5061 matches found
CVE-2026-9143
CVE-2026-9143 describes an incorrect conversion between numeric types in NI grpc-device due to missing range checks in CodeGen, potentially discarding high bits when a size value exceeds the target type’s range. Affected: NI grpc-device ≤ 2.17.0. Metrics: CVSSv3.1 base 3.7 (LOW); CVSSv4.0 base 6....
CVE-2026-49762
A flaw was found in the Elixir standard library's Version module. A remote attacker can exploit this uncontrolled resource consumption vulnerability by providing a specially crafted, excessively long version string. This malicious input forces the system to perform a super-linear,...
EUVD-2026-37645
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...
CVE-2026-1288
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition...
EUVD-2026-37744
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition...
CVE-2026-1288 RFA File Parsing Vulnerability in Autodesk Revit
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition...
CVE-2026-1288
The CVE-2026-1288 entry concerns Autodesk Revit. A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Revit, can trigger a NULL pointer dereference in the processing path. Exploitation may crash the application, resulting in a denial-of-service condition. The pr...
CVE-2026-12491
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...
GHSA-WCPC-WJ8M-HJX6 protobufjs: Denial of service through unbounded Any expansion during JSON conversion
Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...
protobufjs: Denial of service through unbounded Any expansion during JSON conversion
Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...
Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
Linux Distros Unpatched Vulnerability : CVE-2026-9748
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal skip this document when an index stats conversion failed. But PauseExecution i...
CVE-2022-47150
Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...
CVE-2022-47150 WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...
EUVD-2022-56006
Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...
CVE-2022-47150 WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...
PT-2026-48640
Cross-Site request forgery CSRF vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10...
Linux Distros Unpatched Vulnerability : CVE-2026-44293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could...
OSV-2026-895 Heap-buffer-overflow in ihevcd_fmt_conv
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=521437880 Crash type: Heap-buffer-overflow WRITE 8 Crash state: ihevcdfmtconv ihevcdprocessthread startthread...
sharp 安全漏洞
Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp prior to 9.22.0 contained a security vulnerability. This vulnerability stemmed from the general download endpoint...