Lucene search
K

2114 matches found

CVE
CVE
added 2026/05/12 3:14 p.m.144 views

CVE-2026-41284

CVE-2026-41284 describes an unbounded read vulnerability in WebDAV LOCK and PROPFIND handling in Apache Tomcat. Affected ranges include Tomcat 11.0.0-M1–11.0.21, 10.1.0-M1–10.1.54, and 9.0.0.M1–9.0.117 (older, unsupported versions may also be affected). The issue is triggered by a resource alloca...

7.5CVSS5.7AI score0.0078EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 8:49 p.m.8 views

CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/11 7:5 p.m.16 views

CVE-2026-33857

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 4:47 p.m.39 views

CVE-2026-4891 CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

0.06226EPSS
Exploits0References6
OSV
OSV
added 2026/05/09 12:33 p.m.12 views

OESA-2026-2255 libvncserver security update

libvncserver is a set of programs using the RFB Remote Frame Buffer protocol. They are designed to "export" a frame buffer via net: you set up a server and can connect to it via VNC viewers. If the server supports WebSockets which LibVNCServer does, you can also connect using an in-browser VNC...

8.1CVSS5.9AI score0.05322EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.7 views

CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

5.5CVSS5.4AI score0.00246EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/06 9:31 p.m.10 views

EUVD-2026-28166

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

7.1CVSS5.8AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 9:31 p.m.8 views

EUVD-2026-27975

Object lifecycle issue in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 8:16 p.m.7 views

CVE-2026-43577

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

7.1CVSS0.00253EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 6:18 p.m.5 views

SUSE-SU-2026:21581-1 Security update for libtpms

This update for libtpms fixes the following issues: - CVE-2025-49133: Fixed potential out of bounds OOB read vulnerability bsc1244528. - CVE-2026-21444: Fixed remote data confidentiality compromise via incorrect Initialization Vector IV handling bsc1260439...

5.9CVSS7.1AI score0.00135EPSS
Exploits1References5
OSV
OSV
added 2026/05/06 6:18 p.m.8 views

SUSE-SU-2026:21571-1 Security update for libtpms

This update for libtpms fixes the following issues: - CVE-2025-49133: Fixed potential out of bounds OOB read vulnerability bsc1244528. - CVE-2026-21444: Fixed remote data confidentiality compromise via incorrect Initialization Vector IV handling bsc1260439...

5.9CVSS7.1AI score0.00135EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38021

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux parse svq3 stsd data function within qtdemux.c. In the FOURCC SMI case, seqh size is read from the input file without proper validation. If seqh size is greater than the...

7.5CVSS6.6AI score0.01134EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37819

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst wavparse smpl chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer...

9.1CVSS6.7AI score0.01161EPSS
Exploits0References6
OSV
OSV
added 2026/05/05 8:39 a.m.7 views

BIT-APACHE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

WordPress plugin Forminator 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00773EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 6:30 p.m.8 views

GHSA-WMVJ-F67G-QG4G GoBGP has an out-of-bounds read in the ParseIP6Extended function

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/04 4:29 p.m.12 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the FBXConverter::ConvertMeshMultiMaterial process. An attacker can cause the application to crash or become unresponsive by submitting specially crafted input files. Remediation There is no fixed version for...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/05/03 9:58 a.m.15 views

OESA-2026-2196 python-nbconvert security update

The nbconvert tool, jupyter nbconvert, converts notebooks to various other formats via Jinja templates. The nbconvert tool allows you to convert an .ipynb notebook file into various static formats including HTML, LaTeX, PDF, Reveal JS, Markdown md, ReStructured Text rst and executable script...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-42477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers...

7.1CVSS6.2AI score0.00104EPSS
Exploits0References3
OSV
OSV
added 2026/05/01 4:16 p.m.8 views

DEBIAN-CVE-2026-42480

A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...

5.5CVSS5.9AI score0.00098EPSS
Exploits0References1
Rows per page
Query Builder