Lucene search
K

3645 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

6.5CVSS0.00105EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43185

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

4.8CVSS6.1AI score0.00105EPSS
Exploits0References2
CVE
CVE
added 3 days ago13 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 lacks a check for the allowed memory allocation limit in matrix-backed operations (e.g., -canny). A crafted image can cause ImageMagick to allocate more memory than policy permits, resulting in a denial of service. Affected components: ImageMagick's memor...

6.5CVSS6.1AI score0.00105EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42764

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References8
NVD
NVD
added 4 days ago4 views

CVE-2026-15311

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...

5.1CVSS0.00203EPSS
Exploits0References7
CVE
CVE
added 5 days ago10 views

CVE-2026-15311

The CVE-2026-15311 entry concerns NousResearch hermes-agent (Matrix Adapter). The vulnerability specifically affects MatrixAdapter._markdown_to_html in gateway/platforms/matrix.py, enabling cross-site scripting. It can be exploited remotely and publicly available exploit code exists. The related ...

5.1CVSS4.2AI score0.00203EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-15311 NousResearch hermes-agent Matrix Adapter matrix.py MatrixAdapter._markdown_to_html cross site scripting

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter.markdowntohtml of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed...

5.1CVSS0.00203EPSS
Exploits0References7
Mageia
Mageia
added 6 days ago4 views

Updated vips packages fix security vulnerabilities

This update fixes several security issues: A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack need...

7.8CVSS5.6AI score0.00209EPSS
Exploits3References2
OSV
OSV
added last week3 views

PYSEC-2026-997 `CHECK_EQ` fail via input in `SparseMatrixNNZ`

Impact An input sparsematrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.rawops.SparseMatrixNNZ. python import tensorflow as tf tf.rawops.SparseMatrixNNZsparsematrix= Patches We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The...

4.8CVSS5.9AI score0.0044EPSS
Exploits1References7
OSV
OSV
added last week3 views

PYSEC-2026-980 TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`

Impact When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf a = tf.constant, shape=0, 1, 1, dtype=tf.float32 tf.linalg.matrixranka=a Patches We have patched the issue in GitHub...

5.9CVSS5.9AI score0.00405EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:3 a.m.3 views

PYSEC-2026-1018 Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`

Impact The implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf indices = tf.constant53, shape=3, dtype=tf.int64 values =...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11
EUVD
EUVD
added 2026/07/02 5:13 p.m.11 views

EUVD-2026-36317

OpenClaw: Matrix allowFrom could bind to mutable display names...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 5:13 p.m.5 views

GHSA-7HXM-F538-3XP6 OpenClaw: Matrix allowFrom could bind to mutable display names

Summary Matrix allowFrom could bind to mutable display names. In affected versions, a Matrix account able to change display name metadata could match a policy entry through mutable display metadata. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS6AI score0.00444EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-57963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This...

6.5CVSS6.1AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 2:17 a.m.3 views

DEBIAN-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 2:17 a.m.4 views

UBUNTU-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 12:58 a.m.8 views

EUVD-2026-40862

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54448

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description An attacker can inject arbitrary styled content, phishing links, and CSS to manipulate the chat UI by sending HTML chat messages via Matrix or XMPP...

6.5CVSS6AI score0.00181EPSS
Exploits0References11
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/28 12:0 a.m.7 views

Security update for openbabel (moderate)

openSUSE Security Update: Security update for openbabel Announcement ID: openSUSE-SU-2026:0220-1 Rating: moderate References: 1258501 Cross-References: CVE-2026-2704 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...

8.1CVSS5.8AI score0.00759EPSS
Exploits1References1
Rows per page
Query Builder