119 matches found
CVE-2026-57249 Foxit PDF Editor/Reader Annotation Use-After-Free Vulnerability
After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...
CVE-2026-48933
A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
Astra Linux – Vulnerability in libexif
In libexif versions up to 0.6.25, a integer underflow in size checking for Fuji and Olympus MakerNote decoding could be exploited by attackers to cause programs that use libexif to crash or leak information...
Astra Linux – Vulnerability in Dbus
A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where the array length is inconsistent with the size of the element...
CVE-2026-1288 RFA File Parsing Vulnerability in Autodesk Revit
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition...
CVE-2026-44844
emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...
EUVD-2026-33722
Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...
EUVD-2026-27812
In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm-inputep82 Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, pm-inputep82 stays NULL, which leads to a crash later. This...
CVE-2026-40684
In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...
SUSE CVE-2026-33593
A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query...
CVE-2026-33593
A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query...
PT-2026-34437
Name of the Vulnerable Software and Affected Versions PowerDNS dnsdist versions 1.9.0 through 1.9.12 PowerDNS dnsdist versions 2.0.0 through 2.0.3 Description An unauthenticated remote attacker can cause a denial-of-service by sending a crafted DNSCrypt query. This action triggers a divide-by-zer...
Linux Distros Unpatched Vulnerability : CVE-2026-35215
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the lengt...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the MSL decoder process. An attacker can cause a crash by providing a specially crafted MSL file. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit ...
Integer Underflow (Wrap or Wraparound)
Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the MakerNote decoding process for Fuji and Olympus cameras. An attacker can cause a crash or leak information by providing specially crafted image files. Remediation Upgrade libexif to version...
Linux Distros Unpatched Vulnerability : CVE-2026-31411
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc point...
CVE-2019-25666 SpotAuditor 3.6.7 Denial of Service Buffer Overflow
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition...
PT-2026-30411
A race condition during TCP connection teardown can cause tcp recv to operate on a connection that has already been released. If tcp conn search returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp backlog is full and dereferenced without...
Linux Distros Unpatched Vulnerability : CVE-2025-58136
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 throug...