Lucene search
K

2809 matches found

OSV
OSV
added 4 days ago5 views

DEBIAN-CVE-2026-61858

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References1
OSV
OSV
added last week6 views

DEBIAN-CVE-2026-58210

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References1
OSV
OSV
added last week7 views

DEBIAN-CVE-2026-56001

A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont...

8.8CVSS6.3AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:16 p.m.4 views

DEBIAN-CVE-2026-58402

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:16 p.m.4 views

DEBIAN-CVE-2026-50133

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

6.1CVSS5.4AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:16 p.m.2 views

DEBIAN-CVE-2026-42546

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the functio...

3.8CVSS6AI score0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 7:17 p.m.5 views

DEBIAN-CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 9:16 p.m.5 views

DEBIAN-CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.3CVSS6.1AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 8:48 a.m.3 views

DEBIAN-CVE-2026-47709

Bulletin has no description...

5.7AI score0.00025EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 8:48 a.m.2 views

DEBIAN-CVE-2026-47254

Bulletin has no description...

5.7AI score0.00024EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14427

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS6.1AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.4 views

DEBIAN-CVE-2026-14430

Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.8 views

DEBIAN-CVE-2026-14421

Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.4 views

DEBIAN-CVE-2026-14419

Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.5 views

DEBIAN-CVE-2026-14410

Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.4 views

DEBIAN-CVE-2026-14397

Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.4 views

DEBIAN-CVE-2026-14399

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14392

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.4 views

DEBIAN-CVE-2026-14390

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.5 views

DEBIAN-CVE-2026-14395

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score0.00275EPSS
Exploits0References1
Rows per page
Query Builder