CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

NVD•added 2026/05/22 11:16 a.m.•7 views

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS0.00038EPSS

Exploits0References1

CNNVD•added 2026/05/19 12:0 a.m.•4 views

SAMSUNG Escargot 安全漏洞

SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a security vulnerability that stems from excessively large memory allocation values, which may...

5.5CVSS5.8AI score0.0001EPSS

Exploits0References1

EUVD•added 2026/05/05 9:31 a.m.•3 views

EUVD-2026-27243

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.3CVSS5.8AI score0.00251EPSS

Exploits0References2

Tenable Nessus•added 2026/04/22 12:0 a.m.•8 views

openSUSE 16 Security Update : qemu (openSUSE-SU-2026:20567-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20567-1 advisory. Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCMINFO requests se...

5.1CVSS5.7AI score0.00019EPSS

Exploits1References9

CNNVD•added 2026/04/09 12:0 a.m.•3 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from unlimited memory allocation issues in remote media HTTP error handling, which could lead to excessive...

6.9CVSS5.8AI score0.00157EPSS

Exploits0References4

CNNVD•added 2026/04/07 12:0 a.m.•3 views

go-ipld-prime 安全漏洞

go-ipld-prime is an implementation of the IPLD open-source specification interface. Versions of go-ipld-prime prior to 0.22.0 contained security vulnerabilities. These vulnerabilities stemmed from the DAG-CBOR decoder using the set size declared in the CBOR header as a hint for Go’s pre-allocatio...

6.2CVSS7.3AI score0.00006EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 2:59 p.m.•2 views

CVE-2026-28253

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition...

8.7CVSS5.8AI score0.00072EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:53 a.m.•5 views

CVE-2021-27502

Texas Instruments TI-RTOS, when configured to use HeapMem heapdefault, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMemallocUnprotected' and result in code execution...

7.8CVSS7.4AI score0.00057EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:53 a.m.•6 views

CVE-2021-27431

ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc local malloc equivalent function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution...

9.8CVSS7.1AI score0.00517EPSS

Exploits0References1

RedhatCVE•added 2025/12/11 8:38 a.m.•2 views

CVE-2025-66564

A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header...

7.5CVSS6AI score0.00019EPSS

Exploits0References5

IBM Security Bulletins•added 2025/11/28 7:16 p.m.•5 views

Security Bulletin: Astronomer with IBM is vulnerable to unbounded memory allocation due to the axios package (CVE-2025-58754)

Summary Axios is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL wi...

7.5CVSS6.4AI score0.00257EPSS

Exploits1Affected Software1

Rockylinux•added 2025/11/25 9:4 a.m.•3 views

mingw-expat security update

An update is available for mingw-expat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. The mingw-expat packages...

7.5CVSS7AI score0.00102EPSS

Exploits1

EUVD•added 2025/10/07 7:31 p.m.•1 views

EUVD-2025-32887

The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a Denial-of-Service DoS. The...

7.5CVSS6.5AI score0.00075EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-20567

Malware in sbrugna...

8.8CVSS7.8AI score0.00288EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2009-3585

Malware in sbrugna...

9.3CVSS6.1AI score0.07495EPSS

Exploits1References57