Lucene search
K

47674 matches found

Debian CVE
Debian CVE
added 2026/02/24 1:33 p.m.4 views

CVE-2026-2783

Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

7.5CVSS5.2AI score0.00285EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/02/24 1:33 p.m.4 views

CVE-2026-2766

Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00469EPSS
Exploits0References5
CVE
CVE
added 2026/02/24 1:33 p.m.17 views

CVE-2026-2764

CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. Affected products include Firefox/Firefox ESR (pre-148 and ESR

9.8CVSS5.8AI score0.00469EPSS
Exploits0References34Affected Software2
SUSE Linux
SUSE Linux
added 2026/02/24 11:17 a.m.5 views

Security update for gimp

This update for gimp fixes the following issues: CVE-2026-2272: integer overflow in ICO file handling can lead to a heap buffer overflow bsc1258000. CVE-2026-2271: integer overflow in the PSP file parser can lead to a heap buffer overflow bsc1257999. CVE-2026-2239: missing null terminator when...

8.5CVSS5.8AI score0.00838EPSS
Exploits3References12
ATTACKERKB
ATTACKERKB
added 2026/02/24 9:19 a.m.7 views

CVE-2026-27163

This CVE was assigned in error...

5.3AI score
Exploits0References1
CVE
CVE
added 2026/02/24 8:51 a.m.11 views

CVE-2024-1524

CVE-2024-1524 describes a risk when a federated IDP uses Silent Just-In-Time provisioning: if preconditions are met, a malicious actor could cause a targeted local user account to be linked to a federated IDP user they control, potentially replacing information in the local user store. The CVE is...

8.1CVSS5.3AI score0.00261EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/02/24 8:51 a.m.7 views

EUVD-2024-17272

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

7.7CVSS5.3AI score0.00261EPSS
Exploits0References1
ICS
ICS
added 2026/02/24 6:0 a.m.6 views

Gardyn Home Kit (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment. 2. RECOMMENDED...

7.7AI score
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:45 a.m.5 views

CVE-2026-27129

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

7.1CVSS5.3AI score0.00427EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:39 a.m.5 views

CVE-2026-27127

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS5.5AI score0.00446EPSS
Exploits2References4Affected Software1
Snyk
Snyk
added 2026/02/24 2:1 a.m.2 views

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the MSL interpreter. An attacker can cause the application to crash by submitting an image file containing a malicious MSL element. Remediation A fix was pushed into the master branch but not yet published...

6.9CVSS5.6AI score0.0045EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:52 a.m.6 views

Infinite loop

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

7.5CVSS6AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/24 12:34 a.m.2 views

EUVD-2026-7456

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage function becomes trapped in an infinite loop while searching for the Sync marker, causing...

7.5CVSS5.3AI score0.00449EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21758

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

8.7CVSS5.3AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 2026/02/23 11:16 p.m.3 views

DEBIAN-CVE-2026-3062

Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

9.8CVSS8.2AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2026/02/23 6:23 p.m.4 views

GO-2026-4519 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels in github.com/mattermost/mattermost-plugin-zoom

Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels in github.com/mattermost/mattermost-plugin-zoom...

4.3CVSS5.6AI score0.00152EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/23 1:31 p.m.5 views

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS5.2AI score0.00556EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/02/23 1:25 p.m.3 views

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.4 views

An Explainable Memory Forensics Approach for Malware Analysis

Memory forensics is an effective methodology for analyzing living-off-the-land malware, including threats that employ evasion, obfuscation, anti-analysis, and steganographic techniques. By capturing volatile system state, memory analysis enables the recovery of transient artifacts such as decrypt...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/22 7:24 a.m.5 views

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References1
Rows per page
Query Builder