Lucene search
K

189 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5899

Name of the Vulnerable Software and Affected Versions Apple Vision Pro affected versions not specified Description The issue appears to be a security flaw in vision-related technology, potentially affecting Apple Vision Pro. While no public jailbreak currently exists for iOS 26.0 as of February...

5.4AI score0.00136EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/02 10:47 a.m.4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the HandleCreateSmPolicyRequest in smpolicy.go. This allows attackers to trigger an unhandled panic when invoking the openapi API. Remediation Upgrade github.com/free5gc/pcf/internal/sbi/processor to version...

8.7CVSS6.1AI score0.00697EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/02 10:47 a.m.6 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in regexec.c, which allows an attacker to read arbitrary heap memory, including pointers and sensitive strings. Remediation A fix was pushed into the master branch but not yet published. References - Debian Security...

6.9CVSS8.5AI score0.00629EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/30 7:51 a.m.9 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the doContent function in xmlparse.c. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers an integer overflow. Remediation...

7.8CVSS6AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/27 9:30 a.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the PNGImageEncoder process. An attacker can execute arbitrary code by supplying crafted input that is improperly handled during image encoding. Remediation A fix was pushed into the master branch but not ye...

5.4CVSS6.2AI score0.00401EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/27 12:0 a.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the gbase64encodeclose function. An attacker can cause memory corruption or application crashes by providing excessively large or untrusted input data. Remediation A fix was pushed into the master branch but not...

8.1CVSS5.9AI score0.00304EPSS
Exploits1References4
Snyk
Snyk
added 2026/01/21 4:13 p.m.4 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the SM2 signature verification process. An attacker can bypass signature validation by forging signatures for arbitrary public keys. Remediatio...

8.7CVSS6AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/20 9:26 p.m.2 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the wsgiref.headers.Headers. An attacker can manipulate HTTP responses by injecting arbitrary headers through user-controlled input containing newline characters. Remediation A fix was pushed into the master...

6.5CVSS6AI score0.00463EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/20 12:48 a.m.3 views

Release of Invalid Pointer or Reference

Overview Affected versions of this package are vulnerable to Release of Invalid Pointer or Reference via the BilateralBlurImage function. An attacker can cause application instability or crashes by providing a specially crafted image that triggers the release of an invalid pointer when memory...

9.8CVSS5.6AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/15 12:0 a.m.2 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the xmlCatalogXMLResolveURI function when processing XML catalogs containing self-referencing delegate URI entries. An attacker can cause affected applications to crash by supplying a specially crafted XML...

8.2CVSS5.8AI score0.00755EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/10 12:40 p.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the Parser::parsebinary function. An attacker can cause a denial of service by triggering a null pointer dereference through local access. Remediation A fix was pushed into the master branch but not yet...

5.5CVSS6.4AI score0.00242EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/08 10:45 a.m.3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via CURLSSHAUTHAGENT flag for public key authentication. An attacker can gain unauthorized access by leveraging a locally running SSH agent to bypass the intended key passphrase requirement. Note: This issue...

4.7CVSS5.8AI score0.00413EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/31 1:44 a.m.2 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via the pcapetheraton function. An attacker can cause unintended reads and writes outside the bounds of allocated memory by providing a specially crafted input string. Remediation Upgrade libpcap to version 1.10.6 or...

3.3CVSS5.8AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/28 10:45 p.m.3 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgpipelinedescdefaults function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...

7.8CVSS7.9AI score0.00192EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/27 5:39 p.m.3 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the config.yml file. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded cryptographic key. Remediation A fix was pushed into the master...

6.9CVSS6.5AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/18 7:45 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...

7.5CVSS5.6AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/14 10:39 p.m.5 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ParseMustBeSegmentNzNc function when processing large input containing many commas. An attacker can cause excessive stack consumption and application crash by supplying specially crafted input. Remediation...

4CVSS5.3AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 10:7 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the parsing process of DICOM files containing encapsulated PixelData fragments. An attacker can cause a segmentation fault and an application crash by supplying a crafted malicious DICOM file. Remediation Upgrade...

6.8CVSS6.7AI score0.00119EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/11 5:44 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to LLVM optimizations that may transform constant-time implementations into non-constant-time code. An attacker can obtain sensitive information by exploiting timing discrepancies through side-channel analysis...

3.7CVSS5.8AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/25 11:8 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the preservelocalforblock function, when handling a sequence where a GETGLOBALI32 opcode is followed by an if opcode in fast interpreter mode. An attacker can cause out-of-bounds access to the frameoffsetbottom arr...

7.4CVSS6.6AI score0.00284EPSS
Exploits1References2
Rows per page
Query Builder