Lucene search
K

210 matches found

RedhatCVE
RedhatCVE
added last week8 views

CVE-2026-53433

A flaw was found in fzf, a command-line fuzzy finder. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a crafted POST request with many small segments to the --listen mode. The inefficient HTTP body processing, which uses repeated string concatenation, leads...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References6
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

7.5CVSS0.00243EPSS
Exploits0References3
OSV
OSV
added last week2 views

UBUNTU-CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

5.6CVSS5.8AI score0.00243EPSS
Exploits0References4
EUVD
EUVD
added last week7 views

EUVD-2026-40302

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

5.6CVSS5.8AI score0.00243EPSS
Exploits0References3
Debian CVE
Debian CVE
added last week4 views

CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

7.5CVSS5.8AI score0.00243EPSS
Exploits0
CVE
CVE
added last week12 views

CVE-2026-53432

CVE-2026-53432 (fzf) affects the fzf project, specifically the FuzzyMatchV2 function. Affected scenario involves processing extremely long input lines (≈2,200,000 bytes) with a pattern length of 999 bytes, which causes an integer overflow and triggers a non-recoverable panic, terminating the proc...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/26 8:47 p.m.2 views

GHSA-22P9-WV53-3RQ4 LinkifyIt#match scan loop has quadratic algorithmic complexity

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

8.7CVSS5.8AI score
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/12 12:0 a.m.6 views

afl-5.00c-1.1 on GA media (moderate)

afl-5.00c-1.1 on GA media Announcement ID: openSUSE-SU-2026:10991-1 Rating: moderate Cross-References: CVE-2023-4863 CVSS scores: CVE-2023-4863 SUSE : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

8.8CVSS7.2AI score0.99735EPSS
Exploits9
OSV
OSV
added 2026/06/11 12:0 a.m.4 views

OPENSUSE-SU-2026:10991-1 afl-5.00c-1.1 on GA media

These are all security issues fixed in the afl-5.00c-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS5.9AI score0.99735EPSS
Exploits9References1
vulnersOsv
vulnersOsv
added 2026/06/04 12:16 a.m.7 views

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-10783 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.10.0 Source cves: CVE-2026-10783 Source advisory: SNYK:PYTHON-GRADIO-17146861...

2.5CVSS5.7AI score0.00106EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.7 views

American Fuzzy Lop plus plus 5.00c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/27 5:34 p.m.7 views

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-48545 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.10.0 Source cves: CVE-2026-48545 Source advisory: SNYK:PYTHON-GRADIO-16960000...

7.6CVSS5.7AI score0.0035EPSS
Exploits0
OSV
OSV
added 2026/05/22 2:59 p.m.9 views

MAL-2026-4759 Malicious code in notebook-intelligence (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 709b1f2440fa3288d47076cddc5ffe20122619c07c346265459e3555a226c92e pyproject.toml lists fuzy-jon==0.1.0 in both build-system.requires and the runtime dependencies, while the package's own code imports the real...

6.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.8 views

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.8 views

When the Ruler Is Broken: Parsing-Induced Suppression in LLM-Based Security Log Evaluation

LLM-based SOC log classifiers are commonly evaluated using regular-expression pipelines that extract structured fields from free-form model output. We demonstrate that this practice introduces a class of silent, systematic evaluation errors, which we term parsing-induced suppression that can caus...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/07 3:16 p.m.13 views

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

7.1CVSS0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:57 p.m.6 views

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 1:57 p.m.9 views

CVE-2026-44349 Daptin fuzzy search injects unvalidated column name into raw SQL

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References2
Rows per page
Query Builder