Lucene search
+L

475 matches found

NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.9CVSS6AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.9CVSS6AI score0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.39 views

CVE-2026-44042 UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS0.00388EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 4:1 p.m.4 views

CVE-2026-49451 Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause proce...

7.5CVSS5.9AI score0.00695EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Clamp XDomain response data copy to allocation size tbxdppropertiesrequest derives the per-packet copy length from the response header without...

7.8CVSS6AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 8:24 p.m.4 views

JLSEC-2026-644 When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run...

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...

6.9CVSS6.5AI score0.0016EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 8:17 p.m.8 views

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:35 p.m.8 views

EUVD-2026-38389

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52279

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Multipath TCP MPTCP implementation where the window field in the TCP header refers to the MPTCP-level rcv nxt. Because the TCP stack independently prevents the...

8.7CVSS6AI score0.00506EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.13 views

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3373 (ALAS-2026-3373)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3373 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References14
Redos
Redos
added 2026/06/11 12:0 a.m.8 views

ROS-20260611-73-0004

The vulnerability of the RDP client FreeRDP is related to the escape of operations beyond the buffer in memory, due to incorrect encoding based on the Base64 standard. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

9.1CVSS5.8AI score0.00599EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/06/10 9:55 p.m.12 views

CVE-2026-48734

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

5.5CVSS5.4AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Kanidm 安全漏洞

Kanidm is a simple and secure identity management platform developed by Kanidm itself. Versions of Kanidm prior to 1.9.3 contained security vulnerabilities. These vulnerabilities were caused by the recursive descent PEG parser in SCIM endpoints, which led to a stack overflow when processing neste...

8.7CVSS5.5AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-49 and 7.1.2-24 contained security vulnerabilities. These vulnerabilities were due ...

5.5CVSS5.3AI score0.00107EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2026-2255)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c.CVE-2025-69720...

9.8CVSS6AI score0.00414EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2026/06/03 2:11 p.m.10 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00704EPSS
Exploits0References26
Vulnrichment
Vulnrichment
added 2026/06/02 10:31 p.m.10 views

CVE-2026-10719 Open Seachest/Seachest NVMe show Format Descriptors Vulnerability

Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:25 p.m.12 views

CVE-2026-45681 OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.8AI score0.00287EPSS
Exploits1References2
Rows per page
Query Builder