Lucene search
K

9227 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-53877

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-53877 Heap buffer over-read in GDALRaster

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS0.00291EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42044

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56196

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description An issue exists where django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object. This can lead to the disclosure of...

7.5CVSS6.2AI score0.62575EPSS
Exploits0References80
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-ENVOY-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 5:40 a.m.3 views

BIT-ENVOY-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...

7.5CVSS5.8AI score0.00448EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 6:2 p.m.34 views

CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS0.00665EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 6:2 p.m.31 views

CVE-2026-47220

The CVE describes a crash in Envoy when using %REQUESTED_SERVER_NAME(X:Y)% in log format with host-related options (e.g., HOST_FIRST, SNI_FIRST) and the specified host header is missing in the request headers. Affected versions are 1.37.0 through 1.37.5 and 1.38.3. The vulnerability arises from t...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:1 p.m.6 views

CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 6:1 p.m.19 views

CVE-2026-47205

CVE-2026-47205 affects Envoy’s ext_authz HTTP filter. From 1.36.0 through 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) occurs when processing per-route authorization overrides concurrently with rapid downstream disconnects. The vulnerable flow creates a transient per-route client and reallo...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/06/26 4:16 p.m.13 views

CVE-2026-21734

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

7.7CVSS0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 3:14 p.m.31 views

CVE-2026-21734 GPU DDK - libusc OOB write at TreeRemove during WebGPU shader compilation

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

0.00118EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 3:14 p.m.7 views

EUVD-2026-39785

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

7.7CVSS5.8AI score0.00118EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:14 p.m.7 views

CVE-2026-21734

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

7.7CVSS5.8AI score0.00118EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52841

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A GPU shader compiler library contains a flaw where loading a web page with unusual GPU shader code can trigger an out-of-bounds write. This occurs during an edg...

7.7CVSS5.8AI score0.00118EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 3:16 p.m.9 views

CVE-2026-57436

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS0.00312EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in libde265

strukturag libde265 commit d9fea9d was discovered to contain a segmentation fault due to the component decodercontext::computeframedroptable...

6.2CVSS5.7AI score0.00159EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fixed regmap maxregister The maxregister field is assigned the size of the register memory region, rather than the offset of the last register. As a result, reading from the regmap via debugfs can cause a...

5.8AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in taglib

TagLib before version 2.0 allows a segmentation violation and causes the application to crash during tag writing when a crafted WAV file is used, in which the id3 chunk is the only valid chunk...

7.1CVSS5.2AI score0.00257EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in PostgresSQL-15

Integer wraparound in several PostgreSQL libpq client library functions allows an application’s input provider or network peer to cause libpq to undersize allocations and write out-of-bounds data, involving hundreds of megabytes. This leads to a segmentation fault in the application that uses...

5.9CVSS6.7AI score0.00332EPSS
Exploits0References3
Rows per page
Query Builder