Lucene search
+L

977 matches found

osv
osv
added 2026/05/14 10:27 a.m.4 views

CVE-2026-8295 Integer overflow in simdjson

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...

6.9CVSS6.1AI score0.00279EPSS
Exploits0References5
osv
osv
added 2026/05/13 9:34 a.m.7 views

OPENSUSE-SU-2026:20747-1 Security update for ImageMagick

This update for ImageMagick fixes the following issue - CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images bsc1259528...

5.7CVSS6AI score0.00093EPSS
Exploits0References2
redhat
redhat
added 2026/05/13 6:48 a.m.9 views

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

7.5CVSS5.8AI score0.00346EPSS
Exploits1References6
redhat
redhat
added 2026/05/13 1:5 a.m.10 views

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

7.5CVSS5.8AI score0.00346EPSS
Exploits1References6
redhat
redhat
added 2026/05/12 11:28 p.m.48 views

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

7.5CVSS5.8AI score0.00346EPSS
Exploits1References6
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.13 views

Microsoft Windows Kernel 安全漏洞

The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities present in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are...

7.8CVSS5.8AI score0.0031EPSS
Exploits0References1
redhat
redhat
added 2026/05/11 11:0 a.m.15 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
redhat
redhat
added 2026/05/11 8:53 a.m.10 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
nessus
nessus
added 2026/05/11 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: redis (UTSA-2026-017631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017631 advisory. Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could b...

8.8CVSS7.3AI score0.047EPSS
Exploits0References4
susecve
susecve
added 2026/05/09 2:43 a.m.15 views

SUSE CVE-2026-37540

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

9.8CVSS5.9AI score0.00253EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/05/08 11:7 a.m.14 views

CVE-2026-37540

A flaw was found in OpenAMP. An integer overflow vulnerability exists in the ELF loader's firmware image parsing, specifically within elfloader.c. This flaw occurs when multiplying two attacker-controlled 16-bit values from the ELF header without proper overflow checking. On 32-bit embedded...

9.8CVSS6AI score0.00253EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.17 views

PT-2026-39066

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where the ceph monmap decode function uses signed int variables for blob len and num mon. Because these variables are intended to hold non-negati...

7.5CVSS7.2AI score0.0049EPSS
Exploits0
nessus
nessus
added 2026/05/07 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadm...

5.5CVSS6.1AI score0.00126EPSS
Exploits0References2
euvd
euvd
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27785

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

5.7AI score0.00126EPSS
Exploits0References4
osv
osv
added 2026/05/06 11:28 a.m.3 views

CVE-2026-43224 io_uring/zcrx: fix sgtable leak on mapping failures

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.12 views

PT-2026-37564

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the io uring/zcrx component. Specifically, when the io populate area dma function fails on a PAGE POOL 32BIT ARCH WITH 64BIT DMA machine, the io zcrx map area...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References5
redhat
redhat
added 2026/05/05 6:16 p.m.6 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
redhat
redhat
added 2026/05/05 10:38 a.m.20 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
redhat
redhat
added 2026/05/05 8:41 a.m.20 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
cve
cve
added 2026/05/01 12:0 a.m.9 views

CVE-2026-42485

CVE-2026-42485 affects AGL agl-service-can-low-level, specifically the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH) via memcpy at an offset of 1+pid_length, caus...

7.5CVSS6AI score0.00314EPSS
Exploits0References2
Rows per page
Query Builder