Lucene search
K

10150 matches found

CVE
CVE
added yesterday7 views

CVE-2026-57433

CVE-2026-57433 affects Storable versions before 3.41 for Perl. A crafted SX_HOOK record can trigger a signed 32-bit overflow during deserialization: retrieve_hook_common reads a 32-bit count, adds one, and counting up to I32_MAX wraps to a negative value; this causes av_extend to receive a negati...

6.2AI score
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-54063

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.00575EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-54063 Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.00575EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42937

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score0.00524EPSS
Exploits0References4
CVE
CVE
added 4 days ago15 views

CVE-2026-59162

The CVE concerns the Go-based Excelize library (v2.x) where, prior to 2.11.0, shared-string cell values could be indexed with -1, causing a panic in GetCellValue and GetRows. The issue stems from parsing shared-strings with strconv.Atoi and only an upper bound check before indexing the sharedStri...

6.9CVSS6.1AI score0.00524EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago27 views

CVE-2026-59162 Excelize: Negative shared-string index causes panic in GetCellValue and GetRows

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS0.00524EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago4 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS6AI score0.00394EPSS
Exploits0References8
OSV
OSV
added last week7 views

GO-2026-5764 DoS due to Panic in AWS SDK for Go v2 SDK EventStream Decoder in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream

DoS due to Panic in AWS SDK for Go v2 SDK EventStream Decoder in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream...

5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added last week8 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
OSV
OSV
added 2026/07/03 11:17 a.m.3 views

OPENSUSE-SU-2026:21230-1 Security update for keybase-client

This update for keybase-client fixes the following issues: Changes in keybase-client: - CVE-2026-46604: TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset bsc1269600 - Update to version 6.6.3 Various bug fixes...

7.5CVSS6AI score0.00346EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 8:26 p.m.2 views

GHSA-63WG-WJJJ-7CP8 Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node listens on the default :: address on a Linux host the standard deployment configuration — net.ipv6.bindv6only=0 is the default on all common Linux distributions. 3. Your node is synced near the chain tip...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/07/02 7:37 p.m.4 views

GHSA-C8W6-X74F-VMG3 zebrad vulnerable to full node denial of service via crafted Sapling receiver in z_listunifiedreceivers

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your zebrad.toml sets rpc.listenaddr to a TCP address RPC server is enabled. 3. An attacker can authenticate to the RPC endpoint. With the default enablecookieauth = true, this requires the attacker to read the...

6.5CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/07/02 7:28 p.m.6 views

GHSA-QV2R-V3MX-F4PF zebrad has full node denial of service via non-ASCII LongPollId in getblocktemplate

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your zebrad.toml sets rpc.listenaddr to a TCP address RPC server is enabled. 3. An attacker can authenticate to the RPC endpoint. With the default enablecookieauth = true, this requires the attacker to read the...

6.5CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/02 10:12 a.m.16 views

CVE-2026-44740

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

7.5CVSS6AI score0.00295EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-20243

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ...

7.5CVSS7AI score0.00389EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 8:17 p.m.6 views

CVE-2026-54908

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 7:34 p.m.33 views

CVE-2026-54908 Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS0.0032EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 7:34 p.m.20 views

CVE-2026-54908

CVE-2026-54908 affects the Pion DTLS Go implementation. Versions prior to 3.1.4 are vulnerable to a remote Denial of Service caused by a panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue has been fixed in 3.1.4. No exploitation details are provided in the documents.

6.3CVSS5.8AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 5:16 p.m.7 views

CVE-2026-58369

Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...

6.9CVSS0.00362EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 2:28 p.m.8 views

CVE-2026-53432

A flaw was found in fzf. An integer overflow vulnerability exists in the FuzzyMatchV2 function when processing exceptionally long input lines and patterns. This can lead to the application terminating unexpectedly with a non-recoverable panic, resulting in a Denial of Service DoS. A local user...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References6
Rows per page
Query Builder