Lucene search
K

6137 matches found

NVD
NVD
added 2 days ago6 views

CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS0.00663EPSS
Exploits0References4
CVE
CVE
added 2 days ago22 views

CVE-2025-15646

HTML::Gumbo for Perl before 0.19 is vulnerable to heap memory disclosure via type confusion when parsing documents containing a element. The issue arises because libgumbo’s walk_tree was not updated to support , causing the element to be treated as a text node and enabling strlen() over-read of ...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-57436

A flaw was found in Nokogiri, an open-source library used for processing XML and HTML documents. This vulnerability occurs due to insufficient validation when setting the document's root element, allowing a malicious document to trigger a memory error. This can lead to a heap use-after-free,...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References4
EUVD
EUVD
added last week12 views

EUVD-2026-37807

CakePHP: View::element is missing a path containment check...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added last week8 views

CVE-2026-22879

A flaw was found in vtk-dicom. A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::NewDataElement function. A remote attacker could exploit this vulnerability without requiring user interaction or elevated privileges. Successful exploitation could lead to arbitrary code...

8.1CVSS6.3AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39582

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:46 p.m.25 views

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 9:46 p.m.13 views

CVE-2026-22879

The CVE concerns the vtk-dicom component, specifically the vtkDICOMItem::NewDataElement function. It is described as a heap-based buffer overflow vulnerability in vtk-dicom. The CVSSv3.1 vector indicates a high-severity issue (C:H, I:H, A:H) with network attack vector, high attack complexity, no ...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 7:58 p.m.17 views

CVE-2026-10512

The CVE-2026-10512 issue affects the X25519 x86_64 assembly implementation, where the final modular reduction fails to clear the most significant bit, leaving the 255-bit field element non-canonical. Consequently, the computed result from scalar multiplication may be incorrect, potentially yieldi...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 7:58 p.m.20 views

CVE-2026-10512 X25519 x86_64 assembly final reduction leaves non-canonical field element

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

2.3CVSS0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 7:0 p.m.4 views

CVE-2026-44990

A flaw was found in the sanitize-html library. Under its default configuration, an attacker can embed malicious content within a disallowed xmp element. This vulnerability allows the attacker to bypass the HTML sanitization process, leading to stored Cross-Site Scripting XSS. Successful...

9.3CVSS6.3AI score0.0037EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52621

Name of the Vulnerable Software and Affected Versions vtk vtk-dicom affected versions not specified Description A heap-based buffer overflow occurs in the vtkDICOMItem::NewDataElement function. A heap-based buffer overflow is a memory corruption issue that happens when a program writes more data ...

8.1CVSS6AI score0.0032EPSS
Exploits0References3
Redos
Redos
added 2026/06/25 12:0 a.m.5 views

ROS-20260625-73-0023

The vulnerability in Docker CE is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.5CVSS5.9AI score0.00153EPSS
Exploits0
Talos
Talos
added 2026/06/25 12:0 a.m.6 views

vtk vtk-dicom vtkDICOMItem::FindDataElementOrInsert heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the vtkDICOMItem::FindDataElementOrInsert functionality of vtk-dicom versions: 9.5.2. A specially crafted DICOM file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS6.4AI score0.0032EPSS
Exploits0
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-47733

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:51 p.m.16 views

CVE-2026-47733 Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:51 p.m.8 views

CVE-2026-47733

Rocket.Chat CVE-2026-47733 affects the ImageElement in packages/gazzodown prior to 8.5.0, where user-controlled src values are inserted into and without protocol sanitization. An authenticated user can post markdown images with a javascript: URL that, on older browsers, could execute arbitrary ...

4.4CVSS6.1AI score0.00118EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fix for out-of-bounds read in rtwgetie parser. The Information Element IE parser rtwgetie trusted the length byte of each Information Element without verifying that the IE body len bytes after the 2-byte heade...

5.8AI score0.00176EPSS
Exploits0References3
Rows per page
Query Builder