CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

CVE-2026-54236

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS0.00796EPSS

Exploits1References3

SUSE Linux•added 2026/06/15 8:5 a.m.•5 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.2CVSS5.3AI score0.02268EPSS

Exploits0References22

Microsoft CVE•added 2026/06/13 8:6 a.m.•6 views

Heap Buffer Over-read in ASN.1 Content Parsing

...

7.5CVSS5.8AI score0.00513EPSS

Exploits0

Tenable Nessus•added 2026/06/11 12:0 a.m.•6 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSL vulnerabilities (USN-8414-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8414-1 advisory. Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use...

9.1CVSS6.5AI score0.02268EPSS

Exploits0References16

OSV•added 2026/06/09 12:0 a.m.•12 views

UBUNTU-CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

7.5CVSS5.7AI score0.00513EPSS

Exploits0References5

Fedora•added 2026/05/29 1:13 a.m.•14 views

[SECURITY] Fedora 44 Update: podofo-1.0.4-1.fc44

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

2.5CVSS5.8AI score0.00096EPSS

Exploits0

OSV•added 2026/05/27 9:9 p.m.•4 views

GHSA-X6G4-FWCC-JJ8W Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true

Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...

5.3CVSS5.8AI score0.00052EPSS

Exploits0References6

Debian CVE•added 2026/05/22 3:1 p.m.•5 views

CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00188EPSS

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в libxml2

A vulnerability was discovered in libxml2 in versions prior to 2.9.11. This vulnerability allows errors to go unnoticed during the parsing of XML mixed content, resulting in a NULL dereference. If an untrusted XML document is parsed in recovery mode and after post-validation, this flaw could be...

5.9CVSS6.8AI score0.03503EPSS

Exploits0References2

Github Security Blog•added 2026/02/28 2:46 a.m.•12 views

pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

6.9CVSS5.8AI score0.00423EPSS

Exploits0References6Affected Software1

EUVD•added 2026/01/27 4:1 p.m.•3 views

EUVD-2025-206379

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData...

6.4AI score0.45854EPSS

Exploits7References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-17681

Malware in sbrugna...

4.3CVSS6.5AI score0.03781EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-25483

Malware in sbrugna...

6.5CVSS6.6AI score0.01383EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-1374

Malware in sbrugna...

4.3CVSS4.5AI score0.02134EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-11951

Malware in sbrugna...

4.3CVSS5.8AI score0.01999EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-17670

Malware in sbrugna...

4.3CVSS4.9AI score0.0405EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-20025

Malware in sbrugna...

4.3CVSS6.4AI score0.06176EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2024-2189

Malicious code in bioql PyPI...

6.1CVSS6.9AI score0.00529EPSS

Exploits0References8

Amazon•added 2025/06/02 12:0 a.m.•11 views

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.6AI score0.00682EPSS

Exploits0