Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23043 matches found

RedhatCVE
RedhatCVEadded 2026/02/26 2:58 p.m.3 views

CVE-2026-27888

A flaw was found in pypdf. A remote attacker can exploit this vulnerability by crafting a malicious PDF document. When a user processes this specially crafted PDF, it can lead to excessive memory consumption, resulting in a Denial of Service DoS for the affected system. This issue specifically...

8.7CVSS5.6AI score0.00348EPSS
Exploits1References7
OSV
OSVadded 2026/02/26 11:53 a.m.3 views

OPENSUSE-SU-2026:20273-1 Security update for 7zip

This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...

7.5CVSS6AI score0.00635EPSS
Exploits2References5
Veracode
Veracodeadded 2026/02/26 5:55 a.m.5 views

Unauthorized Code Execution

nbconvert is vulnerable to unauthorized code execution. The vulnerability is due to improper handling of SVG-to-PDF conversion on Windows where a malicious inkscape.bat file in the working directory can be executed, which allows an attacker to run arbitrary code when a user performs the conversio...

8.5CVSS6.2AI score0.00233EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/26 4:15 a.m.5 views

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

8.8CVSS6AI score0.00259EPSS
Exploits0References1
NVD
NVDadded 2026/02/26 1:16 a.m.9 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS0.00304EPSS
Exploits0References5
OSV
OSVadded 2026/02/26 1:16 a.m.7 views

DEBIAN-CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS8.1AI score0.00304EPSS
Exploits0References1
CVE
CVEadded 2026/02/26 12:45 a.m.70 views

CVE-2026-27830

CVE-2026-27830 affects the c3p0 JDBC connection pool. Before 0.12.0, the property userOverridesAsString was stored as a hex-encoded serialized object, enabling an attacker to reset it and trigger deserialization that could load code from a remote factoryClassLocation via embedded JNDI references....

8.9CVSS6.1AI score0.00304EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/02/26 12:45 a.m.25 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS0.00304EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/02/26 12:45 a.m.2 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS7.4AI score0.00304EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/02/26 12:45 a.m.4 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00304EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVEadded 2026/02/26 12:45 a.m.4 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS8.1AI score0.00304EPSS
Exploits0
OSV
OSVadded 2026/02/26 12:45 a.m.4 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00304EPSS
Exploits0References7
NVD
NVDadded 2026/02/26 12:16 a.m.6 views

CVE-2026-27799

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

4.4CVSS0.00123EPSS
Exploits0References3
OSV
OSVadded 2026/02/26 12:16 a.m.3 views

DEBIAN-CVE-2026-27799

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

4.4CVSS8AI score0.00123EPSS
Exploits0References1
OSV
OSVadded 2026/02/26 12:16 a.m.2 views

UBUNTU-CVE-2026-27799

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

4.4CVSS6AI score0.00123EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/02/26 12:0 a.m.4 views

psd-tools 安全漏洞

psd-tools is an open-source Python package designed for reading Adobe Photoshop PSD files. Versions of psd-tools prior to 1.12.2 contained security vulnerabilities. These vulnerabilities occurred due to the lack of handling of ValueError exceptions when processing PSD files containing...

9.1CVSS5.8AI score0.0041EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2026/02/26 12:0 a.m.4 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00304EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2026/02/26 12:0 a.m.3 views

CVE-2026-27799

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

4.4CVSS6AI score0.00123EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/02/25 11:20 p.m.20 views

CVE-2026-27799 ImageMagick has a heap Buffer Over-read in its DJVU image format handler

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

4CVSS0.00123EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/25 11:20 p.m.5 views

CVE-2026-27799 ImageMagick has a heap Buffer Over-read in its DJVU image format handler

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

4CVSS6AI score0.00123EPSS
Exploits0References3
Rows per page
Query Builder