Lucene search
K

3087181 matches found

CVE
CVE
added 27 minutes ago1 views

CVE-2026-58379 Gimp: gimp: heap buffer overflow in read_channel_data()

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.7AI score
Exploits0References4
Cvelist
Cvelist
added 27 minutes ago2 views

CVE-2026-58379 Gimp: gimp: heap buffer overflow in read_channel_data()

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS
Exploits0References4
GithubExploit
GithubExploit
added 1 hour ago7 views

Exploit for CVE-2026-14459

Pardus Software Center — Local Privilege Escalation CVE-2026-...

8.8CVSS6.2AI score
Exploits1
GithubExploit
GithubExploit
added 1 hour ago7 views

cpcs-prototype

CPCS — Camera-Based Passenger Counting System Proof of co...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2 hours ago4 views

CVE-2026-56369

A vulnerability has been identified in ImageMagick, a software tool used to create, edit, and convert image files. This flaw allows a remote attacker to potentially decrypt and view images that were supposed to be securely encrypted by the software, leading to an unauthorized disclosure of...

6.3CVSS5.9AI score0.00229EPSS
Exploits0References5
NVD
NVD
added 2 hours ago3 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 hours ago4 views

CVE-2026-20213

A flaw was found in ClamAV. An unauthenticated, remote attacker could exploit this vulnerability by submitting a specially crafted file containing Portable Executable PE content for scanning. This is due to improper boundary checks during the scanning process, which may lead to an out-of-bounds...

7.5CVSS6AI score0.00463EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2 hours ago3 views

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the...

6.4AI score
Exploits0
Cvelist
Cvelist
added 3 hours ago7 views

CVE-2026-14612 Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 hours ago3 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 hours ago3 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41554

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score
Exploits0References2
CVE
CVE
added 3 hours ago9 views

CVE-2026-14612

The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...

4.2CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-20243

A flaw was found in ClamAV's ALZ file format parser. An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted ALZ Archived Link Zipped file for scanning. This improper handling of ALZ files can lead to memory corruption, causing the ClamAV scanning...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-55223

A flaw was found in c3p0, a JDBC Connection pooling library. This vulnerability allows a remote attacker to potentially execute arbitrary code by crafting a malicious data source object. When an application deserializes this object and automatically resolves its properties, it can trigger...

7.5CVSS6.3AI score0.00284EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 hours ago4 views

CVE-2026-20244

A flaw was found in ClamAV's DMG file format parser. An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted DMG file for scanning. Improper boundary checks during the scanning process can lead to an integer overflow, primarily affecting 32-bit...

7.5CVSS7AI score0.00389EPSS
Exploits0References4
The Hacker News
The Hacker News
added 5 hours ago3 views

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted...

7.8CVSS7.7AI score0.63102EPSS
Exploits3
GithubExploit
GithubExploit
added 5 hours ago13 views

ajar

ajar 🚪 Find the door you left open by default. A defensive...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 5 hours ago4 views

Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts

Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware. Verified X account used in Mac...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 5 hours ago3 views

CVE-2026-20214

A flaw was found in ClamAV. An unauthenticated, remote attacker could exploit a vulnerability in the FSG file format parser by submitting a specially crafted file for scanning. This improper handling of FSG files can lead to an out-of-bounds buffer write, causing memory corruption. A successful...

7.5CVSS7.2AI score0.00463EPSS
Exploits0References4
Rows per page
Query Builder