Lucene search
K

3279 matches found

OSV
OSV
added 2026/02/25 11:57 p.m.8 views

CVE-2026-27809 psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data e.g. a literal run that extends past the expected row size, decoderle raises ValueError which propagated all the way to the user, crashin...

8.8CVSS5.6AI score0.0041EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2026/02/25 8:43 p.m.8 views

USN-8065-1: Authlib vulnerabilities

Millie Solem discovered that Authlib did not properly restrict algorithm selection during JWT verification, allowing HMAC verification with asymmetric public keys when no algorithm was specified. A remote attacker could possibly use this issue to bypass signature verification and forge tokens,...

8.8CVSS5.7AI score0.00582EPSS
Exploits5
SUSE Linux
SUSE Linux
added 2026/02/25 11:12 a.m.5 views

Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866...

6.9CVSS5.4AI score0.02667EPSS
Exploits0References12
OSV
OSV
added 2026/02/25 11:12 a.m.5 views

SUSE-SU-2026:0635-1 Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

8.9CVSS5.4AI score0.02667EPSS
Exploits0References7
OSV
OSV
added 2026/02/24 3:27 p.m.3 views

GHSA-96PC-27RX-PR36 ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

Description A heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the...

7.5CVSS5.5AI score0.00348EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/24 12:29 a.m.2 views

CVE-2026-24481 ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file containin...

7.5CVSS5.4AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 12:29 a.m.27 views

CVE-2026-24481

CVE-2026-24481 affects ImageMagick’s PSD (Adobe Photoshop) format handler. Affected: prior to 7.1.2-15 and 6.9.13-40, where processing a PSD with ZIP-compressed layer data that decompresses to less than the expected size leaks uninitialized heap memory into the output image. Patch exists in 7.1.2...

7.5CVSS5.4AI score0.00348EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/24 12:29 a.m.19 views

CVE-2026-24481 ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file containin...

7.5CVSS0.00348EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.13 views

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. There were security vulnerabilities in versions of NATS-Server prior to 2.11.2 and 2.12.3. These vulnerabilities stemmed from WebSockets’...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/24 12:0 a.m.133 views

📄 QEMU VMDK Out-Of-Bounds Read

A flaw was found in QEMU's VMDK block driver implementation. When processing compressed grain markers within a monolithicSparse VMDK image, insufficient bounds validation may allow the decompression routine to read beyond the allocated buffer. A specially crafted VMDK image could trigger an...

5.1CVSS5.5AI score0.00114EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/02/23 1:59 a.m.5 views

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

9.8CVSS6.6AI score0.00443EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/23 1:46 a.m.4 views

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

9.8CVSS6.6AI score0.00443EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/23 1:45 a.m.4 views

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

9.8CVSS6.6AI score0.00443EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/23 1:35 a.m.4 views

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

9.8CVSS6.6AI score0.00443EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/18 2:36 p.m.4 views

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

9.8CVSS6.6AI score0.00443EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/18 9:55 a.m.4 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.4 views

openSUSE 16 Security Update : nodejs22 (openSUSE-SU-2026:20236-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20236-1 advisory. Update to 22.22.0: - CVE-2025-55130: file system permissions bypass via crafted symlinks bsc1256569. - CVE-2025-55131: timeout-based race...

9.1CVSS6.9AI score0.03782EPSS
Exploits2References21
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.10 views

RHEL 7 : python-s3transfer (RHSA-2026:2911)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:2911 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

8.9CVSS5.7AI score0.02667EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/17 3:59 p.m.4 views

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

9.8CVSS6.6AI score0.00443EPSS
Exploits1References9
OSV
OSV
added 2026/02/17 9:38 a.m.3 views

SUSE-SU-2026:20485-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866...

8.9CVSS6.7AI score0.00622EPSS
Exploits0References5
Rows per page
Query Builder