Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

32 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:9 a.m.1 views

CVE-2026-22190

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...

7.5CVSS5.7AI score0.00062EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:9 a.m.2 views

CVE-2026-22189

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...

9.8CVSS6.4AI score0.00165EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:9 a.m.3 views

CVE-2026-22188

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

6.9CVSS5.7AI score0.0004EPSS
Exploits1References1
NVD
NVDadded 2026/01/07 9:16 p.m.1 views

CVE-2026-22190

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...

7.5CVSS0.00062EPSS
Exploits1References4
NVD
NVDadded 2026/01/07 9:16 p.m.2 views

CVE-2026-22189

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...

9.8CVSS0.00165EPSS
Exploits1References4
OSV
OSVadded 2026/01/07 9:16 p.m.1 views

CVE-2026-22189

Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a fixed-size stack buff...

9.8CVSS8AI score
Exploits0References4
OSV
OSVadded 2026/01/07 9:16 p.m.1 views

CVE-2026-22190

Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format specifiers,...

7.5CVSS6.5AI score
Exploits0References4
NVD
NVDadded 2026/01/07 9:16 p.m.1 views

CVE-2026-22188

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

6.9CVSS0.0004EPSS
Exploits1References4
OSV
OSVadded 2026/01/07 9:16 p.m.2 views

CVE-2026-22188

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation. Supplying a larg...

5.5CVSS6.5AI score
Exploits0References4
Snyk
Snykadded 2026/01/07 8:47 p.m.2 views

Use of Uninitialized Variable

Overview Panda3D is a Panda3D is a framework for 3D rendering and game development for Python and C++ programs. Affected versions of this package are vulnerable to Use of Uninitialized Variable via the deploy-stub process. An attacker can cause the application to crash or exhibit undefined behavi...

6.9CVSS6.8AI score0.0004EPSS
Exploits1References2
Snyk
Snykadded 2026/01/07 8:47 p.m.1 views

Use of Externally-Controlled Format String

Overview Panda3D is a Panda3D is a framework for 3D rendering and game development for Python and C++ programs. Affected versions of this package are vulnerable to Use of Externally-Controlled Format String via the egg-mkfont component. An attacker can access sensitive stack-resident memory and...

7.5CVSS6.8AI score0.00062EPSS
Exploits1References2
vulnersOsv
vulnersOsvadded 2026/01/07 8:47 p.m.2 views

adopt-a-doodle (>=0.0.1 <=0.0.3), bark-simulator (>=0.0.1 <=0.1.0) +105 more potentially affected by CVE-2026-22190 via panda3d (>=1.10.10 <=1.10.9)

panda3d PYPI version =1.10.10, =0.0.1, =0.0.1, =0.0.2, =0.1.0, =0.1.1, =0.0.3, =0.1.0, =21.2.0, =22.4.0, =20.12.0, =1.0.0, =0.0.1, =1.0.6, =0.0.2, =0.8.5, =0.8.10 and more Source cves: CVE-2026-22190 Source advisory: SNYK:PYTHON-PANDA3D-14931131...

7.5CVSS5.8AI score0.00062EPSS
Exploits1
Snyk
Snykadded 2026/01/07 8:47 p.m.1 views

Stack-based Buffer Overflow

Overview Panda3D is a Panda3D is a framework for 3D rendering and game development for Python and C++ programs. Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the egg-mkfont process. An attacker can cause memory corruption or execute arbitrary code by supplyin...

9.8CVSS8AI score0.00165EPSS
Exploits1References2
vulnersOsv
vulnersOsvadded 2026/01/07 8:47 p.m.2 views

adopt-a-doodle (>=0.0.1 <=0.0.3), bark-simulator (>=0.0.1 <=0.1.0) +105 more potentially affected by CVE-2026-22189 via panda3d (>=1.10.10 <=1.10.9)

panda3d PYPI version =1.10.10, =0.0.1, =0.0.1, =0.0.2, =0.1.0, =0.1.1, =0.0.3, =0.1.0, =21.2.0, =22.4.0, =20.12.0, =1.0.0, =0.0.1, =1.0.6, =0.0.2, =0.8.5, =0.8.10 and more Source cves: CVE-2026-22189 Source advisory: SNYK:PYTHON-PANDA3D-14931108...

9.8CVSS5.8AI score0.00165EPSS
Exploits1
Cvelist
Cvelistadded 2026/01/07 8:26 p.m.21 views

CVE-2026-22188 Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

6.9CVSS0.0004EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/01/07 8:26 p.m.3 views

CVE-2026-22188

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

6.9CVSS5.7AI score0.0004EPSS
Exploits1References5
CVE
CVEadded 2026/01/07 8:26 p.m.5 views

CVE-2026-22188

Panda3D up to version 1.10.16 is affected by a DoS due to unbounded stack allocation in the deploy-stub. The deploy-stub allocates argv_copy and argv_copy2 with alloca() based on attacker-controlled argc without validation, which can exhaust stack space and crash the process during Python interpr...

6.9CVSS5.7AI score0.0004EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/07 8:26 p.m.2 views

CVE-2026-22188 Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

6.9CVSS5.7AI score0.0004EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/01/07 8:25 p.m.23 views

CVE-2026-22190 Panda3D <= 1.10.16 egg-mkfont Format String Information Disclosure

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...

5.1CVSS0.00062EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/01/07 8:25 p.m.2 views

CVE-2026-22190

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...

7.5CVSS5.7AI score0.00062EPSS
Exploits1References5
Rows per page
Query Builder