Lucene search
K

800 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in qtdeclarative-opensource-src

Unlimited or throttled resource allocation, improper validation of the specified quantity in input parameters, and vulnerabilities in The Qt Company’s Qt framework on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64-bit, and 32-bit platforms can lead to excessive resource allocation. This issue...

8.7CVSS5.8AI score0.00273EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose-height boundary issue Syzkaller identified a bug: BUG: Unable to handle page faults for address: ffffc9000a3b1000 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-present page PGD...

5.5CVSS6.2AI score0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 1:25 a.m.20 views

CVE-2026-6400

The CVE-2026-6400 entry concerns the WordPress plugin “Child Height Predictor by Ostheimer” (versions

4.3CVSS5.7AI score0.00163EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.40 views

CVE-2026-6400 Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS0.00163EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31038

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.18 views

CVE-2026-6400

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-42064

Name of the Vulnerable Software and Affected Versions Child Height Predictor by Ostheimer versions prior to 1.4 Description The plugin is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a user into performing actions they did not intend to. This occurs because the...

4.3CVSS5.7AI score0.00163EPSS
Exploits0References8
OSV
OSV
added 2026/05/19 8:16 p.m.9 views

DEBIAN-CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/05/19 12:4 p.m.10 views

WordPress Child Height Predictor by Ostheimer plugin <= 1.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Child Height Predictor by Ostheimer versions = 1.3...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/14 8:17 p.m.13 views

CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.8CVSS0.00104EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 8:17 p.m.12 views

CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 8:1 p.m.42 views

CVE-2026-44636 libsixel: integer overflow in encoder

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.4CVSS0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 8:1 p.m.9 views

EUVD-2026-30409

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.4CVSS6.3AI score0.00104EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/14 8:1 p.m.7 views

CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.8CVSS6.3AI score0.00104EPSS
Exploits0
CVE
CVE
added 2026/05/14 8:1 p.m.30 views

CVE-2026-44636

CVE-2026-44636 affects libsixel (SIXEL encoder/decoder). A signed integer overflow in sixel_encode_highcolor’s allocation size calculation (widthheight) can cause a heap buffer overflow when encoding very large pixel buffers; callers may trigger allocation wrapping if width height &gt; INT_MAX. T...

7.8CVSS6.3AI score0.00104EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/14 4:36 p.m.4 views

GHSA-CCFX-MFMX-2FX9 Mistune Image Directive CSS Injection Vulnerability

Summary The Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". This pattern is applied via re.match which anchors only at the start of the string, not the end. Any value that begins with one or more digits passes validation,...

4.7CVSS6AI score0.00228EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/14 4:36 p.m.12 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderblockimage function. An attacker can inject arbitrary CSS into the style attribute of an image element by supplying a crafted value to the :width: or :height: option, which is insufficiently validat...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/14 4:36 p.m.12 views

Mistune Image Directive CSS Injection Vulnerability

Summary The Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". This pattern is applied via re.match which anchors only at the start of the string, not the end. Any value that begins with one or more digits passes validation,...

6.1CVSS6AI score0.00228EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41147

Name of the Vulnerable Software and Affected Versions mistune affected versions not specified Description The Image directive plugin fails to properly validate the :width: and :height: options. The validation uses a regular expression that only checks if the value starts with a digit, rather than...

4.7CVSS5.9AI score0.00228EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017435)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017435 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a malicious server might trigger out of...

8.8CVSS5.7AI score0.01553EPSS
Exploits0References4
Rows per page
Query Builder