Lucene search
K

72898 matches found

Vulnrichment
Vulnrichment
added 2026/03/18 6:50 p.m.5 views

CVE-2026-31965 HTSlib CRAM reader has out-of-bounds reads due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds read...

6.9CVSS5.7AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 6:22 p.m.20 views

CVE-2026-31963 HTSlib CRAM reader has heap buffer overflow due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

8.8CVSS0.00348EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 6:22 p.m.4 views

CVE-2026-31963 HTSlib CRAM reader has heap buffer overflow due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

8.8CVSS6.3AI score0.00348EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 6:8 p.m.5 views

CVE-2026-31962 HTSlib CRAM reader has heap buffer overflow due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit this data in certain cases to save space. Due to...

8.8CVSS6.2AI score0.00361EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/18 4:34 p.m.5 views

OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

The fix for GHSA-p5g2-jm85-8g35 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and...

8.1CVSS5.9AI score0.00301EPSS
Exploits0References3Affected Software1
SUSE Linux
SUSE Linux
added 2026/03/18 9:15 a.m.11 views

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...

6.5CVSS7.5AI score0.00494EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 9:15 a.m.4 views

SUSE-SU-2026:0922-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385...

6.5CVSS5.8AI score0.00494EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 8:55 a.m.5 views

BIT-PYTHON-MIN-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/18 12:30 a.m.3 views

EUVD-2026-12663

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy...

5.4CVSS5.8AI score0.00354EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.11 views

Openapi to Java Records Mustache Templates 输入验证错误漏洞

Openapi to Java Records Mustache Templates is a record-generation tool developed by Christopher Molin. Versions of Openapi to Java Records Mustache Templates prior to 5.5.1 had a vulnerability related to input validation errors. This vulnerability stemmed from the possibility of the parent POM fi...

2.3CVSS6AI score0.00321EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

HTSlib 输入验证错误漏洞

HTSlib is a C-language library developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the late validation of reference ID fields in the cramdecodeSlice function, which could lead t...

8.2CVSS5.8AI score0.00373EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/03/18 12:0 a.m.10 views

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

8.8CVSS6.2AI score0.00415EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

HTSlib 输入验证错误漏洞

HTSlib is a C-language library developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of feature data sequences, which could lead to information leakage...

9.1CVSS5.8AI score0.00518EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26184

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 1.4.2 Description This issue is an Improper Input Validation leading to Denial of Service in free5GC NRF. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to...

8.7CVSS5.9AI score0.00674EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

HTSlib 输入验证错误漏洞

HTSlib is a C-language library file developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of verification of the paired reference ID field in the cramdecodeSlice function...

9.1CVSS5.8AI score0.00445EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-3848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowe...

5CVSS5.9AI score0.00187EPSS
Exploits0References2
Redos
Redos
added 2026/03/18 12:0 a.m.6 views

ROS-20260318-73-0001

A vulnerability in the ModSecurity web application security module exists due to insufficient input validation during URL processing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass WAF rules...

8.6CVSS7.3AI score0.00682EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.13 views

PT-2026-26207

Name of the Vulnerable Software and Affected Versions: gRPC-Go versions prior to 1.79.3 Description: gRPC-Go is vulnerable to an authorization bypass due to improper input validation of the HTTP/2 :path pseudo-header. The server incorrectly routes requests with missing leading slashes in the :pat...

9.8CVSS5.9AI score0.01557EPSS
Exploits1
NVD
NVD
added 2026/03/17 11:16 p.m.6 views

CVE-2026-20643

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously...

5.4CVSS0.00354EPSS
Exploits2References7
OSV
OSV
added 2026/03/17 11:16 p.m.5 views

DEBIAN-CVE-2026-20643

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously...

5.4CVSS5.8AI score0.00354EPSS
Exploits2References1
Rows per page
Query Builder