Lucene search
+L

32 matches found

osv
osv
added 2 days ago2 views

DEBIAN-CVE-2026-59886

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/06/25 4:35 p.m.7 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

9.1CVSS5.9AI score0.00294EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/28 7:50 p.m.12 views

CVE-2026-46130

A flaw was found in the Linux kernel's device-mapper verity forward error correction dm-verity-fec component. This vulnerability occurs because a function responsible for decoding parity data makes an incorrect assumption about how these data blocks are read. Under specific, non-default...

7.1CVSS5.8AI score0.00117EPSS
Exploits0References4
cve
cve
added 2026/05/13 2:39 p.m.39 views

CVE-2026-44289

CVE-2026-44289 affects protobufjs. Before versions 7.5.6 and 8.0.2, decoding nested protobuf data could recurse without a depth limit, affecting both skipping unknown group fields and generated decoding of nested message fields. A crafted binary payload could exhaust the JavaScript call stack, ca...

7.5CVSS5.8AI score0.0058EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/05/12 3:1 p.m.19 views

GHSA-685M-2W69-288Q protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References5
redhat
redhat
added 2026/04/29 1:26 p.m.8 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References6
cve
cve
added 2026/04/06 3:33 p.m.25 views

CVE-2025-47392

CVE-2025-47392 describes a memory corruption issue that occurs when decoding corrupted satellite data files with invalid signature offsets. The NVD records a CVSS v3.1 base score of 8.8 (HIGH) with adjacent attack vector, no privileges or user interaction required, and high impact on confidential...

8.8CVSS5.9AI score0.00165EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/04/06 12:0 a.m.11 views

PT-2026-30638

Memory corruption when decoding corrupted satellite data files with invalid signature offsets...

8.8CVSS5.9AI score0.00165EPSS
Exploits0References2
redhat
redhat
added 2026/02/16 11:56 a.m.5 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
redhat
redhat
added 2026/01/26 6:30 p.m.11 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
osv
osv
added 2025/12/09 8:14 p.m.2 views

USN-7918-1 netty vulnerabilities

Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is used with certain reverse proxies, a remote attacker could possibly use this issue to perform HTTP request smuggling attacks. CVE-2025-58056 Jonas Konrad discovered that Netty did not properly manage memory...

7.5CVSS5.8AI score0.00631EPSS
Exploits2References3
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-5039

Malware in sbrugna...

7.8CVSS7.6AI score0.00461EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-5331

Malware in sbrugna...

8.6CVSS8.5AI score0.00762EPSS
Exploits2References8
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5390

Malware in sbrugna...

7.5CVSS7.6AI score0.02301EPSS
Exploits0References13
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-17231

Malware in sbrugna...

7.5CVSS7.5AI score0.00568EPSS
Exploits0References2
osv
osv
added 2024/07/17 8:59 a.m.12 views

CLSA-2024-1721206783 freerdp: Fix of 12 CVEs

CVE-2023-39352: add bound check in gdiSolidFill - CVE-2023-39353: check indices are within range - CVE-2023-39356: fix checks for multi opaque rect - CVE-2023-40181: fix cBitsRemaining calculation - CVE-2023-40186: fix integer multiplications - CVE-2023-40188: fix input length validation -...

9.8CVSS6.8AI score0.01529EPSS
Exploits12References1
cve
cve
added 2023/09/13 2:17 p.m.61 views

CVE-2023-39914

The CVE-2023-39914 vulnerability affects NLnet Labs’ bcder library up to version 0.7.2. The root cause is a panic during decoding of certain invalid input data, instead of rejecting it with an error. This can impact both the decoding stage and access to content of types that use delayed decoding....

7.5CVSS7.3AI score0.00592EPSS
Exploits0References1Affected Software1
wallarmlab
wallarmlab
added 2023/03/09 1:10 p.m.186 views

Predictions for 2023 from Latest API Threat Research | API Security Newsletter

March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production is increasing. Weve already seen some fruits of that labor, such as the Q4-2022 and 2022 Year-End ThreatStats™ Report, and some very tasty product upgrades...

6.8CVSS10AI score0.98124EPSS
Exploits48
cvelist
cvelist
added 2022/11/16 12:0 a.m.25 views

CVE-2022-39317 Out of bounds read in zgfx decoder in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in versio...

4.6CVSS5.6AI score0.00627EPSS
Exploits0References4
fedora
fedora
added 2022/07/17 1:16 a.m.22 views

[SECURITY] Fedora 35 Update: golang-github-rwcarlsen-goexif-0-0.9.20191017git9e8deec.fc35

This package provides decoding of basic exif and tiff encoded data...

9.3CVSS2.8AI score0.0995EPSS
Exploits4
Rows per page
Query Builder