Lucene search
K

227 matches found

CVE
CVE
added 2 days ago6 views

CVE-2026-58011

CVE-2026-58011 — GLib . A flaw in GLib affects the g_date_time_get_ymd function in glib/gdatetime.c when handling an invalid GDateTime object produced by g_date_time_add_full. The issue is an out-of-bounds read of 2 bytes, which can corrupt the date output and potentially lead to a denial of serv...

6.5CVSS5.7AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

6.5CVSS5.7AI score0.00273EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

6.5CVSS0.00273EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in GLib. Integer overflow and buffer under-read occur when parsing a long, invalid ISO 8601 timestamp using the gdatetimenewfromiso8601 function...

3.7CVSS5.6AI score0.00416EPSS
Exploits0References2
Circl
Circl
added 2026/06/18 8:15 a.m.21 views

CVE-2026-10736

creationtimestamp| type| source ---|---|--- 2026-06-18 08:15:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mokf5nzsdj2z 2026-06-19 02:33:25+00:00| seen| https://bsky.app/profile/pmloik.bsky.social/post/3momciyt73y2g...

4.9CVSS5.8AI score0.00363EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44241

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

7.5CVSS5.6AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.6AI score0.00358EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:30 a.m.12 views

EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/02 11:27 p.m.43 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS0.00128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:32 p.m.10 views

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References5Affected Software1
Circl
Circl
added 2026/05/12 4:57 a.m.10 views

CVE-2026-40136

creationtimestamp| type| source ---|---|--- 2026-05-12 04:57:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlmyt54c6l2p 2026-05-12 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:07+00:00| seen|...

4.3CVSS5.8AI score0.0029EPSS
Exploits0References3
Circl
Circl
added 2026/05/09 9:49 p.m.11 views

CVE-2026-42571

creationtimestamp| type| source ---|---|--- 2026-05-09 21:49:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlh7zev7at2t 2026-05-10 00:00:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlhhd4dhnd2p 2026-05-10 00:01:03+00:00| seen|...

9CVSS5.8AI score0.0032EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-016813)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016813 advisory. A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

3.7CVSS6AI score0.00416EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 8:0 p.m.10 views

Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header

Summary TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation pattern concatenated with the locale from the HTTP Accept-Language header. Because Locale.forLanguageTag accepts arbitrary BCP 47 private-use...

7.5CVSS5.9AI score0.00405EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-38292

Name of the Vulnerable Software and Affected Versions Micronaut Framework versions 4.3.0 through 4.10.21 Description An unauthenticated attacker can cause a denial of service by exhausting heap memory, leading to a JVM crash. The issue exists in the TimeConverterRegistrar component, which uses an...

7.5CVSS5.9AI score0.00405EPSS
Exploits0References7
OSV
OSV
added 2026/04/30 12:0 p.m.6 views

RUSTSEC-2026-0138 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

5.8AI score
Exploits0References3
RustSec
RustSec
added 2026/04/30 12:0 p.m.12 views

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2026/04/24 12:0 p.m.8 views

RUSTSEC-2026-0134 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

5.8AI score
Exploits0References3
RustSec
RustSec
added 2026/04/24 12:0 p.m.9 views

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

5.8AI score
Exploits0Affected Software1
Circl
Circl
added 2026/04/17 6:14 p.m.4 views

CVE-2026-41153

creationtimestamp| type| source ---|---|--- 2026-04-17 18:14:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjpjpf2f3w2b...

9.8CVSS5.7AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder