Lucene search
K

1159 matches found

Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.10 views

PT-2026-34769

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply patch, remove, and mkdir operations to manipulate files between validation and executio...

5CVSS5.8AI score0.00088EPSS
Exploits0References5
OSV
OSV
added 2026/04/21 9:45 a.m.5 views

CLSA-2026-1776764746 libxslt: Fix of CVE-2021-30560

CVE-2021-30560: fix use-after-free in xsltApplyTemplates...

8.8CVSS6.8AI score0.21623EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:25 p.m.2 views

CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

8.8CVSS6.2AI score0.00994EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:19 p.m.3 views

CVE-2026-34554

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow HBO in CIccApplyCmmSearch::costFunc can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an...

6.2CVSS5.7AI score0.00159EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 10:19 p.m.28 views

CVE-2026-34554 iccDEV: HBO in CIccApplyCmmSearch::costFunc()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow HBO in CIccApplyCmmSearch::costFunc can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an...

6.2CVSS0.00159EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 10:19 p.m.3 views

CVE-2026-34554 iccDEV: HBO in CIccApplyCmmSearch::costFunc()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow HBO in CIccApplyCmmSearch::costFunc can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an...

6.2CVSS5.7AI score0.00159EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:5 p.m.1 views

CVE-2026-34542

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/31 10:5 p.m.12 views

CVE-2026-34542

CVE-2026-34542 affects iccDEV before version 2.3.1.6, where a crafted ICC profile can trigger a stack-buffer-overflow in CIccCalculatorFunc::Apply() when processed via iccApplyNamedCmm. Under AddressSanitizer this appears as a 4-byte write stack-buffer-overflow in IccProfLib/IccMpeCalc.cpp:3873, ...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 10:5 p.m.20 views

CVE-2026-34542 iccDEV: SBO in CIccCalculatorFunc::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

6.2CVSS0.00156EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 10:5 p.m.4 views

CVE-2026-34542 iccDEV: SBO in CIccCalculatorFunc::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.10 views

PT-2026-29399

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow HBO in CIccApplyCmmSearch::costFunc can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an...

6.2CVSS5.7AI score0.00159EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.9 views

PT-2026-29390

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:10 a.m.10 views

CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

7.5CVSS5.9AI score0.0079EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-31793

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence causing denial of service. This vulnerability is fixed in 2.3.1.5...

5.5CVSS5.8AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31795

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5...

7.8CVSS6AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 5:28 p.m.19 views

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

6.9CVSS0.00308EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/24 5:28 p.m.5 views

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 5:28 p.m.5 views

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/24 4:57 p.m.5 views

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the ConfigSyncController process. An attacker can perform unauthorized configuration synchronization operations by sending crafted requests to endpoints such as...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 2:19 p.m.22 views

MAL-2026-2112 Malicious code in apply-hive-table (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...

5.9AI score
Exploits0References5
Rows per page
Query Builder