Lucene search
K

1761 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Raptor2

A malformed input file can lead to a segfault due to an out of bounds array access in raptorxmlwriterstartelementcommon...

6.5CVSS6.4AI score0.02143EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Nasm

In Netwide Assembler NASM 2.15rc10, the SEGV condition can be triggered in toktext within asm/preproc.c by accessing the READ memory...

5.5CVSS5.6AI score0.00741EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-43312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe,...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 7:16 p.m.30 views

CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS0.00301EPSS
Exploits1References1
CVE
CVE
added 2026/05/19 7:3 p.m.30 views

CVE-2026-32738

libheif (versions

6.5CVSS5.7AI score0.00301EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/16 12:5 p.m.5 views

CLSA-2026-1778933151 Fix CVE(s): CVE-2025-11082, CVE-2025-5244, CVE-2025-5245

SECURITY UPDATE: memory corruption in ld via fuzzed object - debian/patches/CVE-2025-5244.patch: check for empty groups in elfgcsweep to prevent NULL pointer dereference - CVE-2025-5244 SECURITY UPDATE: SEGV in objdump function debugtypesamep - debian/patches/CVE-2025-5245.patch: handle NULL...

7.8CVSS6.2AI score0.00235EPSS
Exploits3References1
AlpineLinux
AlpineLinux
added 2026/05/14 7:8 p.m.17 views

CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 6:16 p.m.23 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS0.00154EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/11 5:24 p.m.44 views

CVE-2026-43896 jq: Stack Overflow in Recursive Object Merge

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS0.00154EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/11 5:24 p.m.13 views

EUVD-2026-29174

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:24 p.m.10 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/11 5:24 p.m.30 views

CVE-2026-43896

CVE-2026-43896 (jq) : In jq versions 1.8.1 and earlier, unbounded recursion in the function jv_object_merge_recursive() can cause a crafted jq program to crash the process with a segfault when using the object operator (*) on two objects. Affected component is the jq JSON processor; the vulnerabi...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/11 5:24 p.m.11 views

CVE-2026-43896

jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/11 12:0 p.m.14 views

CVE-2026-5172

A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...

7.3CVSS6AI score0.00933EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 12:0 p.m.7 views

UBUNTU-CVE-2026-5172

A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...

7.5CVSS6AI score0.00933EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-43896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a...

6.2CVSS6AI score0.00154EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/05/10 3:42 a.m.15 views

CVE-2026-7568

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00455EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017386)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017386 advisory. DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemuxinflate function which causes a segfault, or could...

7.8CVSS5.9AI score0.00437EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.14 views

EUVD-2026-28582

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe, which currently happens after initcontrols. This can result in a...

5.8AI score0.00123EPSS
Exploits0References8
NVD
NVD
added 2026/05/08 2:16 p.m.11 views

CVE-2026-43312

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647initcontrols we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit in the probe, which currently happens after initcontrols. This can result in a...

5.5CVSS0.00123EPSS
Exploits0References7
Rows per page
Query Builder