Lucene search
K

54403 matches found

Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.4 views

PT-2026-23916

A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif decoder.c. Such manipulation of the argument canvas height leads to integer overflow. Local access is required to approach this attack. The exploit is...

5.3CVSS5.8AI score0.00112EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.10 views

Crypt::Sodium::XS 安全漏洞

Crypt::Sodium::XS is a Perl encryption library for modern cryptography functions developed by IAMB’s individual developers. Versions of Crypt::Sodium::XS prior to 0.001000 contained security vulnerabilities, which were caused by integer overflows, potentially leading to buffer overflows or crashe...

7.5CVSS6AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.5 views

PT-2026-23906

Name of the Vulnerable Software and Affected Versions Crypt::Sodium::XS versions through 0.001000 Description The Crypt::Sodium::XS Perl module is susceptible to integer overflows in combined aead encryption, combined signature creation, and bin2hex functions. These functions do not verify that t...

7.5CVSS6.2AI score0.00287EPSS
Exploits0References12
OSV
OSV
added 2026/03/07 12:59 p.m.4 views

OPENSUSE-SU-2026:20332-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 145.0.7632.159 boo1259213 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in PowerVR CVE-2026-3538: Integer overflow in Skia CVE-2026-3539: Object lifecycle issue in DevTools...

9.6CVSS6AI score0.00497EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.5 views

CVE-2026-28497

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS5.8AI score0.00467EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2026/03/07 5:23 a.m.2 views

Chromium: CVE-2026-3538 Integer overflow in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.8AI score0.00497EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/07 5:22 a.m.5 views

Chromium: CVE-2026-3536 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.8AI score0.00458EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.2 views

SUSE SLES16 Security Update : expat (SUSE-SU-2026:20627-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20627-1 advisory. - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference...

7.8CVSS7AI score0.00193EPSS
Exploits0References7
OSV
OSV
added 2026/03/06 12:43 p.m.4 views

OESA-2026-1530 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

7.5CVSS5.8AI score0.00402EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 12:43 p.m.6 views

OESA-2026-1529 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

8.3CVSS5.8AI score0.015EPSS
Exploits0References5
OSV
OSV
added 2026/03/06 12:43 p.m.2 views

OESA-2026-1527 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

8.3CVSS5.8AI score0.015EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/06 2:51 a.m.5 views

CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS5.8AI score0.00467EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 2:51 a.m.10 views

CVE-2026-28497

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS6AI score0.00467EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/06 2:51 a.m.32 views

CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS0.00467EPSS
Exploits1References2
CVE
CVE
added 2026/03/06 2:51 a.m.27 views

CVE-2026-28497

TinyWeb (Delphi, Win32) before version 2.03 contains an integer overflow in the string-to-integer conversion routine (_Val) that enables an unauthenticated remote attacker to bypass Content-Length checks and perform HTTP Request Smuggling. This affects servers using persistent connections (Keep-A...

9.3CVSS6AI score0.00467EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/06 2:51 a.m.8 views

CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS5.9AI score0.00467EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.3 views

PT-2026-26457

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in the parsing of PSD files due to insufficient validation of user-supplied data, leading to an integer overflow before buffer allocation. This can allow a remote attacker to execu...

7.8CVSS7.6AI score0.00755EPSS
Exploits0References56
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-26461

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists within the parsing of XPM files due to a lack of proper validation of user-supplied data, resulting in an integer overflow before buffer allocation. This can allow a remote attacke...

7.8CVSS7.6AI score0.00755EPSS
Exploits0References61
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.5 views

GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of palette...

7.8CVSS6.2AI score0.00867EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/06 12:0 a.m.5 views

Google Android elevation of privilege vulnerability (CNVD-2026-19056)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an out-of-bounds write due to an integer overflow in multiple functions of memprotect.c. The vulnerability is caused by an integer overflow in th...

8.4CVSS6.1AI score0.00152EPSS
Exploits0
Rows per page
Query Builder