CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•27 views

CVE-2026-56210 Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id

7.1CVSS

RedhatCVE•added 5 days ago•6 views

CVE-2026-12087

A flaw was found in the perl-Socket component. The packipmreqsource function, which handles network socket operations, contains an out-of-bounds heap read vulnerability. An attacker providing a specially crafted input can cause the system to read beyond the intended memory buffer, potentially...

9.1CVSS4.9AI score0.00394EPSS

EUVD•added 5 days ago•5 views

EUVD-2026-37009

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, packipmreqsource checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte...

5.2AI score0.00394EPSS

Tenable Nessus•added 5 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-12087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, packipmreqsource checks the length of its source argument before the argume...

9.1CVSS5.5AI score0.00394EPSS

OSV•added 6 days ago•5 views

DEBIAN-CVE-2026-12087

9.1CVSS5.3AI score0.00394EPSS

Cvelist•added 6 days ago•28 views

CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read

0.00394EPSS

Exploits0References2

CVE•added 6 days ago•33 views

CVE-2026-12087

Summary: CVE-2026-12087 affects Perl’s Socket module prior to 2.041. The vulnerability is an out-of-bounds heap read in pack_ip_mreq_source(), where a length check is performed before reading, but a short source (<4 bytes) is copied into a fixed 4-byte field, causing the copy to read up to 3 b...

9.1CVSS5.3AI score0.00394EPSS

Exploits0References3

Debian CVE•added 6 days ago•14 views

CVE-2026-12087

9.1CVSS5.3AI score0.00394EPSS

Exploits0

Tenable Nessus•added 6 days ago•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an...

5CVSS5.3AI score0.00261EPSS

Positive Technologies•added 6 days ago•7 views

PT-2026-49527

Name of the Vulnerable Software and Affected Versions Socket versions prior to 2.041 Description An out-of-bounds heap read exists in the pack ip mreq source function. The issue occurs because the function validates the length of the source argument using the byte length of the preceding multiadd...

9.1CVSS5.1AI score0.00394EPSS

OSV•added 6 days ago•2 views

UBUNTU-CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap m...

7.5CVSS5.2AI score0.00472EPSS

EUVD•added last week•8 views

EUVD-2026-36663

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS5.6AI score0.00407EPSS

CVE•added last week•17 views

CVE-2026-54412

CVE-2026-54412 affects LiamBindle MQTT-C up to v1.1.6. The vulnerability is a heap-based out-of-bounds read and integer underflow in mqtt_unpack_publish_response() (src/mqtt.c). A broker-controlled or injected PUBLISH packet can allow a remote unauthenticated attacker to crash a subscribed MQTT-C...

8.8CVSS5.6AI score0.00407EPSS

Positive Technologies•added 2026/06/14 12:0 a.m.•10 views

PT-2026-49135

Name of the Vulnerable Software and Affected Versions LiamBindle MQTT-C versions prior to 1.1.7 Description A heap-based out-of-bounds read and integer underflow exist in the mqtt unpack publish response function within src/mqtt.c. A remote unauthenticated attacker who controls an MQTT broker or...

8.8CVSS5.5AI score0.00407EPSS

Exploits0References8

SUSE CVE•added 2026/06/13 2:21 a.m.•4 views

SUSE CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

3.7CVSS5.6AI score0.00513EPSS

Exploits0References15

Vulnrichment•added 2026/06/12 10:13 p.m.•5 views

CVE-2025-7017 Avira antivirus engine heap buffer OOB read when scanning a malformed Windows MSI file

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

7.8CVSS5.7AI score0.00131EPSS

CVE•added 2026/06/12 5:6 p.m.•9 views

CVE-2026-47223

NanaZip (derivative of 7‑Zip) is affected from 3.0.1000.0 up to before 6.0.1698.0. The vulnerability is a heap out‑of‑bounds read in the AVB vbmeta image parser (AvbHandler) caused by a 32‑bit unsigned overflow in the bounds check (pos + ht.salt_len > descSize) that lets an attacker‑controlled...

5.4CVSS5.4AI score0.0018EPSS

Cvelist•added 2026/06/12 4:56 p.m.•27 views

CVE-2026-47222 NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a...

5.4CVSS0.00292EPSS