Lucene search
+L

611 matches found

Snyk
Snyk
added 2026/05/18 5:48 p.m.11 views

Improper Validation of Array Index

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 5:48 p.m.15 views

Improper Validation of Array Index

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/15 5:30 p.m.9 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the CertVerifier.Verify function. An attacker can cause the process to panic and exit with a success code by providing a CMS/PKCS7 signed message containing an empty certificate set, which lead...

5.4CVSS5.8AI score0.00111EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 10:4 p.m.10 views

CVE-2026-40863 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 3:16 p.m.6 views

UBUNTU-CVE-2026-43442

In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References5
NVD
NVD
added 2026/05/06 10:16 a.m.19 views

CVE-2026-43110

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...

8.8CVSS0.00244EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/05 10:21 p.m.7 views

Improper Validation of Array Index

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Array Index via the getinputpositionstensor function. An attacker can cause the service to terminate or become unavailable by...

7.5CVSS5.8AI score0.00414EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/29 8:44 p.m.8 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the UpdatePathAttrs4ByteAs function when processing malformed BGP UPDATE messages containing both ASPATH and AS4PATH attributes. An attacker can cause the process to crash by sending a specially...

8.7CVSS5.8AI score0.00503EPSS
Exploits1References2
NVD
NVD
added 2026/04/24 3:16 p.m.7 views

CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.5CVSS0.00125EPSS
Exploits0References9
OSV
OSV
added 2026/04/24 3:16 p.m.5 views

DEBIAN-CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.5CVSS5.3AI score0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 2:42 p.m.35 views

CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

0.00125EPSS
Exploits0References9
OSV
OSV
added 2026/04/24 2:42 p.m.4 views

CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References12
NVD
NVD
added 2026/04/22 2:16 p.m.11 views

CVE-2026-31449

In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes ext4extcorrectindexes walks up the extent tree correcting index entries when the first extent in a leaf is modified. Before accessing pathk.pidx-eiblock, there is no validation...

7.8CVSS0.00135EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.8 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013679)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013679 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TC...

6AI score0.00197EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/20 2:12 a.m.5 views

fontforge: FontForge: Remote Code Execution via malicious SFD file parsing

A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...

8.8CVSS8.1AI score0.00581EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.14 views

PT-2026-31634

Name of the Vulnerable Software and Affected Versions DicomImageDecoder affected versions not specified Description An out-of-bounds read issue exists in the DecodeLookupTable function within DicomImageDecoder.cpp. The lookup-table decoding logic for PALETTE COLOR images does not validate pixel...

5.8AI score0.00666EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/07 4:15 p.m.6 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the losslessjpegloadraw function. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted file. Remediation Upgrade libraw to version 0.22.1 or higher...

9.8CVSS6.1AI score0.00746EPSS
Exploits1References2
OSV
OSV
added 2026/04/07 2:58 p.m.4 views

GO-2026-4789 Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats

Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats...

5.7CVSS5.8AI score0.00239EPSS
Exploits0References4
Talos
Talos
added 2026/04/07 12:0 a.m.7 views

LibRaw lossless_jpeg_load_raw heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2331 LibRaw losslessjpegloadraw heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-21413 SUMMARY A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A...

9.8CVSS6.4AI score0.00746EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2026/03/31 12:0 a.m.7 views

Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of...

8.2CVSS6.2AI score0.00186EPSS
Exploits0References1
Rows per page
Query Builder