Lucene search
K

3424 matches found

RedHat Linux
RedHat Linux
added 12 hours ago3 views

kernel: smb/client: fix out-of-bounds read in smb2_compound_op()

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...

9.1CVSS6.1AI score0.00478EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2 days ago5 views

CVE-2026-13708

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...

7.5CVSS6.1AI score0.00375EPSS
Exploits0
OSV
OSV
added 2 days ago3 views

OESA-2026-2846 perl security update

Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: Socket versions before 2.041 for Perl ha...

9.1CVSS5.9AI score0.00389EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-55698

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV implementation where the software scratch area is not required to reside in the GHCB shared buffer when GHCB v2+ is used. This allows a malicious SNP guest...

6.2AI score0.00267EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 6 days ago3 views

Vim 9.2.0320 < 9.2.0679 Out-of-Bounds Read (GHSA-ww8h-47xp-hp4w)

The version of Vim installed on the remote host is between 9.2.0320 and 9.2.0679 exclusive. It is, therefore, affected by a vulnerability. - A crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays...

6.8CVSS5.9AI score0.00119EPSS
Exploits0References2
CVE
CVE
added last week48 views

CVE-2026-53467

ImageMagick’s CVE-2026-53467 affects the MNG decoder. Prior to 6.9.13-51 and 7.1.2-26, the decoder can disclose heap information because part of the pixels are left unchanged. Fixed in 6.9.13-51 and 7.1.2-26. Affected software: ImageMagick (Image editing/manipulation tool); component: MNG decoder...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:38 p.m.5 views

CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 2:38 p.m.28 views

CVE-2025-15646

HTML::Gumbo for Perl before 0.19 is vulnerable to heap memory disclosure via type confusion when parsing documents containing a element. The issue arises because libgumbo’s walk_tree was not updated to support , causing the element to be treated as a text node and enabling strlen() over-read of ...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 11:22 p.m.33 views

CVE-2026-54897 Oj : Use-After-Free in Oj::Doc Iterators via Reentrant Close

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-549 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.7AI score0.00831EPSS
Exploits1References6
Rockylinux
Rockylinux
added 2026/06/28 12:1 a.m.23 views

pandoc security update

An update is available for pandoc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pandoc is a markdown/markup conversion tool. The version of pandoc in Rocky...

9.8CVSS7.3AI score0.04192EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.7 views

EulerOS 2.0 SP15 : libarchive (EulerOS-SA-2026-2445)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of...

7.5CVSS7.1AI score0.00882EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 4:16 p.m.7 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS0.00551EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/26 3:15 p.m.33 views

CVE-2026-5757 There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

0.00551EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/26 3:15 p.m.9 views

EUVD-2026-39786

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS6.7AI score0.00551EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 3:15 p.m.29 views

CVE-2026-5757

CVE-2026-5757 concerns Ollama’s model quantization engine. The CERT entry describes an unauthenticated remote information-disclosure vulnerability triggered via the model upload interface. Root cause: three factors—no bounds checking on user-supplied GGUF header metadata, unsafe memory access usi...

7.5CVSS6.7AI score0.00551EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 7:34 a.m.8 views

CVE-2026-54236

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit this vulnerability by sending specially crafted malformed image bytes through the Anthropic Messages API. This action causes an error message to be generated that...

5.3CVSS5.6AI score0.00796EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/25 11:53 p.m.6 views

CVE-2025-15661

A flaw in libssh2's sftpsymlink function allows a malicious SSH server or man-in-the-middle attacker to trigger an out-of-bounds heap read via a crafted SSHFXPNAME response. This can disclose heap memory contents or crash the application, causing a denial of service DoS. Mitigation Implement stri...

8.3CVSS7.1AI score0.00267EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/25 6:6 p.m.4 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS6.8AI score0.01052EPSS
Exploits1References10
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-57454

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

6.8CVSS0.00119EPSS
Exploits0References3
Rows per page
Query Builder