Lucene search
+L

712 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

Vim < 9.2.0450 Heap Buffer Overflow (GHSA-q4jv-r9gj-6cwv)

The version of Vim installed on the remote host is prior to 9.2.0450. It is, therefore, affected by a vulnerability as referenced in the GHSA-q4jv-r9gj-6cwv advisory. - An integer overflow in the readcompound function within src/spellfile.c produces a heap buffer overflow when processing maliciou...

6.6CVSS6AI score0.00248EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2026/05/14 12:0 a.m.23 views

www/nginx -- Remote Code Execution/DoS

nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...

9.2CVSS6.1AI score0.61469EPSS
Exploits41
OSV
OSV
added 2026/05/13 4:48 p.m.7 views

CLSA-2026-1778690918 exim: Fix of CVE-2026-40686

CVE-2026-40686: out-of-bounds read in the GETUTF8INC macro in src/expand.c when processing malformed UTF-8 in expansion operators with utf8 enabled, potentially disclosing heap data via SMTP rejection messages...

5.3CVSS6AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.50 views

CVE-2026-44288

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

5.3CVSS0.00301EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 2:37 p.m.2 views

CVE-2026-44288 protobufjs: Overlong UTF-8 decoding

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

5.3CVSS5.9AI score0.00301EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 2:37 p.m.29 views

CVE-2026-44288

CVE-2026-44288 affects protobufjs: prior to versions 7.5.6 and 8.0.2, its minimal UTF-8 decoder accepted overlong UTF-8 byte sequences and decoded them to canonical characters instead of replacing them. If an attacker supplies protobuf binary data decoded through that path, downstream checks that...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/13 8:5 a.m.13 views

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

...

7.5CVSS5.8AI score0.00629EPSS
Exploits0
Snyk
Snyk
added 2026/05/12 3:0 p.m.12 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious sequences that decode to canonical characters. This is only...

6.9CVSS5.8AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 3:0 p.m.9 views

Improper Handling of Unicode Encoding

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious...

6.9CVSS5.9AI score0.00301EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.8 views

node-ral (=0.17.0), protobufjs (=6.1.0) +1 more potentially affected by CVE-2026-44288 via @protobufjs/utf8 (>=1.0.1 <=1.1.0)

@protobufjs/utf8 NPM version =1.0.1, =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @protobufjs/utf8 and may be impacted: - node-ral =0.17.0 - protobufjs =6.1.0 - protobufjs-mod =6.8.2 Source cves: CVE-2026-44288 Source advisory:...

5.3CVSS5.8AI score0.00301EPSS
Exploits0
Patchstack
Patchstack
added 2026/05/12 3:0 p.m.10 views

NPM: protobufjs has overlong UTF-8 decoding

NPM: protobufjs has overlong UTF-8 decoding vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:0 p.m.25 views

protobufjs has overlong UTF-8 decoding

Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40534

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths that accepts overlong UTF-8 byte sequences—sequences that use more bytes...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/11 2:17 p.m.14 views

SUSE CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

8.2CVSS5.8AI score0.00629EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.11 views

SUSE CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

6.6CVSS5.9AI score0.00248EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: screen (UTSA-2026-017641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017641 advisory. encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and application crash or possibly have unspecified...

9.8CVSS5.9AI score0.09147EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-8177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name...

7.5CVSS6.1AI score0.00629EPSS
Exploits0References4
OSV
OSV
added 2026/05/10 9:16 p.m.5 views

DEBIAN-CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

7.5CVSS5.8AI score0.00629EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/10 8:48 p.m.9 views

CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

5.8AI score0.00629EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/10 8:48 p.m.11 views

CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

7.5CVSS5.8AI score0.00629EPSS
Exploits0
Rows per page
Query Builder