Lucene search
K

864 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-56877

The SCORM lab launch endpoint in Skillable scorm.skillable.com through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consum...

6.3CVSS0.0041EPSS
Exploits0References4
OSV
OSV
added 5 days ago2 views

CVE-2026-55781 NanaZip: Unbounded memory allocation (DoS) in NanaZip UFS parser via unvalidated fs_bsize/fs_fsize superblock fields

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fsfsize fragment size, allowin...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 1:16 p.m.2 views

DEBIAN-CVE-2026-14454

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 1:16 p.m.9 views

CVE-2026-14454

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS0.00394EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 11:34 a.m.6 views

BIT-PILLOW-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/07/07 9:48 p.m.8 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
Cvelist
Cvelist
added 2026/07/06 8:9 p.m.36 views

CVE-2026-21379 Buffer Over-read in Windows Compute

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value...

7.8CVSS0.0007EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:50 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/29 12:26 p.m.6 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-335 ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006...

9.8CVSS6.6AI score0.00593EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/26 9:1 p.m.12 views

Scriban: array * int (ScriptArray<T>.TryEvaluate) bypasses LoopLimit — incomplete fix for GHSA-c875-h985-hvrc, missed sibling of GHSA-24c8-4792-22hx

Summary The array multiplication operator array integer in Scriban allocates a result whose size is the product of the attacker-controlled integer and the array length, with no LoopLimit / LimitToString check and no overflow-safe arithmetic. A 40-byte template forces a multi-gigabyte allocation,...

5.8AI score
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/25 9:26 p.m.8 views

CVE-2026-52973

A flaw was found in the Linux kernel's futex subsystem. The needfutexhashallocatedefault function incorrectly relies on CLONETHREAD semantics, which can lead to non-concurrency issues when memory allocations mm-futexref pcpu allocations are shared across CLONEVM clones, excluding vfork. This can...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 7:36 p.m.11 views

EUVD-2026-38385

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53037

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix deadlock in hidpostreset You can build a USB device that includes a HID component and a storage or UAS component. The components can be reset only together. That means that hidprereset and hidpostreset are in the...

5.5CVSS0.00176EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.10 views

CVE-2026-52959

In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request SVMVMGEXITEXTGUESTREQUEST, getextreport allocates a buffer to retrieve a certificate blob from the host, keeping track ...

7.8CVSS0.00093EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53065

CVE-2026-53065 affects the Linux kernel ASoC: sti driver. The issue is that regmap_field objects allocated at player init were never freed, potentially leaking resources when the driver is removed. The remediation is to switch to devm_regmap_field_alloc() , which ties the lifetimes of the allocat...

5.7AI score0.00172EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 4:30 p.m.2 views

CVE-2026-53065 ASoC: sti: use managed regmap_field allocations

In the Linux kernel, the following vulnerability has been resolved: ASoC: sti: use managed regmapfield allocations The regmapfield objects allocated at player init are never freed and may leak resources if the driver is removed. Switch to devmregmapfieldalloc to automatically limit the lifetime o...

5.8AI score0.00172EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 4:29 p.m.3 views

CVE-2026-53037 HID: usbhid: fix deadlock in hid_post_reset()

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix deadlock in hidpostreset You can build a USB device that includes a HID component and a storage or UAS component. The components can be reset only together. That means that hidprereset and hidpostreset are in the...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.29 views

CVE-2026-53031 bpf: Validate node_id in arena_alloc_pages()

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

7.8CVSS0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 4:28 p.m.14 views

CVE-2026-52959

The CVE-2026-52959 issue affects the Linux kernel SEV guest module. During an extended guest request (SVM_VMGEXIT_EXT_GUEST_REQUEST), get_ext_report() allocates a buffer for a host certificate blob and stores its size in report_req-&gt;certs_len. The host may return SNP_GUEST_VMM_ERR_INVALID_LEN ...

7.8CVSS5.9AI score0.00093EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder