Lucene search
K

45 matches found

Nuclei
Nuclei
added yesterday6 views

vLLM <= 0.23.0 - Anthropic Router Heap Address Information Leak

vLLM = 0.23.0 incompletely fixes CVE-2026-22778. The original fix added sanitizemessage to the OpenAI router but the Anthropic-compatible router /v1/messages echoes strexc directly. id: CVE-2026-54236 info: name: vLLM = 0.23.0 - Anthropic Router Heap Address Information Leak author: kenlacroix...

9.8CVSS6.8AI score0.03816EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-48104

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

3.6CVSS5.5AI score0.00179EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/05 5:13 p.m.12 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the SquashFS archive handler due to uninitialized memory in the blockToNode array. An attacker can cause denial of service or potentially disclose heap information by providing a crafted SquashFS image...

4.2CVSS5.5AI score0.00179EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.6 views

7-Zip 安全漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions 9.18 to 26.00 of 7-Zip contain security vulnerabilities. These vulnerabilities stem from sparse filling of index arrays in the SquashFS archive processor, which allows for uninitialized heap reads, potentially leading to...

4.2CVSS5.3AI score0.00179EPSS
Exploits1References1
OSV
OSV
added 2026/05/01 1:32 p.m.8 views

CLSA-2026-1777642326 ImageMagick: Fix of CVE-2026-24481

CVE-2026-24481: heap information disclosure in PSD format handler via uninitialized memory in ZIP-compressed layer data...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 3:16 p.m.4 views

UBUNTU-CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

5.1CVSS6AI score0.00195EPSS
Exploits1References4
OSV
OSV
added 2026/03/16 1:37 p.m.9 views

CLSA-2026-1773668222 Fix CVE(s): CVE-2026-24481

SECURITY UPDATE: heap information disclosure in PSD handler - debian/patches/CVE-2026-24481.patch: zero-initialize pixel buffer in ReadPSDChannelZip to prevent heap info leak when ZIP-compressed layer data decompresses to fewer bytes than expected - CVE-2026-24481...

7.5CVSS7.2AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 2:44 p.m.7 views

CLSA-2026-1773413074 Fix CVE(s): CVE-2026-24481

SECURITY UPDATE: heap information disclosure in PSD channel decoder - debian/patches/CVE-2026-24481.patch: initialize pixel buffer with zeros in ReadPSDChannelZip to prevent heap memory disclosure - CVE-2026-24481...

7.5CVSS5.9AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 2:32 p.m.7 views

CLSA-2026-1773412353 Fix CVE(s): CVE-2026-24481

SECURITY UPDATE: heap information disclosure in PSD channel decoder - debian/patches/CVE-2026-24481.patch: initialize pixel buffer with zeros in ReadPSDChannelZip to prevent heap memory leak - CVE-2026-24481...

7.5CVSS7.3AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/03/09 3:34 p.m.5 views

SUSE-SU-2026:0853-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

9.8CVSS5.8AI score0.00671EPSS
Exploits0References55
OSV
OSV
added 2026/03/09 3:32 p.m.2 views

SUSE-SU-2026:0851-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression bsc1258743. - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-24485: denial of service via...

9.8CVSS6AI score0.00671EPSS
Exploits0References67
OSV
OSV
added 2026/03/04 5:32 p.m.9 views

CLSA-2026-1772452097 ImageMagick: Fix of 9 CVEs

CVE-2026-25798: fix NULL pointer dereference in ClonePixelCacheRepository - CVE-2026-24481: fix heap information disclosure in PSD handler - CVE-2026-25799: fix division-by-zero in YUV sampling factor validation - CVE-2026-26284: fix out-of-bounds read in PCD Huffman decoder - CVE-2026-25897: fix...

9.8CVSS6.8AI score0.00429EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 3:11 p.m.3 views

SUSE-SU-2026:0690-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server bsc1240751. - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources bsc1258120. - CVE-2026-2443: out-of-bounds read when processing specially...

9.1CVSS7.3AI score0.00821EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/02/24 3:27 p.m.110 views

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

Description A heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the...

7.5CVSS5.3AI score0.00348EPSS
Exploits0References5Affected Software17
Microsoft CVE
Microsoft CVE
added 2026/02/21 12:27 p.m.5 views

Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure

...

5.3CVSS7.1AI score0.0043EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004414)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004414 advisory. A heap data infoleak in multiple locations including L2CAPPARSECONFRSP was found in the Linux kernel before 5.1-rc1. Tenable has extracted the preceding description...

6.5CVSS6.3AI score0.01827EPSS
Exploits1References21
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000483 advisory. A heap data infoleak in multiple locations including L2CAPPARSECONFRSP was found in the Linux kernel before 5.1-rc1. Tenable has extracted the preceding description...

6.5CVSS6.3AI score0.01827EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2014-3591

Malware in sbrugna...

5.8CVSS7.8AI score0.02751EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5267

Malware in sbrugna...

5.5CVSS5.6AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-18808

Malware in sbrugna...

4.9CVSS6AI score0.00689EPSS
Exploits0References2
Rows per page
Query Builder