Lucene search
K

882 matches found

UbuntuCve
UbuntuCve
added 2026/04/10 2:16 p.m.12 views

CVE-2026-6067

A heap buffer overflow vulnerability exists in the Netwide Assembler NASM due to a lack of bounds checking in the objdirective function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service crash, and...

7.5CVSS6.3AI score0.00357EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 2:16 p.m.4 views

UBUNTU-CVE-2026-6068

NASM contains a heap use after free vulnerability in response file -@ processing where a dangling pointer to freed memory is stored in the global dependfile and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code executi...

9.6CVSS6.3AI score0.00414EPSS
Exploits1References3
CVE
CVE
added 2026/04/10 1:30 p.m.21 views

CVE-2026-6067

The CVE-2026-6067 entry concerns the Netwide Assembler (NASM). A heap buffer overflow is caused by insufficient bounds checking in the obj_directive() function. An attacker could exploit this by assembling a malicious .asm file, leading to heap memory corruption, crash (DoS), or arbitrary code ex...

7.5CVSS6.3AI score0.00357EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

Bugsink 输入验证错误漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Version 2.1.0 of Bugsink contains a vulnerability related to input validation. This vulnerability stems from an authentication-related file writing issue during the package assembly process. It may allow users with...

7.1CVSS5.8AI score0.00299EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

LLM4CodeRE: Generative AI for Code Decompilation Analysis and Reverse Engineering

Code decompilation analysis is a fundamental yet challenging task in malware reverse engineering, particularly due to the pervasive use of sophisticated obfuscation techniques. Although recent large language models LLMs have shown promise in translating low-level representations into high-level...

6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/28 12:0 p.m.6 views

CVE-2017-20228 Flat Assembler 1.71.21 Stack-Based Buffer Overflow ROP

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...

8.6CVSS6.6AI score0.00219EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/03/26 5:22 p.m.6 views

com.sap.hcp.cf.logging:sample-app-spring-boot (>=3.8.5 <=4.1.0), dev.vality:shared-resources (>=4.0.0-alpha1 <=4.0.0-alpha4) +1 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent:opentelemetry-javaagent (>=2.15.0 <=2.23.0)

io.opentelemetry.javaagent:opentelemetry-javaagent MAVEN version =2.15.0, =3.8.5, =4.0.0-alpha1, =2.5.12, =2.6.4-hadoop3 Source cves: CVE-2026-33701 Source advisory: SNYK:JAVA-IOOPENTELEMETRYJAVAAGENT-15857172...

9.8CVSS5.8AI score0.00933EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

PX4-Autopilot 安全漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions of PX4-Autopilot prior to 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from tattucan’s use of unbounded memory copying during its multi-frame assembly cycle, which could lead to stack...

6.1CVSS5.8AI score0.0027EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2026/03/13 9:31 p.m.6 views

org.apache.livy:livy-assembly (>=0.7.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.7.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-60012 via org.apache.livy:livy-server (>=0.7.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-60012 Source advisory: SNYK:JAVA-ORGAPACHELIVY-15674462...

6.3CVSS5.8AI score0.00488EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/13 9:31 p.m.9 views

org.apache.livy:livy-assembly (>=0.4.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.4.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-66249 via org.apache.livy:livy-server (>=0.4.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.6.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-66249 Source advisory: OSV:GHSA-H84F-4FF9-8HC3...

6.3CVSS5.8AI score0.00597EPSS
Exploits0
CVE
CVE
added 2026/03/13 9:18 p.m.24 views

CVE-2026-32707

CVE-2026-32707 affects PX4 Autopilot with the tattu_can module. A stack buffer overflow results from an unbounded memcpy in the multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In affected deployments where tattu_can is enabled, a CAN-injection cap...

6.1CVSS5.8AI score0.0027EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2026/03/13 9:18 p.m.33 views

CVE-2026-32707 PX4 autopilot has a stack buffer overflow in tattu_can due to unbounded memcpy in frame assembly loop

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattucan contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattucan is enabled and running, a CAN-injection-capable...

5.2CVSS0.0027EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2026/03/13 4:47 p.m.6 views

org.apache.livy:livy-assembly (>=0.4.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.4.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-66249 via org.apache.livy:livy-server (>=0.4.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.6.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-66249 Source advisory: SNYK:JAVA-ORGAPACHELIVY-15520260...

6.3CVSS5.8AI score0.00597EPSS
Exploits0
OSV
OSV
added 2026/03/09 7:19 p.m.6 views

MGASA-2026-0053 Updated thunderbird packages fix security vulnerabilities

Incorrect boundary conditions in the WebRTC: Audio/Video component. CVE-2026-2757 Use-after-free in the JavaScript: GC component. CVE-2026-2758 Incorrect boundary conditions in the Graphics: ImageLib component. CVE-2026-2759 Sandbox escape due to incorrect boundary conditions in the Graphics:...

10CVSS5.8AI score0.00604EPSS
Exploits0References4
OSV
OSV
added 2026/02/26 10:59 p.m.5 views

CLSA-2026-1772146785 httpd: Fix of CVE-2024-42516

CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...

7.5CVSS6.6AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 10:25 a.m.7 views

CLSA-2026-1772101499 httpd: Fix of CVE-2024-42516

CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...

7.5CVSS7.1AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 10:21 a.m.6 views

CLSA-2026-1772101256 httpd: Fix of CVE-2024-42516

CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...

7.5CVSS7.1AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 3:17 p.m.8 views

GHSA-3288-P39F-RQPV Unsoundness in opt-in ARMv8 assembly backend for `keccak`

Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...

2.1CVSS5.6AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/19 3:17 p.m.11 views

Unsoundness in opt-in ARMv8 assembly backend for `keccak`

Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...

5.5AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/14 1:26 a.m.4 views

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS6.1AI score0.004EPSS
Exploits1References1
Rows per page
Query Builder