Lucene search
K

371 matches found

Cvelist
Cvelist
added yesterday20 views

CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:38 a.m.7 views

CVE-2026-53173

Summary (concrete details from provided docs): The Linux kernel component accel/ethosu contains an OOB write in ethosu_gem_cmdstream_copy_and_validate(). A local user can trigger by supplying a crafted command stream, causing memory corruption and potential instability. The issue arises in a pars...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 4:14 p.m.12 views

CVE-2026-56117

CVE-2026-56117: dhcpcd up to version 10.3.2 contains a local heap use-after-free in the control socket handling (src/control.c). The root cause is that control_recvdata() can free the client object while a subsequent READ+HANGUP event reaches control_hangup() with a stale pointer, enabling memory...

5.7CVSS5.9AI score0.00093EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2409-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2409-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in openimageio

A read vulnerability exists in the handling of IPTC data when parsing TIFF images in OpenImageIO v2.3.19.0. A specially crafted TIFF file can cause a read of adjacent heap memory, potentially exposing sensitive process information. An attacker can provide a malicious file to exploit this...

9.1CVSS8AI score0.01458EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/16 12:46 p.m.11 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.8AI score0.02719EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 4:21 p.m.6 views

EUVD-2026-36735

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.3AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2025-210135

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76...

7.8CVSS5.6AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.8 views

EUVD-2025-210122

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

7.8CVSS5.6AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2025-210127

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast...

7.8CVSS5.6AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-49048

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.76 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed PDF file. This issue may lead to local execution of code or a denial-of-service of the engine...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 3:48 p.m.23 views

CVE-2026-48103

7-Zip versions 9.34–26.00 contain an off-by-one heap out-of-bounds read in the WIM archive handler (WIM security descriptor lookup). In WimHandler.GetSecurity, the per-image SecurOffsets table holds numEntries+1 offsets, and securityId == numEntries is allowed, causing reads at SecurOffsets[secur...

7.1CVSS5.5AI score0.00225EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44983

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The RDPEAR NDR parser in FreeRDP accepts a single non-null NDR pointer ref-id for multiple logical pointer fields without tracking the expected NDR type or ownership of the pointed object. If the sa...

8.8CVSS5.8AI score0.00384EPSS
Exploits1References36
SUSE CVE
SUSE CVE
added 2026/05/27 2:48 a.m.11 views

SUSE CVE-2026-41401

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...

8.1CVSS5.9AI score0.00519EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1714)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1714 advisory. When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of ra...

9.2CVSS7AI score0.61469EPSS
Exploits41References14
Microsoft CVE
Microsoft CVE
added 2026/05/23 8:1 a.m.17 views

Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

...

9.8CVSS5.8AI score0.01844EPSS
Exploits0
Snyk
Snyk
added 2026/05/22 1:10 p.m.10 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.3CVSS5.9AI score0.00092EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 1:9 p.m.9 views

CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 1:9 p.m.42 views

CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS0.01844EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в nasm

In Netwide Assembler NASM 2.15rc10, there is a memory corruption issue related to heap use-after-free in the saawbytes function in nasmlib/saa.c...

5.5CVSS6AI score0.00778EPSS
Exploits1References1
Rows per page
Query Builder