Lucene search
+L

182 matches found

euvd
euvd
added 3 days ago5 views

EUVD-2026-43563

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score0.00445EPSS
Exploits0References4
attackerkb
attackerkb
added 4 days ago2 views

CVE-2026-62184

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS6.2AI score0.00445EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/07/09 8:33 p.m.9 views

CVE-2026-12590

A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...

5.9CVSS5.9AI score0.0025EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/07/09 8:21 p.m.9 views

CVE-2026-15308

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS5.8AI score0.00553EPSS
Exploits0References10
debiancve
debiancve
added 2026/07/06 1:58 p.m.4 views

CVE-2026-58380

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.8CVSS6.3AI score0.00216EPSS
Exploits1
nessus
nessus
added 2026/07/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-58379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code...

7.3CVSS6.5AI score0.00233EPSS
Exploits0References3
osv
osv
added 2026/07/03 7:24 p.m.2 views

SUSE-SU-2026:2755-1 Security update for xdg-dbus-proxy

This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.9AI score0.00175EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/07/03 8:28 a.m.9 views

CVE-2026-9563

A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...

7.5CVSS6AI score0.00366EPSS
Exploits0References8
nessus
nessus
added 2026/07/02 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-20216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device...

7.5CVSS6.9AI score0.00389EPSS
Exploits0References3
redhat
redhat
added 2026/07/01 6:55 p.m.2 views

js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU ti...

7.5CVSS6.5AI score0.00358EPSS
Exploits1References7
euvd
euvd
added 2026/07/01 4:27 p.m.9 views

EUVD-2026-41081

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References1
redhat
redhat
added 2026/06/30 10:56 p.m.2 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6.4AI score0.00358EPSS
Exploits1References7
debiancve
debiancve
added 2026/06/30 10:38 p.m.5 views

CVE-2026-13977

Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS6AI score0.00171EPSS
Exploits0
nvd
nvd
added 2026/06/10 10:16 p.m.10 views

CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS0.00348EPSS
Exploits0References4
osv
osv
added 2026/06/10 10:16 p.m.8 views

UBUNTU-CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.4AI score0.00348EPSS
Exploits0References6
osv
osv
added 2026/06/10 2:52 p.m.8 views

OPENSUSE-SU-2026:20934-1 Security update for xdg-dbus-proxy

This update for xdg-dbus-proxy fixes the following issue: - CVE-2026-34080: failure in the policy parser can lead to information disclosure bsc1261737...

6.8CVSS5.4AI score0.00175EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/10 9:10 a.m.45 views

CVE-2026-11853

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

0.00269EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.16 views

PT-2026-48397

Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine uses a parser to read Debian source packages .dsc and upload artifacts .changes, which are manifest files listing the components of an artifact. This parser accepts arbitrary paths...

6.5CVSS6AI score0.00269EPSS
Exploits0References12
nessus
nessus
added 2026/06/06 12:0 a.m.14 views

EulerOS Virtualization 2.13.0 : gdb (EulerOS-SA-2026-2164)

According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the componen...

7.8CVSS5.5AI score0.00667EPSS
Exploits6References7
redhatcve
redhatcve
added 2026/06/05 7:33 p.m.8 views

CVE-2026-45676

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section...

5.5CVSS5.4AI score0.00162EPSS
Exploits1References1
Rows per page
Query Builder