Lucene search
+L

2346 matches found

cvelist
cvelist
added 15 hours ago14 views

CVE-2026-3842 Qemu-kvm: hyperv/syndbg: missing mapped-length guard after cpu_physical_memory_map causes host oob write

A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpuphysicalmemorymap returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in...

7.8CVSS
Exploits0References2
cve
cve
added yesterday9 views

CVE-2026-14961

CVE-2026-14961 affects Pegatron tdeio64.sys exposing the .�5cTdeIo device. The IOCTL dispatch lacks privilege validation and does not validate user-supplied kernel addresses, allowing arbitrary kernel memory read/write and privilege escalation to NT AUTHORITY\SYSTEM. The linked explainer also not...

6.2CVSS6.2AI score
Exploits1References1
nvd
nvd
added 2 days ago4 views

CVE-2026-47976

Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00235EPSS
Exploits0References1
cve
cve
added 3 days ago21 views

CVE-2026-9492

CVE-2026-9492 affects Gigabyte Control Center (GCC) MBStorage DRAM lighting control module. The vulnerability resides in the MyPortIO_x64.sys driver, where improper access control allows authenticated local attackers to issue IOCTL commands that can read and write physical memory, leading to kern...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References2
euvd
euvd
added 6 days ago7 views

EUVD-2026-43043

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

6.1AI score0.00092EPSS
Exploits0References1
nvd
nvd
added 6 days ago8 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS0.00116EPSS
Exploits0References1
nvd
nvd
added 6 days ago8 views

CVE-2026-21048

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS0.00379EPSS
Exploits1References1
nvd
nvd
added 6 days ago10 views

CVE-2026-21045

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS0.00379EPSS
Exploits1References1
attackerkb
attackerkb
added 6 days ago9 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS5.9AI score0.00116EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago33 views

CVE-2026-21057

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS0.00116EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago38 views

CVE-2026-21048

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS0.00379EPSS
Exploits1References1
euvd
euvd
added 6 days ago9 views

EUVD-2026-42818

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits1References1
cvelist
cvelist
added 6 days ago30 views

CVE-2026-21045

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS0.00379EPSS
Exploits1References1
attackerkb
attackerkb
added 6 days ago6 views

CVE-2026-21045

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits1References2
osv
osv
added last week2 views

SUSE-SU-2026:2829-1 Security update for libaom

This update for libaom fixes the following issues: - CVE-2026-56208: untrusted encoder configuration inputs can lead to a heap-based buffer overflow and a process crash bsc1268650. - CVE-2026-56209: crafted video frames with specific Y-plane pixel values can lead to an arbitrary memory write...

7.6CVSS6.6AI score0.00414EPSS
Exploits0References9
github
github
added 2026/07/08 9:12 p.m.8 views

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE

Summary Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References5Affected Software1
redhat
redhat
added 2026/07/08 3:22 p.m.3 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References5
euvd
euvd
added 2026/07/08 12:37 a.m.8 views

EUVD-2026-42126

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary userid parameters or...

9.8CVSS6AI score0.00498EPSS
Exploits0References5
cve
cve
added 2026/07/07 10:11 p.m.26 views

CVE-2026-59705

CVE-2026-59705 concerns mem0’s openmemory/api component, where an unauthenticated access flaw allows reading, writing, and deleting arbitrary user memories via API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory ret...

9.8CVSS6AI score0.00498EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.20 views

PT-2026-55277

Name of the Vulnerable Software and Affected Versions mcp-memory-service affected versions not specified Description All HTTP routes under the /api/documents/ endpoint are served without authentication, even when the server is configured with an API key MCP API KEY or OAuth. This allows an...

9.8CVSS6.2AI score
Exploits0References6
Rows per page
Query Builder