171868 matches found
CVE-2026-56132
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...
CVE-2026-56132
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...
CVE-2026-56132
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...
SUSE CVE-2026-12325
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CGA-QPQR-6VCG-2G85
Bulletin has no description...
CGA-XHPH-HJ6Q-JQVX
Bulletin has no description...
CGA-77J6-8CMC-Q4XV
Bulletin has no description...
PT-2026-50831
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...
UBUNTU-CVE-2026-42055
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...
PT-2026-50984
Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...
PT-2026-50981
Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap buffer overflow occurs in the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode allows the first-pass stats ring buffer wrap-around guard to...
CGA-VGPQ-XPP4-4J5V
Bulletin has no description...
GO-2026-5062 Lack of limit on tile sizes in x/image/tiff in golang.org/x/image
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
GO-2026-5061 Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...
Malicious code in clx-cookie-signature (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0e91601d276764067b1b209efd17a1f59ef03ff4fc814bcb22c495f4a0f9b3 Package impersonates the popular cookie-signature library copying its README, author field 'TJ Holowaychuk ', and sign/unsign API, but index.js adds ...
MINI-GCCG-J4M6-Q6Q8
Bulletin has no description...
MINI-QV8G-W4FH-GCW6
Bulletin has no description...
MINI-FFXM-53GJ-7FJ8
Bulletin has no description...
MINI-3J4Q-6399-W2VJ
Bulletin has no description...
MINI-CFRM-3MMP-VWW9
Bulletin has no description...