A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a malformed Internationalized Domain Name IDN to the url.format function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. Thi...

5.7CVSS6.4AI score0.00325EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/04/01 1:40 p.m.4 views

Security update for freerdp2

This update for freerdp2 fixes the following issues: CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing bsc1258979. CVE-2026-26955: Out-of-bounds Write in freerdp bsc1258982. CVE-2026-26965: Out-of-bounds Write in freerdp bsc1258985. CVE-2026-31806: improper validation of server messages...

8.8CVSS6.6AI score0.00656EPSS
Exploits5References24
Cvelist
Cvelist
added 2026/03/17 6:52 p.m.24 views

CVE-2025-66617

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

6.1CVSS0.00268EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:12 p.m.3 views

CVE-2026-30837

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24422

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References3
OSV
OSV
added 2026/02/28 12:45 p.m.12 views

OESA-2026-1456 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

9.8CVSS6.7AI score0.00671EPSS
Exploits0References32
SUSE CVE
SUSE CVE
added 2026/02/21 12:24 a.m.5 views

SUSE CVE-2026-26200

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...

7.8CVSS6.6AI score0.00356EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/20 12:19 a.m.2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5Tconvstructopt function. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted h5 file. Remediation Upgrade hdf5 to version 1.14.4.3 or higher. Referenc...

8.5CVSS6.1AI score0.00356EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/05 12:0 a.m.7 views

EUVD-2025-206860

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

5.4AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder