Lucene search
K

2114 matches found

Vulnrichment
Vulnrichment
added 2026/06/05 4:9 p.m.9 views

CVE-2026-48111 GHSL-2026-121 7-Zip UEFI DEPEX OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

4.3CVSS5.4AI score0.00225EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/06/05 4:9 p.m.6 views

CVE-2026-48111

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

7.1CVSS5.4AI score0.00225EPSS
Exploits1References1
CVE
CVE
added 2026/06/05 4:9 p.m.52 views

CVE-2026-48111

7-Zip versions 9.21–26.00 contain an off-by-one out-of-bounds read in the UEFI DEPEX/PEI DEPEX handling path (ParseDepedencyExpression in UefiHandler.cpp). The code validates an attacker-controlled opcode with > instead of >= against a 10-entry kExpressionCommands array, allowing an opcode ...

7.1CVSS5.4AI score0.00225EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/05 1:24 p.m.13 views

CVE-2026-50234 Lyrion Music Server 9.2.0 Path Traversal File Read

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

8.7CVSS5.6AI score0.0064EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/02 10:51 p.m.12 views

EUVD-2026-34051

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS5.9AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 10:16 p.m.16 views

CVE-2026-0076

In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00079EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 3:16 p.m.12 views

CVE-2026-10267

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attack...

4.8CVSS0.00121EPSS
Exploits0References9
OSV
OSV
added 2026/06/01 12:0 a.m.7 views

PUB-A-485031572

In iavbparsekeydata of avbrsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00069EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.16 views

PUB-A-481300795

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

6.5CVSS6AI score0.00182EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 10:30 p.m.30 views

PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate

Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in mcpserver/adapters/clitools.py: "registers four file-handling tools by default, praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and...

9.6CVSS6AI score0.00619EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/29 2:16 p.m.14 views

CVE-2026-45615

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

8.2CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 1:35 p.m.13 views

OESA-2026-2509 dnsmasq security update

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...

8.8CVSS6.4AI score0.07237EPSS
Exploits4References7
CVE
CVE
added 2026/05/29 10:58 a.m.35 views

CVE-2025-41278

The CVE-2025-41278 entry concerns Nozomi Networks’ Waterfall WF-500 RX Host (version 7.10.0.0 R2601141040). A CWE-125 Out-of-bounds Read vulnerability exists in the RX Host’s handling, enabling code execution on the RX Host by an attacker who has access to the TX Host. The description indicates t...

7.8CVSS6AI score0.0012EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-9953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory v...

6.5CVSS5.4AI score0.00247EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-9895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a...

8.3CVSS5.5AI score0.00214EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 10:25 p.m.8 views

CVE-2026-9908

Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00238EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:14 p.m.9 views

CVE-2026-39929

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

5.8AI score0.01403EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/28 8:17 p.m.15 views

EUVD-2026-33019

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 5:20 p.m.20 views

CVE-2026-24196

NVIDIA GPU Display Driver for Linux contains a vulnerability (CVE-2026-24196) that could allow an out-of-bounds read, potentially leading to denial of service and information disclosure. Affected product: NVIDIA Linux display driver; root cause: out-of-bounds read in the driver. Impact: denial of...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/26 4:30 a.m.44 views

CVE-2026-9530 GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_section out-of-bounds

A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read2004compressedsection of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made...

4.8CVSS0.00143EPSS
Exploits0References7
Rows per page
Query Builder