Lucene search
+L

111432 matches found

nuclei
nuclei
added 10 hours ago7 views

vLLM <= 0.23.0 - Anthropic Router Heap Address Information Leak

vLLM = 0.23.0 incompletely fixes CVE-2026-22778. The original fix added sanitizemessage to the OpenAI router but the Anthropic-compatible router /v1/messages echoes strexc directly. id: CVE-2026-54236 info: name: vLLM = 0.23.0 - Anthropic Router Heap Address Information Leak author: kenlacroix...

9.8CVSS6.7AI score0.03816EPSS
Exploits1References2
nuclei
nuclei
added 10 hours ago13 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.7AI score0.03816EPSS
Exploits0References3
redhatcve
redhatcve
added 11 hours ago8 views

CVE-2026-59198

A flaw was found in Pillow, a Python imaging library. When saving a mode 1 image with TGA RLE compression, the TGA RLE encoder reads beyond its allocated memory buffer. This out-of-bounds read allows adjacent process heap memory to be copied into the generated TGA file, potentially leading to...

7.5CVSS6AI score0.00313EPSS
Exploits1References7
osv
osv
added 19 hours ago2 views

MGASA-2026-0256 Updated poppler packages fix a security vulnerability

The updated packages fix a security vulnerability: Integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication. CVE-2026-10118...

7.8CVSS7AI score0.00252EPSS
Exploits0References5
euvd
euvd
added 19 hours ago6 views

EUVD-2026-44851

A heap overflow in the evalcommand function shell/ash.c of Busybox v1.38.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS6.1AI score
Exploits0References3
euvd
euvd
added 19 hours ago3 views

EUVD-2026-44850

A heap overflow in the ifsbreakup function shell/ash.c of Busybox v1.38.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS6.1AI score
Exploits0References3
nvd
nvd
added yesterday6 views

CVE-2026-38754

A heap overflow in the ifsbreakup function shell/ash.c of Busybox v1.38.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS
Exploits0References2
nvd
nvd
added yesterday5 views

CVE-2026-38755

A heap overflow in the evalcommand function shell/ash.c of Busybox v1.38.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS
Exploits0References2
nvd
nvd
added yesterday4 views

CVE-2026-40953

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS
Exploits0References1
cve
cve
added yesterday8 views

CVE-2026-50144

ncnn (mobile-optimized neural network framework) contains an out-of-bounds heap write in ParamDict::load_param() when loading a malicious .param model, caused by a negative parameter id indexing before params[NCNN_MAX_PARAM_COUNT]. This is exploitable via Net::load_param() and is fixed by commit ...

7.1CVSS6.1AI score0.00018EPSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44784

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS6.1AI score
Exploits0References1
attackerkb
attackerkb
added yesterday2 views

CVE-2026-40953

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS6.1AI score
Exploits0References2
cve
cve
added yesterday11 views

CVE-2026-40953

CVE-2026-40953: heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Local access with administrator permissions can cause a denial of service on the client. Affected software is Secure Access clients (versions before 14.55); root cause is a heap overflow in ...

6.7CVSS6.1AI score
Exploits0References1Affected Software1
cvelist
cvelist
added yesterday31 views

CVE-2026-40953 Heap overflow in Secure Access clients

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44729

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS6.1AI score
Exploits0References4
ibm
ibm
added yesterday13 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap (CVE-2026-6051)

Summary IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. Vulnerability Details CVEID:CVE-2026-6051 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a...

7.5CVSS6.1AI score0.00177EPSS
Exploits0Affected Software1
nvd
nvd
added yesterday5 views

CVE-2026-60065

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS
Exploits0References1
nvd
nvd
added yesterday7 views

CVE-2026-56434

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS
Exploits0References1
nvd
nvd
added yesterday7 views

CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS
Exploits0References1
osv
osv
added yesterday3 views

JLSEC-2026-759

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field...

7.5CVSS6.1AI score0.01703EPSS
Exploits0References13
Rows per page
Query Builder