Lucene search
+L

615 matches found

RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References2
Rockylinux
Rockylinux
added 3 days ago5 views

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

8.7CVSS6.1AI score0.00553EPSS
Exploits0
OSV
OSV
added 4 days ago4 views

JLSEC-2026-707 Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a...

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...

9.8CVSS6.2AI score0.00471EPSS
Exploits1References6
OSV
OSV
added 4 days ago5 views

GHSA-Q3FV-X8VG-QQM4 Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser

Summary When Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to gigabytes, causing the Trivy process to b...

8.7CVSS6.1AI score0.0025EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-62184 luci-app-banip Log Monitor IP Extraction Bypass

luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP...

8.7CVSS0.00445EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/10 3:35 a.m.5 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:21 a.m.7 views

CVE-2026-12590

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS6AI score0.0025EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-55931

Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in read rgb 16 rle. read rgb 16 rle guards each literal run with if count data left, but count is a pixel count while every 16-bit sample consumes two bytes. T...

7.1CVSS6AI score0.00136EPSS
Exploits0References5
OSV
OSV
added 2026/07/03 6:29 p.m.4 views

CVE-2026-58379 Gimp: gimp: heap buffer overflow in read_channel_data()

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.7AI score0.00233EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap...

2.1CVSS6.1AI score0.00117EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-20217

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in...

7.5CVSS0.00389EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:28 p.m.8 views

EUVD-2026-41083

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...

7.5CVSS6AI score0.00389EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/07/01 4:27 p.m.6 views

CVE-2026-20216

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...

7.5CVSS7.1AI score0.00389EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40745

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 6:47 p.m.5 views

GHSA-4W5W-4FHM-Q483 Open Babel has NULL pointer dereference in MOL2 OBAtom::SetFormalCharge

Summary A memory-safety vulnerability in Open Babel's MOL2 file format parser caused a NULL pointer dereference when reading a crafted input file. Details The flaw was in OBAtom::SetFormalCharge as called from the MOL2 parser. A malformed atom record caused the parser to call the method on a NULL...

5.5CVSS6.1AI score0.007EPSS
Exploits1References10
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-564 OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References8
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:9 a.m.9 views

radvdump's Route Information Option Parser has a Stack Buffer Overflow

...

8.8CVSS5.8AI score0.00203EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/24 5:45 p.m.6 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS6AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 11:54 p.m.48 views

CVE-2026-10651 Out-of-bounds read in Bluetooth Classic SDP attribute parsing (`bt_sdp_parse_attribute`)

btsdpparseattribute in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marker byte plus the 2-byte attribute ID a check of buf-len data0 before its only bounds guard an ASSERTNOMSG that compiles out when CONFIGASSERT is disabled, the production default,...

7.1CVSS0.00183EPSS
Exploits1References2
OSV
OSV
added 2026/06/22 4:37 p.m.4 views

CVE-2026-54277 AIOHTTP: C HTTP Parser Bypasses max_line_size for Fragmented Lines

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References4
Rows per page
Query Builder