Lucene search
K

193 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 9:4 p.m.9 views

CVE-2026-47205

A flaw was found in Envoy's extauthz HTTP filter. A use-after-free vulnerability exists when processing per-route authorization overrides concurrently with rapid downstream client disconnects. This can lead to a segmentation fault and denial of service. Mitigation Mitigation for this issue is...

5.9CVSS5.6AI score0.00387EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/10 11:48 p.m.4 views

CVE-2026-31808

A flaw was found in file-type, a library for detecting file types. A remote attacker can exploit this by providing a specially crafted ASF Advanced Systems Format file. When parsing the file, a zero-sized sub-header can trigger an infinite loop, leading to a Denial of Service DoS. This can stall...

5.3CVSS5.6AI score0.00325EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/10 9:36 p.m.3 views

CVE-2026-23868

A flaw was found in giflib. This double-free vulnerability, caused by a shallow copy in GifMakeSavedImage and incorrect error handling, may allow an attacker to corrupt memory. While difficult to trigger, successful exploitation could potentially lead to arbitrary code execution or a denial of...

7CVSS6.1AI score0.00144EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/10 6:28 a.m.4 views

CVE-2026-28691

A flaw was found in ImageMagick. This vulnerability, an uninitialized pointer dereference, exists in the JBIG decoder due to a missing check. A remote attacker could exploit this by providing a specially crafted image file, leading to a denial of service. This could make the ImageMagick applicati...

7.5CVSS5.7AI score0.00353EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/09 9:34 p.m.3 views

CVE-2026-27139

A path traversal flaw has been discovered in the golang os module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to...

2.5CVSS5.7AI score0.00201EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/09 6:31 p.m.3 views

CVE-2026-30851

A flaw was found in the Caddy server platform, specifically within its reverse proxy module. The 'forwardauth copyheaders' functionality fails to properly strip client-supplied headers. This oversight allows a remote attacker to inject malicious headers, leading to identity injection and...

8.8CVSS5.6AI score0.00249EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/06 11:55 p.m.4 views

CVE-2025-69651

A flaw was found in binutils. An attacker could exploit this vulnerability by providing a crafted Executable and Linkable Format ELF binary with malformed relocation or symbol data. Processing this malicious binary leads to an invalid pointer free, which triggers memory corruption checks and caus...

5.5CVSS5.6AI score0.0024EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/06 6:26 p.m.3 views

CVE-2026-26017

A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use TOCTOU fla...

7.7CVSS5.6AI score0.00376EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/05 8:25 p.m.5 views

CVE-2026-26999

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote unauthenticated client can exploit this vulnerability by sending an incomplete Transport Layer Security TLS record, which causes the TLS handshake to stall indefinitely. This can lead to resource exhaustion, such as fi...

7.5CVSS5.7AI score0.00539EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/04 11:49 p.m.6 views

CVE-2026-2297

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

5.7CVSS5.7AI score0.00202EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/03 11:23 p.m.8 views

CVE-2026-0540

A cross site scripting flaw has been discovered in the DOMPurify npm library. This flaw allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attackers can include payloads like in attribute...

6.1CVSS5.3AI score0.0034EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/27 11:37 p.m.5 views

CVE-2026-28422

A flaw was found in Vim, an open-source command-line text editor. A local user could exploit a stack-buffer-overflow vulnerability in the buildstlstrhl function by rendering a statusline with a multi-byte fill character on a very wide terminal. This could lead to an integrity impact, where data...

2.2CVSS5.6AI score0.00142EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/27 11:37 p.m.6 views

CVE-2026-28417

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

7.8CVSS5.9AI score0.01162EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/25 11:29 p.m.5 views

CVE-2026-27951

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

7.5CVSS5.6AI score0.00346EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/25 11:29 p.m.3 views

CVE-2026-27950

A flaw was found in FreeRDP. An incomplete fix for a heap-use-after-free vulnerability CVE-2026-24680 in the SDL2 implementation allows a remote attacker to trigger a denial of service. The pointer is not nulled after being freed, which can lead to memory corruption. This issue means that...

8.7CVSS5.7AI score0.00427EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/25 6:44 p.m.5 views

CVE-2026-27699

A flaw was found in basic-ftp, an FTP client library. A malicious FTP server can exploit a path traversal vulnerability CWE-22 within the downloadToDir method. This allows the server to send directory listings containing special sequences that trick the client into writing files to unintended...

9.8CVSS5.6AI score0.00528EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2026/02/24 9:44 p.m.5 views

CVE-2026-27588

A flaw was found in Caddy's HTTP host request matcher. When Caddy is configured with a large list of host entries, its host matching becomes unexpectedly case-sensitive instead of case-insensitive as documented. A remote attacker can exploit this by altering the casing of the Host header in HTTP...

9.1CVSS5.6AI score0.0037EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/24 5:25 p.m.5 views

CVE-2026-1229

A flaw was found in the github.com/cloudflare/circl/ecc/p384 package. The CombinedMult function, which is part of the elliptic curve cryptography ECC implementation for the secp384r1 curve, generates an incorrect value when provided with specific inputs. This can lead to incorrect cryptographic...

9.8CVSS5.6AI score0.00397EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/23 10:40 p.m.3 views

CVE-2025-61144

A denial of service flaw has been found in libtiff. This stack-based buffer overflow occurs in tiffcrop part of libtiff within the function readSeparateStripsIntoBuffer. When processing a malformed TIFF directory e.g., improper tags/order, missing StripByteCounts, the function overflows a...

9.8CVSS5.8AI score0.00253EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/02/23 10:32 p.m.3 views

CVE-2025-61143

A flaw was found in libtiff. This vulnerability, a NULL pointer dereference, occurs in the tifopen.c component. An attacker could exploit this by providing specially crafted input, leading to a Denial of Service DoS due to an application crash. Mitigation Mitigation for this issue is either not...

5.5CVSS5.6AI score0.00113EPSS
Exploits0References6
Rows per page
Query Builder