Lucene search
K

93 matches found

NVD
NVD
added 8 hours ago4 views

CVE-2026-57254

There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...

7.8CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 10 hours ago4 views

CVE-2026-57254

There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...

7.8CVSS6AI score
Exploits0References2Affected Software2
NVD
NVD
added 2026/06/18 6:16 p.m.12 views

CVE-2026-48985

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusbisloginctllocal can cause a NULL dereference crash when parsing loginctl output. The function calls popen and reads the result; if the Remote field is only a newline, fgets succeeds...

5.5CVSS0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/06/02 9:29 a.m.6 views

SUSE-SU-2026:21981-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...

7.7CVSS6AI score0.00308EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/05/19 4:15 p.m.10 views

dnsmasq: extract_addresses() OOB read via malformed rdlen

A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNS response processing. The extractaddresses function trusts the declared record data length rdlen without verifying that a subsequent call to extractname stays within the record boundary. A crafted DNS response with a mismatche...

7.5CVSS5.8AI score0.00933EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-017587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017587 advisory. The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509...

5.9CVSS6.7AI score0.07471EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 11:12 p.m.9 views

GHSA-G47V-RWMH-R9F8 eml_parser has recursion DoS via nested message/rfc822 attachments

Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...

6.3CVSS6AI score0.00395EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 1:30 a.m.9 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the MakeTable in the decompression routine when bit-length values from a crafted firmware blob exceed the expected range, leading to stack memory corruption in the Count array and related decode tables. An...

8.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/04/05 12:10 a.m.12 views

OSV-2026-535 Security exception in org.htmlunit.cyberneko.HTMLTagBalancer.endElement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499447433 Crash type: Security exception Crash state: org.htmlunit.cyberneko.HTMLTagBalancer.endElement java.base/sun.nio.cs.CESU8.updatePositions java.base/sun.nio.cs.CESU8$Encoder.encodeArrayLoop...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/03 9:45 p.m.3 views

GHSA-8PFC-JJGW-6G26 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

6.9CVSS6.1AI score0.00395EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

RHEL 9 : rhc (RHSA-2026:4901)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4901 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security...

10CVSS7.2AI score0.01945EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.6 views

EulerOS 2.0 SP13 : libxslt (EulerOS-SA-2026-1253)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

Fedora 42 : openssl (2026-9bb4c555f1)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9bb4c555f1 advisory. Don't crash on parsing PKCS12 without MAC Resolves: CVE-2025-11187 Resolves: CVE-2025-15467 Resolves: CVE-2025-69419 Tenable has extracted the...

9.8CVSS7AI score0.47621EPSS
Exploits7References4
NVD
NVD
added 2026/01/30 4:16 p.m.23 views

CVE-2026-25128

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-rang...

7.5CVSS0.00559EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/17 12:23 a.m.2 views

SUSE CVE-2025-68281

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdcacontrol" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdcaparsefunction API. This patch...

6.5AI score0.00158EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/16 3:30 p.m.4 views

EUVD-2025-203739

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdcacontrol" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdcaparsefunction API. This patch...

6AI score0.00158EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 3:15 p.m.3 views

UBUNTU-CVE-2025-68281

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdcacontrol" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdcaparsefunction API. This patch...

5.7AI score0.00158EPSS
Exploits0References11
CVE
CVE
added 2025/12/16 2:48 p.m.19 views

CVE-2025-68281

The CVE-2025-68281 entry concerns the Linux kernel ASoC SDCA component. The root cause is a mismatch in the sdca_control structure where the values field is declared as an integer array but memory was allocated as a char array, causing a crash in the sdca_parse_function API. A patch was applied t...

6.2AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2025/12/14 12:14 a.m.3 views

OSV-2025-983 Dynamic-stack-buffer-overflow in _ox_err_set_with_location

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=468138858 Crash type: Dynamic-stack-buffer-overflow READ 1 Crash state: oxerrsetwithlocation readelement oxparse...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.2 views

Ubuntu 16.04 LTS / 18.04 LTS : Raptor vulnerabilities (USN-7869-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7869-1 advisory. Hanno Bck discovered that Raptor incorrectly handled memory operations when processing certain input files. An attacker could possibly use th...

9.3CVSS6.9AI score0.02143EPSS
Exploits2References4
Rows per page
Query Builder