Lucene search
K

5104 matches found

CVE
CVE
added yesterday16 views

CVE-2026-55078

Summary: CVE-2026-55078 affects Coder’s remote development environment provisioning via Terraform. The issue lies in POST /api/v2/files where zip uploads are decompressed to tar in memory by CreateTarFromZip, with a per-entry size limit but no aggregate decompression limit, writing to an unbounde...

6.5CVSS6AI score
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-42083

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2 days ago4 views

CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS0.00342EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2 days ago9 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
Snyk
Snyk
added 5 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-51947

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...

9.8CVSS0.0113EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-56377

A flaw in ImageMagick’s policy enforcement allows remote attackers to bypass path restrictions within sandboxed conversion services. By circumventing these controls, an attacker can create or truncate files outside permitted security boundaries, leading to unauthorized file manipulation. Mitigati...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 3:33 a.m.8 views

EUVD-2026-40878

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb function passes a caller-supplied WCHAR pointer to wcslen before any bounds check. If the caller provides a wide-character buffer that is not properly...

4.3CVSS5.9AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40450

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 12:0 a.m.21 views

CVE-2026-51947

CVE-2026-51947 affects Pivotal CRM 6.6.4.08 and systems applying patch-ghi-15381-cwe-502-20251225.zip. The vulnerability arises from an incomplete fix for CVE-2026-39253 in the Pivotal.Engine.Client.Services.Conversion.dll, enabling remote code execution via network access. The issue is fixed in ...

9.8CVSS6.2AI score0.0113EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 4:59 a.m.10 views

CVE-2026-48712

A flaw was found in protobufjs. A remote attacker could exploit this by sending a crafted protobuf binary payload containing deeply nested 'Any' values. This uncontrolled recursion could exhaust the JavaScript call stack during conversion to JSON, leading to a Denial of Service DoS. Mitigation No...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 7:51 p.m.7 views

EUVD-2026-38384

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: terminate the cached volume label after UTF-8 conversion ntfsfillsuper loads the on-disk volume label with utf16stoutf8s and stores the result in...

6AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:32 p.m.8 views

EUVD-2026-38891

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: terminate the cached volume label after UTF-8 conversion ntfsfillsuper loads the on-disk volume label with utf16stoutf8s and stores the result in sbi-volume.label. The converted label is later exposed through...

5.7AI score0.00172EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:29 p.m.7 views

CVE-2026-53023

CVE-2026-53023 affects Linux kernel ntfs3: ntfs_fill_super() converts the on-disk volume label from UTF-16 to UTF-8 and stores it in sbi->volume.label, but utf16s_to_utf8s() does not append a NUL terminator. If the converted label fills the fixed buffer, ntfs3_label_show() could read past the ...

5.7AI score0.00172EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in GLib. A integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds...

5.4CVSS6.1AI score0.00325EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52059

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...

8.8CVSS5.9AI score0.00357EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 8:16 p.m.12 views

CVE-2026-39253

An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components...

8.1CVSS0.00805EPSS
Exploits0References2
Rows per page
Query Builder