Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 4 days ago9 views

CVE-2026-56373

A flaw was found in ImageMagick. This use-after-free vulnerability CWE-416 exists within the PDB Program Database decoder. A remote attacker could exploit this by tricking a user into processing a specially crafted malicious PDB file. This could lead to a denial of service DoS due to application...

6.3CVSS6.1AI score0.0023EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 4:20 p.m.11 views

MGASA-2026-0198 Updated radare2 packages fix security vulnerability

CVE-2026-40499, Command Injection via PDB Parser printgvars...

8.4CVSS5.3AI score0.01184EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/04/22 9:44 p.m.3 views

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.1AI score0.01051EPSS
Exploits1References4
OSV
OSV
added 2026/04/22 9:44 p.m.3 views

CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.3AI score0.01051EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/04/15 11:25 p.m.13 views

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

7.8CVSS6.1AI score0.01184EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/15 5:43 a.m.4 views

CVE-2026-40499

A flaw was found in radare2, specifically within the PDB parser's printgvars function. A remote attacker could exploit this vulnerability by crafting a malicious PDB Program Database file. By embedding a newline byte in the PE Portable Executable section header name field, the attacker can inject...

8.4CVSS6AI score0.01184EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/15 2:5 a.m.7 views

EUVD-2026-22826

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.1AI score0.01184EPSS
Exploits1References6
OSV
OSV
added 2026/04/15 2:5 a.m.2 views

CVE-2026-40499 radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.2AI score0.01184EPSS
Exploits1References6
Snyk
Snyk
added 2026/02/25 7:12 p.m.7 views

Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.3CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/02/25 7:12 p.m.5 views

Use After Free

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.3CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/02/25 7:12 p.m.6 views

Use After Free

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.3CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-32315

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00618EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/03 3:36 p.m.15 views

CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

7.1CVSS0.00618EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/03 3:36 p.m.5 views

CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

7.1CVSS6.5AI score0.00618EPSS
Exploits0References4
Snyk
Snyk
added 2023/09/12 8:51 p.m.4 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file, when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
Snyk
Snyk
added 2023/09/12 8:51 p.m.5 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file, when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.2...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
Snyk
Snyk
added 2023/09/12 8:5 p.m.4 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
Snyk
Snyk
added 2023/09/12 8:5 p.m.3 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.22...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.17 views

PT-2023-5059 · Microsoft +1 · Visual Studio +2

Name of the Vulnerable Software and Affected Versions: Visual Studio affected versions not specified Description: The issue is related to insufficient input validation in Visual Studio, which can be exploited to execute arbitrary code. This can allow an attacker to run malicious code on the syste...

9.8CVSS7AI score0.99999EPSS
Exploits19References160
OSV
OSV
added 2018/04/12 1:29 a.m.3 views

CVE-2018-1037

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database PDB files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio...

4.3CVSS5.8AI score0.05881EPSS
Exploits0References3
Rows per page
Query Builder