CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2971 matches found

RustSec•added 2026/03/17 12:0 p.m.•6 views

Decompressing invalid data can leak information from uninitialized memory or reused output buffer

Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...

8.2CVSS5.9AI score0.00443EPSS

Exploits0Affected Software1

CNNVD•added 2026/03/17 12:0 a.m.•4 views

dr_libs 安全漏洞

drlibs is an audio decoding library developed by David Reid as a personal project in C/C++. Versions of drlibs prior to 0.13.3 contain security vulnerabilities. These vulnerabilities stem from the drflacreadanddecodemetadata function, which involves uncontrolled memory allocation. This could allo...

6.9CVSS5.8AI score0.00186EPSS

Exploits1References3

OSV•added 2026/03/16 11:16 p.m.•4 views

ALPINE-CVE-2026-4177

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on...

9.1CVSS5.8AI score0.00499EPSS

Exploits0References1

Github Security Blog•added 2026/03/16 8:48 p.m.•7 views

lz4_flex's decompression can leak information from uninitialized memory or reused output buffer

Summary Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. Details The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from the...

8.2CVSS6AI score0.00443EPSS

Exploits0References5Affected Software1

Snyk•added 2026/03/16 8:27 p.m.•2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the Unmarshal, UnmarshalAsMap, UnmarshalAsArray, and Marshal functions, which invoke Decode. An attacker can cause a panic with truncated fixext data that triggers an out-of-bounds read. Note: This vulnerability i...

8.7CVSS7.1AI score0.01036EPSS

Exploits2References3

Snyk•added 2026/03/16 8:27 p.m.•0 views

Out-of-bounds Read

8.7CVSS7.1AI score0.01036EPSS

Exploits2References3

Snyk•added 2026/03/16 8:27 p.m.•2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the DataRow.Decode function. An attacker can cause a panic and potentially disrupt application availability by sending a DataRow message with a negative field length from a malicious or compromised PostgreS...

8.2CVSS5.9AI score0.00357EPSS

Exploits0References3

OSV•added 2026/03/16 8:27 p.m.•1 views

GO-2026-4518 Denial of service in github.com/jackc/pgproto3/v2

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

7.5CVSS5.8AI score0.00357EPSS

Exploits0References3

Positive Technologies•added 2026/03/16 12:0 a.m.•2 views

PT-2026-28437

Name of the Vulnerable Software and Affected Versions versions prior to 2026-32286 Description The DataRow.Decode function does not correctly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, resulting in a slice bounds o...

10CVSS5.9AI score0.0333EPSS

Exploits29References191

Fedora•added 2026/03/14 12:17 a.m.•5 views

[SECURITY] Fedora 44 Update: SDL3_sound-3.0.0~20260117gitb00e4a3-1.fc44

SDLsound is a library that handles the decoding of several popular sound file formats, such as .WAV and .OGG. It is meant to make the programmer's sound playback tasks simpler. The programmer gives SDLsound a filename, or feeds it data directly from one of many sources, and then reads the decoded...

5.5CVSS5.8AI score0.00147EPSS

Exploits0

EUVD•added 2026/03/13 9:31 p.m.•3 views

EUVD-2026-11749

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the commentauthoremail cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wpmail...

6.3CVSS5.8AI score0.00221EPSS

Exploits0References4

ATTACKERKB•added 2026/03/13 1:18 a.m.•4 views

CVE-2026-22204

6.3CVSS5.8AI score0.00221EPSS

Exploits0References4

Positive Technologies•added 2026/03/13 12:0 a.m.•2 views

PT-2026-25144

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment author email cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wp mail...

6.3CVSS5.8AI score0.00221EPSS

Exploits0References3

NVD•added 2026/03/12 7:16 p.m.•4 views

CVE-2025-61154

Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service DoS via the function decompressR2004section at decode.c...

6.5CVSS0.00218EPSS

Exploits0References2

Snyk•added 2026/03/12 2:8 p.m.•4 views