Lucene search
+L

5043 matches found

Mageia
Mageia
added yesterday7 views

Updated perl-HTML-Parser packages fix security vulnerability

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. CVE-2026-8829...

7.5CVSS5.3AI score0.0031EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-47180 Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.init, causing...

6.5CVSS0.0023EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-41921

vLLM has Remote DoS via Invalid Recovered Token Reinjection...

7.5CVSS5.2AI score0.00343EPSS
Exploits1References4
OSV
OSV
added 3 days ago5 views

DEBIAN-CVE-2026-57075

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

9.1CVSS5.4AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-57075 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

0.00394EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates totalcomponentwidth across every tile in a JPEG2000 ima...

8.7CVSS7.3AI score0.00398EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuatio...

7.5CVSS5.3AI score0.00354EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 3 days ago10 views

Fedora 43 : roundcubemail (2026-c3351f4ae4)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c3351f4ae4 advisory. Release 1.6.17 - Enigma: Support automatic public key lookup import using HKP v1 protocol 5314 - Enigma: Kolab WOAT Support 8626 - Security: Fix an...

10CVSS6.1AI score0.00311EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-60593

Name of the Vulnerable Software and Affected Versions YAML::Syck versions prior to 1.47 Description An out-of-bounds read exists in the base64 decoder of the bundled libsyck. The issue occurs in the syck base64dec function, where the 256-entry static table b64 xtable is indexed using a signed cha...

9.1CVSS5.2AI score0.00394EPSS
Exploits0References16
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-49867 DataEase: Authenticated Stored XSS in DataEase Template Static Resources

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...

6.3CVSS0.00269EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 4 days ago7 views

pyasn1: pyasn1: Denial of Service via crafted BER input

A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...

7.5CVSS6.1AI score0.00354EPSS
Exploits0References7
OSV
OSV
added 4 days ago6 views

SUSE-SU-2026:3057-1 Security update for terraform-provider-susepubliccloud

This update for terraform-provider-susepubliccloud fixes the following issues - CVE-2022-41723: go1.19,go1.20: net/http2: quadratic complexity in HPACK decoding bsc1208300. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header...

9.6CVSS7AI score0.04561EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time...

7.5CVSS6.2AI score0.00339EPSS
Exploits0References3
OSV
OSV
added 5 days ago4 views

CVE-2026-46644 symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS6.1AI score0.00394EPSS
Exploits0References5
OSV
OSV
added 5 days ago4 views

DEBIAN-CVE-2026-59886

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-59083 Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

0.00376EPSS
Exploits0References1
CVE
CVE
added 5 days ago121 views

CVE-2026-59083

Apache Tomcat is affected by CVE-2026-59083 due to incorrect URL decoding in RewriteValve, enabling a possible security constraint bypass for certain configurations. Affected branches include 11.0.0-M1–11.0.23, 10.1.0-M1–10.1.56, 9.0.0.M1–9.0.119, and 8.5.0–8.5.100. Remediation is to upgrade to f...

9.1CVSS6.1AI score0.00376EPSS
Exploits0References2Affected Software1
OSV
OSV
added 5 days ago7 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-58072

Name of the Vulnerable Software and Affected Versions Pillow versions 8.2.0 through 12.2.0 Description In the src/libImaging/Jpeg2KDecode.c file, the library accumulates total component width across every tile in a JPEG2000 image instead of recomputing it per tile. This behavior allows a speciall...

8.7CVSS6.1AI score0.00398EPSS
Exploits1References27
RedHat Linux
RedHat Linux
added 6 days ago8 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
Rows per page
Query Builder