Lucene search
K

117 matches found

F5 Networks
F5 Networks
added 2026/06/30 3:45 p.m.6 views

K000161969: Go vulnerability CVE-2025-58189

Security Advisory Description When Conn.Handshake fails during Application-Layer Protocol Negotiation ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. CVE-2025-58189 Impact An attacker may be able to inject controlled...

5.3CVSS6.5AI score0.00443EPSS
Exploits0Affected Software3
RedHat Linux
RedHat Linux
added 2026/06/23 8:1 p.m.9 views

libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS6.1AI score0.00205EPSS
Exploits1References4
NVD
NVD
added 2026/06/22 10:16 p.m.14 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS0.00231EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 9:55 p.m.9 views

EEF-CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1

Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex,...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 1:18 a.m.8 views

MAL-2026-4443 Malicious code in @shinzepelly/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957954ced5e6fb2e8ab6a666adf496ca2edc7575a4e202b593d6698b5d89809f Package impersonates the legitimate libsignal-node library description copied verbatim: "Open Whisper Systems' libsignal for Node.js" under an...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/14 8:17 p.m.9 views

DEBIAN-CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 8:17 p.m.11 views

CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS0.0016EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/14 8:17 p.m.10 views

CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:17 p.m.18 views

UBUNTU-CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/14 8:2 p.m.33 views

CVE-2026-44637 libsixel: integer overflow in parser

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS0.0016EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:2 p.m.7 views

CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/14 8:2 p.m.20 views

CVE-2026-44637

CVE-2026-44637 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in the parser’s image-buffer doubling loop (sixel_decode_raw_impl) occurs as context->pos_x is incremented by repeat_count with no upper bound check. When pos_x nears INT_MAX, pos_x + repeat_count overflows sign...

7.1CVSS6AI score0.0016EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/05/14 8:2 p.m.10 views

CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/14 8:2 p.m.16 views

CVE-2026-44637 libsixel: integer overflow in parser

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-41033

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel decode raw impl. context-pos x grows by repeat count on every sixel characte...

7.1CVSS6AI score0.0016EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:20 p.m.16 views

CVE-2026-43894

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...

6.2CVSS5.8AI score0.00158EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit...

9.8CVSS5.5AI score0.00314EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/09 10:35 p.m.5 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.2AI score0.00393EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/06 4:17 p.m.5 views

CVE-2026-34778

A flaw was found in Electron, a framework for building desktop applications. A service worker running in a session could spoof reply messages on the internal Inter-Process Communication IPC channel. This vulnerability affects applications that have service workers registered and use the results o...

6.5CVSS5.8AI score0.00123EPSS
Exploits0References4
OSV
OSV
added 2026/04/03 2:44 a.m.3 views

GHSA-XJ5X-M3F3-5X3H Electron: Service worker can spoof executeJavaScript IPC replies

Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...

5.9CVSS6AI score0.00123EPSS
Exploits0References3
Rows per page
Query Builder