Lucene search
K

456830 matches found

RedHat Linux
RedHat Linux
added 2026/06/24 12:48 p.m.7 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS7AI score0.01052EPSS
Exploits1References10
SUSE Linux
SUSE Linux
added 2026/06/24 11:55 a.m.4 views

Security update for libheif

This update for libheif fixes the following issues Update to 1.23.0: CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read bsc1259544...

8.6CVSS6.1AI score0.00514EPSS
Exploits6References88
OSV
OSV
added 2026/06/24 11:55 a.m.2 views

SUSE-SU-2026:2622-1 Security update for libheif

This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. - CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read...

8.8CVSS6.1AI score0.00514EPSS
Exploits6References45
Vulnrichment
Vulnrichment
added 2026/06/24 11:53 a.m.6 views

CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38752

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.31 views

CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

6.9CVSS0.00281EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.10 views

CVE-2026-56338

Capgo prior to version 12.128.2 contains a denial-of-service flaw in the /auth/v1/otp endpoint used for 2FA email verification. The issue arises from captcha validation failures causing the backend to return HTTP 500 errors, preventing authenticated users from completing 2FA enrollment and access...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56338

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/24 11:21 a.m.6 views

Incorrect Type Conversion or Cast

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the protected initializecopywithargs copy helper behind Nodedup and clone, which unwraps its source argument as an xmlNode without a type...

5.7CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/24 11:16 a.m.12 views

CVE-2026-13150

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/24 11:12 a.m.4 views

CVE-2026-13140 Stored Cross-Site Scripting in Canarytokens.org

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...

2CVSS5.8AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 11:12 a.m.5 views

CVE-2026-13140

The CVE-2026-13140 entry concerns Canarytokens.org (Thinkst Applied Research) with a Stored Cross-Site Scripting flaw in the exposed AWS API key store. Affected: Canarytokens Docker images from tag sha-4116b92cb up to before sha-f5aa5c4e and Git commit 4116b92cb before f5aa5c4e. Attack requires k...

2CVSS5.8AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 11:12 a.m.5 views

EUVD-2026-38736

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...

2CVSS5.8AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 11:12 a.m.31 views

CVE-2026-13140 Stored Cross-Site Scripting in Canarytokens.org

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...

2CVSS0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:12 a.m.5 views

CVE-2026-13140

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...

2CVSS5.8AI score0.00185EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/24 10:45 a.m.6 views

EUVD-2026-38735

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 10:45 a.m.10 views

CVE-2026-13150

CVE-2026-13150 describes an SSRF in the PDF generation endpoint of ccyl13 Pentestify 1.0.0 and earlier. The vulnerability arises because GET /api/reports/{id}/pdf builds the target URL from request.base_url without validation, enabling remote attackers to cause the server to fetch arbitrary inter...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 10:45 a.m.32 views

CVE-2026-13150 SSRF in Pentestify PDF generation endpoint via Host header

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 10:45 a.m.6 views

CVE-2026-13150

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 10:35 a.m.3 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References7
Rows per page
Query Builder