Lucene search
K

73989 matches found

CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

OpenEXR 缓冲区错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.4.0 to 3.4.8 contained a buffer error vulnerability. This vulnerability stemmed from specially crafted B44 or B44A EXR files, which could cause...

8.4CVSS6AI score0.00244EPSS
Exploits1References3
Amazon
Amazon
added 2026/04/01 12:0 a.m.11 views

Important: giflib

Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Note: This advisory i...

5.1CVSS5.9AI score0.00144EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Important: giflib

Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Issue Correction: Run...

5.1CVSS5.8AI score0.00144EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/31 11:43 p.m.12 views

openssl-encrypt silently skips schema validation when jsonschema library is not installed

Summary In opensslencrypt/modules/jsonvalidator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning. Affected Code python if not JSONSCHEMAAVAILABLE: printf"Warning: Cannot validate against schema 'schemaname' -...

5.9AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/31 10:11 p.m.6 views

EUVD-2026-17714

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in IccUtil.cpp triggered by a crafted input profile. Under UndefinedBehaviorSanitizer, the issue is reported as invalid left shift...

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 10:11 p.m.10 views

CVE-2026-34549

iccDEV contains an Undefined Behavior in IccUtil.cpp caused by invalid left shift on icUInt32Number when processing a crafted ICC profile. Affects versions prior to 2.3.1.6; the issue is fixed in 2.3.1.6. Public references indicate the UB is reported under UndefinedBehaviorSanitizer. There is no ...

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/31 7:50 p.m.4 views

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer

A flaw was found in GStreamer. This vulnerability allows a remote attacker to execute arbitrary code by exploiting an out-of-bounds write in the RealMedia Demuxer component. The issue occurs due to improper validation of user-supplied data during the processing of video packets, leading to a writ...

7.8CVSS7.7AI score0.00431EPSS
Exploits0References6
CVE
CVE
added 2026/03/31 3:36 p.m.15 views

CVE-2026-34235

CVE-2026-34235 affects the PJSIP library (C) prior to version 2.17, where the VP9 RTP unpacketizer has a heap out-of-bounds read when parsing crafted VP9 SS data. The vulnerability stems from insufficient bounds checking on the payload descriptor length, causing reads beyond the RTP payload buffe...

9.1CVSS5.8AI score0.00405EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/31 12:31 p.m.6 views

EUVD-2026-17385

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

8.7CVSS5.9AI score0.00418EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 12:16 p.m.1 views

CVE-2026-32982

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

8.7CVSS0.00418EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 11:17 a.m.7 views

CVE-2026-32982

OpenClaw prior to 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens. When media downloads fail, original Telegram file URLs (containing bot tokens) can be embedded in MediaFetchError strings and leaked to logs and error su...

8.7CVSS5.9AI score0.00418EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 11:17 a.m.2 views

CVE-2026-32982 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

8.7CVSS5.9AI score0.00418EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:17 a.m.1 views

CVE-2026-32982

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

8.7CVSS5.9AI score0.00418EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 11:17 a.m.24 views

CVE-2026-32982 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

8.7CVSS0.00418EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 8:46 a.m.4 views

CLSA-2026-1774874764 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 3:15 a.m.10 views

UBUNTU-CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 1:36 a.m.23 views

CVE-2026-33997 Moby: Off-by-one error in plugin privilege validation

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

6.8CVSS0.00387EPSS
Exploits0References2
CNVD
CNVD
added 2026/03/31 12:0 a.m.2 views

HCL Aftermarket DPC Input Validation Error Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an input validation error vulnerability that can be exploited by an attacker to inject executable code and perform cross-site scripting, SQL injection, command injectio...

9.8CVSS5.9AI score0.00997EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/31 12:0 a.m.2 views

The Manipulate-And-Observe Attack on Quantum Key Distribution

Quantum key distribution is often regarded as an unconditionally secure method to exchange a secret key by harnessing fundamental aspects of quantum mechanics. Despite the robustness of key exchange, classical post-processing reveals vulnerabilities that an eavesdropper could target. In particula...

5.8AI score
Exploits0
CNVD
CNVD
added 2026/03/31 12:0 a.m.2 views

HCL Aftermarket DPC Access Control Error Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from an Access Control Error vulnerability that can be exploited by an attacker to elevate their privileges and compromise the application...

9.8CVSS5.9AI score0.00319EPSS
Exploits0
Rows per page
Query Builder