2058 matches found
EUVD-2022-31079
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash due to a double fetch vulnerability at aswArPot+0xc4a3...
CVE-2026-8119
CVE-2026-8119 affects Open5GS up to 2.7.7, specifically the NSSF path. The vulnerable element is the function ogs_sbi_stream_find_by_id in the file /lib/sbi/nghttp2-server.c of the NSSF component. A manipulation leads to a denial of service . The vulnerability requires a local attacker (attack ve...
EUVD-2026-28417
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...
CVE-2026-8086
OSGeo GDAL contains a local heap-based buffer overflow in SWnentries (SWapi.c) affecting versions up to 3.13.0dev-4. The vulnerability arises from incorrect handling of DimensionName. Local exploitation is possible; a public exploit exists. Remediation: upgrade to 3.12.4RC1 (patch 9491e794f1757f0...
PT-2026-38571
Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A weakness in the GDfieldinfo function within the frmts/hdf4/hdf-eos/GDapi.c file can lead to an out-of-bounds read, which occurs when a program reads data past the end of the intended buffer...
CVE-2026-43015
A flaw was found in the Linux kernel’s macb network driver. Improper handling of clock resources during the removal of a PCI Peripheral Component Interconnect device driver can lead to a use-after-free vulnerability. A local attacker could exploit this by performing specific module operations,...
CVE-2026-37526
AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...
BIT-PYTORCH-2026-4538 PyTorch pt2 Loading deserialization
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...
JLSEC-2026-329
A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5Omsgflush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The...
JLSEC-2026-343
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to...
JLSEC-2026-342
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5Omtimenewencode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the...
JLSEC-2026-351
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FSsectlinksize of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to t...
JLSEC-2026-347
A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5Gnodecmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...
Linux Distros Unpatched Vulnerability : CVE-2026-7233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component...
CVE-2026-7318
The CVE affects elie mcp-project 0.1.0, specifically the function search_papers in research_server.py. The vulnerability arises from path traversal when manipulating the topic argument. Local access is required for exploitation, and the exploit is publicly available. No remediation or patch detai...
CVE-2026-7179 OSPG binwalk WinCE Extraction Plugin winceextract.py read_null_terminated_string path traversal
A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...
CVE-2026-7038
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...
JLSEC-2026-192
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be...
SUSE CVE-2026-3392
A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function evaltree of the file src/lilyemitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could ...
EUVD-2026-22361
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...