Lucene search
K

1919 matches found

CVE
CVE
added 2 days ago7 views

CVE-2026-43717

The CVE-2026-43717 entry describes a use-after-free in Safari related to processing malicious web content. Affected products are Safari across macOS and iOS/iPadOS, with fixed versions Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Root cause stated as improved memory managemen...

6.5CVSS5.8AI score0.00189EPSS
Exploits0References3Affected Software4
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-43718

A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash...

6.5CVSS5.8AI score0.00284EPSS
Exploits0References4
CVE
CVE
added 5 days ago12 views

CVE-2026-48090

Envoy CVE-2026-48090 affects the HTTP OAuth2 filter (envoy.filters.http.oauth2) in 1.37.0–1.37.5 and 1.38.3. A late AsyncClient completion can call OAuth2Filter methods after the downstream stream has been torn down, leading to undefined behavior, worker crashes, and use-after-free/invalid-vptr f...

5.9CVSS6.2AI score0.00579EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 6 days ago7 views

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions

A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operations...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References4Affected Software17
CVE
CVE
added 6 days ago13 views

CVE-2026-57236

CVE-2026-57236 affects Nokogiri (Ruby) with the CRuby/libxml2 backend. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., non-string or null byte) frees the current encoding string but does not replace it, leaving the document referencing freed memory. The next call to Do...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago5 views

CVE-2026-42388

Incomplete validation of the SOA record present in a catalog zone might lead to a crash...

5.9CVSS0.004EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39358

Incomplete validation of the SOA record present in a catalog zone might lead to a crash...

5.9CVSS5.8AI score0.004EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-12245 Denial of DNS over TLS service by any DoT client

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS0.00274EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-12892

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...

4.4CVSS0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/23 2:19 a.m.5 views

SUSE CVE-2026-56367

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...

4.8CVSS5.9AI score0.00236EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 7:32 p.m.7 views

CVE-2026-8358

A heap-based buffer overflow vulnerability was discovered in LibreOffice Calc's spreadsheet importer. When processing tracked changes from a spreadsheet document, the application fails to properly handle duplicate change identifiers. By reusing the same change identifier for two distinct types of...

6.9CVSS6.1AI score0.00171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51227

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description An integer overflow exists in the PSB PSD v2 RLE decoding path within the ReadPSDChannelRLE function located in coders/psd.c. On 32-bit builds, this fla...

9.1CVSS6.1AI score0.00236EPSS
Exploits0References78
RedHat Linux
RedHat Linux
added 2026/06/20 12:28 a.m.7 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
OSV
OSV
added 2026/06/19 9:42 p.m.21 views

GHSA-6V7P-G79W-8964 MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error

Impact If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. If the Unpacker is used repeatedly to unpack untrusted input from external sources, it may be vulnerable to a DoS attack. Patches v1.2.1 Workarounds Users should create a new Unpacker instead of...

7.5CVSS5.8AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/19 4:56 p.m.5 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in gawk

A heap out-of-bounds read flaw was discovered in the builtin.c file within the gawk package. This issue may lead to a crash and could be used to read sensitive information...

7.1CVSS6.6AI score0.00424EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in bind9

The code that processes control channel messages sent to named recursively calls certain functions during packet parsing. The recursion depth is limited only by the maximum acceptable packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack...

7.5CVSS7AI score0.02626EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Drivers are not always robust against extremely large draw calls, and in some cases, this scenario could lead to crashes. This vulnerability affects Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1...

7.5CVSS7.1AI score0.01585EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.13 views

Astra Linux – Vulnerability in Qemu

A out-of-bounds write flaw was discovered in the UAS USB-attached SCSI device emulation in QEMU in versions prior to 6.2.0-rc0. The device uses the guest-provided stream number without proper checking, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A...

7.4CVSS6.8AI score0.00566EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Policykit-1

A flaw was discovered in polkit. When processing an XML policy with 32 or more nested elements at depth, an out-of-bounds write vulnerability can be triggered. This issue may lead to a crash or other unexpected behavior, and arbitrary code execution is possible without being detected. To exploit...

6.7CVSS6.2AI score0.00184EPSS
Exploits0References2
Rows per page
Query Builder