Lucene search
+L

1543 matches found

ptsecurity
ptsecurity
added 3 days ago5 views

PT-2026-57886

Name of the Vulnerable Software and Affected Versions luci-app-banip versions 0 through 0.11.1 Description A log parsing flaw exists where the awk-based parser extracts the first IPv4 address from log lines regardless of its field position. This allows an unauthenticated remote attacker to inject...

8.7CVSS6.2AI score0.00445EPSS
Exploits0References5
euvd
euvd
added 6 days ago9 views

EUVD-2026-42818

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits1References1
osv
osv
added 2026/07/06 6:28 a.m.4 views

OESA-2026-2859 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/01 4:27 p.m.6 views

CVE-2026-20214

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG...

7.5CVSS6AI score0.00463EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/07/01 12:16 a.m.4 views

DEBIAN-CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References1
nvd
nvd
added 2026/06/30 5:16 p.m.9 views

CVE-2026-49451

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause proce...

7.5CVSS0.00695EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 4:1 p.m.33 views

CVE-2026-49451 Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause proce...

7.5CVSS0.00695EPSS
Exploits0References1
osv
osv
added 2026/06/26 4:51 p.m.5 views

CVE-2026-33646 mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS6.2AI score0.00685EPSS
Exploits0References3
euvd
euvd
added 2026/06/25 1:32 p.m.8 views

EUVD-2026-39396

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
osv
osv
added 2026/06/23 10:2 p.m.5 views

PSF-2026-31

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
osv
osv
added 2026/06/23 6:18 p.m.4 views

UBUNTU-CVE-2026-57062

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

2.9CVSS5.8AI score0.0011EPSS
Exploits0References3
nessus
nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-111 (ALASNITRO-ENCLAVES-2026-111)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-111 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-256...

9.6CVSS7AI score0.00478EPSS
Exploits0References14
nessus
nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-130 (ALASDOCKER-2026-130)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-130 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsi...

9.6CVSS7AI score0.00478EPSS
Exploits0References14
osv
osv
added 2026/06/21 5:16 p.m.5 views

UBUNTU-CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS5.8AI score0.00105EPSS
Exploits0References3
ubuntu
ubuntu
added 2026/06/09 4:29 p.m.12 views

USN-8409-1: uriparser vulnerability

It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly use this issue to cause uriparser to crash, resulting in a denial of service...

2.9CVSS5.5AI score0.00122EPSS
Exploits0
snyk
snyk
added 2026/06/09 12:0 a.m.7 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improperly configured XML parsing in the PrettyPrintingContentModifier and XmlContentHandler classes, in PrettyPrintingContentModifier.java and payload/XmlContentHandler.java. When the...

6CVSS5.7AI score0.00223EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2026/06/08 12:0 a.m.4 views

The vulnerabilities of the functions ParseAddress(), ParseAddressList(), and ParseDate() in the Go programming language allow a hacker to cause a service failure.

The vulnerability of the ParseAddress, ParseAddressList, and ParseDate functions in the Go programming language is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS5.8AI score0.00784EPSS
Exploits0References6Affected Software2
nessus
nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1771)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1771 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References16
osv
osv
added 2026/06/05 3:18 p.m.9 views

JLSEC-2026-574

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.2AI score0.00302EPSS
Exploits1References2
osv
osv
added 2026/06/05 12:16 p.m.9 views

SUSE-SU-2026:2285-1 Security update for yq

This update for yq fixes the following issues: - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267053. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels...

9.6CVSS5.6AI score0.00478EPSS
Exploits0References9
Rows per page
Query Builder