Lucene search
K

172265 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 3:0 a.m.7 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.5AI score0.00088EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 3:0 a.m.9 views

EUVD-2026-37977

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.6AI score0.00088EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/19 3:0 a.m.5 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6AI score0.00088EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.7 views

SUSE CVE-2026-12325

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References7
Fedora
Fedora
added 2026/06/19 1:10 a.m.9 views

[SECURITY] Fedora 43 Update: perl-HTTP-Daemon-6.17-1.fc43

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01231EPSS
Exploits0
OSV
OSV
added 2026/06/19 12:53 a.m.5 views

CGA-QPQR-6VCG-2G85

Bulletin has no description...

6.9CVSS4.9AI score0.00223EPSS
Exploits0
OSV
OSV
added 2026/06/19 12:31 a.m.6 views

CGA-XHPH-HJ6Q-JQVX

Bulletin has no description...

5.3CVSS4.9AI score0.00238EPSS
Exploits0
OSV
OSV
added 2026/06/19 12:4 a.m.4 views

CGA-77J6-8CMC-Q4XV

Bulletin has no description...

5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50831

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...

4.9CVSS5.7AI score0.00102EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-50984

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...

7.1CVSS6AI score0.00399EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-50981

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap buffer overflow occurs in the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode allows the first-pass stats ring buffer wrap-around guard to...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References10
OSV
OSV
added 2026/06/19 12:0 a.m.4 views

UBUNTU-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.02887EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51082

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description When operating in object mode, the Oj.dump function is susceptible to a heap buffer overflow during the serialization of Exception objects if a large :indent value is used. The issue occurs because the...

8.7CVSS6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/18 11:57 p.m.5 views

CGA-VGPQ-XPP4-4J5V

Bulletin has no description...

7.5CVSS4.9AI score0.00301EPSS
Exploits0
OSV
OSV
added 2026/06/18 10:50 p.m.3 views

GO-2026-5062 Lack of limit on tile sizes in x/image/tiff in golang.org/x/image

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 10:46 p.m.5 views

GO-2026-5061 Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 10:28 p.m.9 views

Malicious code in clx-cookie-signature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0e91601d276764067b1b209efd17a1f59ef03ff4fc814bcb22c495f4a0f9b3 Package impersonates the popular cookie-signature library copying its README, author field 'TJ Holowaychuk ', and sign/unsign API, but index.js adds ...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/18 9:49 p.m.5 views

MINI-3J4Q-6399-W2VJ

Bulletin has no description...

5.3CVSS4.9AI score0.00796EPSS
Exploits1
OSV
OSV
added 2026/06/18 9:49 p.m.6 views

MINI-QV8G-W4FH-GCW6

Bulletin has no description...

7.5CVSS5AI score0.00281EPSS
Exploits0
OSV
OSV
added 2026/06/18 9:49 p.m.4 views

MINI-GCCG-J4M6-Q6Q8

Bulletin has no description...

6.9CVSS4.9AI score0.00261EPSS
Exploits1
Rows per page
Query Builder