Lucene search
K

254 matches found

Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.16 views

PT-2026-33524

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description A missing null terminator exists in the ptp unpack Canon FE function within the camlibs/ptp2/ptp-pack.c file. The function uses strncpy to copy a filename into a 13-byte buffer without ensuring t...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References34
OSV
OSV
added 2026/04/10 4:17 a.m.10 views

UBUNTU-CVE-2026-5500

wolfSSL's wcPKCS7DecodeAuthEnvelopedData does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸...

8.7CVSS5.8AI score0.00355EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/07 11:17 a.m.5 views

CVE-2026-35444

A flaw was found in SDLimage, a library used for loading various image formats. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted .xcf image file. This flaw, specifically a heap out-of-bounds read, occurs because pixel index values from decoded XCF...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/24 2:42 p.m.6 views

CVE-2026-4775

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

7.8CVSS5.9AI score0.00553EPSS
Exploits0
OSV
OSV
added 2026/03/23 2:16 p.m.2 views

DEBIAN-CVE-2026-4645

A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...

7.5CVSS5.8AI score0.00152EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/23 3:31 a.m.5 views

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

5.9CVSS5.7AI score0.0036EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/22 12:32 p.m.6 views

EUVD-2026-14299

A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high complexity. The...

7.3CVSS5.4AI score0.00125EPSS
Exploits0References5
OSV
OSV
added 2026/03/17 10:16 a.m.5 views

UBUNTU-CVE-2026-3633

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

6.5CVSS7.2AI score0.00223EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.22 views

PT-2026-25869

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the ucl object emit function when parsing and emitting the...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.4 views

EulerOS Virtualization 2.12.1 : gnutls (EulerOS-SA-2026-1428)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function that handles PKCS11 token initialization...

8.2CVSS7.1AI score0.01185EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/10 9:26 a.m.12 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 7:10 p.m.8 views

Security Bulletin: Vulnerabilities in qs-6.11.0.tgz, qs-6.13.0.tgz affecting MongoDB Enterprised Advanced (CVE-2025-15284)

Summary There are 2 vulnerabilities in qs-6.11.0.tgz, qs-6.13.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-15284. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...

6.3CVSS5.6AI score0.0041EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 11:27 a.m.4 views

CVE-2026-26958

A flaw was found in filippo.io/edwards25519, a Go library used for cryptographic operations. This vulnerability occurs in the MultiScalarMult function when it processes points that are not properly initialized or are not the identity point. Such conditions can lead to incorrect cryptographic...

6.3CVSS5.5AI score0.00366EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.8 views

macOS 15.x < 15.7.4 Multiple Vulnerabilities (126349)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.4. It is, therefore, affected by multiple vulnerabilities: - A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS...

8.8CVSS6.4AI score0.01279EPSS
Exploits1References38
OSV
OSV
added 2026/02/03 12:0 a.m.4 views

UBUNTU-CVE-2026-1764

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

5.6CVSS6.2AI score0.00209EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/01/26 1:9 p.m.5 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00633EPSS
Exploits0References6
CVE
CVE
added 2026/01/20 1:22 p.m.100 views

CVE-2025-15281

CVE-2025-15281 concerns the GNU C Library (glibc). The issue arises when wordexp is used with WRDE_REUSE together with WRDE_APPEND, which can cause we_wordv to be returned with uninitialized memory. On subsequent wordfree calls this memory state may trigger a process abort. The CVE is reflected i...

7.5CVSS5.3AI score0.00286EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/19 12:27 p.m.13 views

CVE-2025-15535

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

4.8CVSS5.1AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 12:43 a.m.6 views

GHSA-6GVQ-JCMP-8959 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Impact A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifi...

6.5CVSS6.6AI score0.00262EPSS
Exploits0References13
NVD
NVD
added 2025/12/12 7:16 p.m.20 views

CVE-2025-14569

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function readaudiodata of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project w...

5.3CVSS0.00119EPSS
Exploits0References5
Rows per page
Query Builder