Lucene search
K

2474 matches found

Cvelist
Cvelist
added 2026/06/11 6:15 p.m.37 views

CVE-2026-53702 Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:15 p.m.8 views

CVE-2026-53701 Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gsth266parserparsepicturepartition gsth266parser.c, the loop iterates without checking that the slice index stays within bounds, writin...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 6:15 p.m.17 views

EUVD-2026-36294

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gsth266parserparsepicturepartition gsth266parser.c, the loop iterates without checking that the slice index stays within bounds, writin...

6.5CVSS5.5AI score0.00206EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/11 11:54 a.m.75 views

-cybersec-bad-folio

cy...

5.4AI score
Exploits0
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

gst-plugins-bad 缓冲区错误漏洞

gst-plugins-bad is a GStreamer open-source plugin. gst-plugins-bad has a buffer error vulnerability, which stems from the multiple slice processing loop in the gsth266 parser’s gsth266parserparsepicturepartition function. This loop does not check whether the slice index exceeds the boundary. When...

6.5CVSS5.6AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

gst-plugins-bad 缓冲区错误漏洞

gst-plugins-bad is a GStreamer open-source plugin. gst-plugins-bad has a buffer error vulnerability. This vulnerability stems from the H.265 codec parser library using incorrect loop boundaries when parsing SEI messages during the buffer period. As a result, the CPB values allocated for the stack...

6.5CVSS5.6AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 11:16 p.m.5 views

DEBIAN-CVE-2026-53463

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25...

4.3CVSS5.4AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 11:16 p.m.16 views

CVE-2026-53463

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25...

4.3CVSS0.00187EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

NULL Pointer Dereference

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.9 views

NULL Pointer Dereference

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.10 views

NULL Pointer Dereference

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:5 p.m.9 views

CVE-2026-53463 ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25...

4.3CVSS5.4AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:5 p.m.2 views

CVE-2026-53463 ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25...

4.3CVSS5.9AI score0.00187EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 4:46 p.m.16 views

Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: json "channel": "/meta/connect",...

7.5CVSS5.5AI score0.00384EPSS
Exploits0References7Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/09 4:5 p.m.9 views

CVE-2026-49848

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 8:41 a.m.9 views

CVE-2026-28262

Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering...

6CVSS5.4AI score0.00095EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/06/05 12:11 p.m.11 views

Security update for ignition

This update for ignition fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 11:4 p.m.22 views

CVE-2026-11077

CVE-2026-11077 affects Google Chrome (Dawn) and is caused by a bad cast in Dawn that allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Affected version range is before 149.0.7827.53; the vulnerability is fixed in that release. The CVSS/metrics ind...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:4 p.m.37 views

CVE-2026-11077

Bad cast in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

0.0028EPSS
Exploits0References2
NVD
NVD
added 2026/06/03 2:16 p.m.13 views

CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS0.00172EPSS
Exploits0References1
Rows per page
Query Builder