Lucene search
K

3816 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52133

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A buffer overflow occurs in the gf media import function located in /media tools/av parsers.c. This issue allows remote attackers to cause a Denial of Service DoS by providing a special...

7.5CVSS6.1AI score0.00579EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/18 1:15 p.m.4 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the MagicYUV decoder process in the libavcodec library. An attacker can cause a denial of service or potentially execute arbitrary code by submitting a specially crafted file that triggers an odd sliceheight valu...

8.8CVSS7.5AI score0.00477EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/18 12:0 a.m.17 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

0.01316EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-12528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger...

5.4CVSS6AI score0.00226EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2026-50874

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

8.1CVSS0.01119EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 11:47 a.m.2 views

OPENSUSE-SU-2026:20967-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to...

6.8CVSS5.9AI score0.00282EPSS
Exploits2References8
Mageia
Mageia
added 2026/06/12 11:28 p.m.19 views

Updated expat packages fix security vulnerabilities

CVE-2026-45186 the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.2AI score0.00428EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

NULL Pointer Dereference

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.10 views

CVE-2026-36772

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

6.5CVSS5.5AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.9 views

CVE-2026-36773

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

6.5CVSS5.5AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:48 p.m.43 views

CVE-2026-41711 Potential Denial of Service through crafted Sort Parameters

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through...

5.9CVSS0.0028EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 4:3 p.m.11 views

CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

7.5CVSS5.8AI score0.00513EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.10 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

7.5CVSS6.1AI score0.00791EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/09 11:18 a.m.8 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

7.5CVSS6.1AI score0.00791EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 12:0 a.m.19 views

CVE-2026-36770

CVE-2026-36770 affects Shenzhen Tenda Technology Co. device: Tenda US_W3V1.0BR v1.0.0.3. The vulnerability is a stack overflow in the Go parameter of the ask_to_reboot function, leading to Denial of Service through a crafted input. CVSS v3.1 base score is 7.5 (Network attack, Low attack complexit...

7.5CVSS5.5AI score0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.36 views

CVE-2026-36770

Shenzhen Tenda Technology Co., Ltd Tenda USW3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.13 views

CVE-2026-36773

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) has a stack overflow in the Go parameter of the ask_to_reboot function, causing Denial of Service via crafted input. Affected component: the ask_to_reboot parameter handling. Root cause: stack overflow in Go code. Impact: ...

6.5CVSS5.5AI score0.0018EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/08 11:16 p.m.7 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the bz2.BZ2Decompressor objects. An attacker can cause out-of-bounds writes to a stack buffer by reusing a decompressor object after a decompression error and providing crafted input. This can result in...

8.2CVSS5.5AI score0.00433EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 10:1 p.m.70 views

CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS0.00433EPSS
Exploits0References8
Rows per page
Query Builder