Lucene search
K

637 matches found

CVE
CVE
added 2026/07/08 12:30 p.m.15 views

CVE-2026-14454

Imager for Perl prior to 1.033 mishandles unsigned EXIF IFD entry counts by treating them as signed, potentially causing an attempt to allocate a block near the address space and terminating a worker process. This can be triggered by crafting an image with crafted EXIF data. The published fix is ...

9.8CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/06 7:55 p.m.6 views

EUVD-2026-25017

kill: 'kill -1' parsed as PID -1, sending SIGTERM to all processes system crash / DoS...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/29 2:23 p.m.10 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 9:54 p.m.15 views

EUVD-2026-31689

Hackney has SSRF allowlist bypass in hackneyurl:normalize/2 via percent-encoded host...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References5
NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS0.00239EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 10:7 a.m.6 views

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:20 p.m.12 views

Interpretation Conflict

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Interpretation Conflict through the parseoptionsheader function. An attacker can bypass field name or filename-based access controls, or manipulate file upload destinations ...

6.3CVSS5.4AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:19 p.m.10 views

Interpretation Conflict

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results between differen...

6.9CVSS5.3AI score0.00107EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/15 5:19 p.m.9 views

Interpretation Conflict

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results...

6.9CVSS5.3AI score0.00107EPSS
Exploits1References2
OSV
OSV
added 2026/06/15 5:19 p.m.15 views

GHSA-VMF3-W455-68VH node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

6.9CVSS5.5AI score0.00107EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49577

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.16 Description An interpretation differential exists in how the software parses tar archives. The issue occurs because the library applies a PAX extended header's size= record and other PAX overrides to the next...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References6
Snyk
Snyk
added 2026/06/09 9:58 p.m.4 views

Interpretation Conflict

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sendin...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 9:58 p.m.4 views

Interpretation Conflict

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sending specially crafte...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/07 12:0 a.m.20 views

Data Agents under Attack: Vulnerabilities in LLM-Driven Analytical Systems

Data agents integrate LLM-driven reasoning with relational data access, executable analytical tools, and multi-step workflow orchestration, making them increasingly central to enterprise analytics. This integration introduces new security vulnerabilities across data resources, database execution,...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-27851

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...

9.1CVSS5.6AI score0.00406EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/04 4:22 p.m.8 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the pngpushreadchunk function in the push-mode APNG parser. An attacker can inject chunked data with a malicious PNG file containing attacker-controlled bytes in an ignored ancillary chunk, which are then...

5.4CVSS5.5AI score0.00202EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 12:1 p.m.14 views

Security Bulletin: node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by bypass downstream cryptographic verifications and security decisions.

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-12816, CVE-2025-66030, CVE-2025-66031 . Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticat...

8.7CVSS7.2AI score0.00705EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44985

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-prov data is stored as nni quic conn during dialing, but read as ex quic conn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

4.5CVSS5.8AI score0.00096EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 9:13 p.m.12 views

CVE-2025-71304

A flaw was found in the Linux kernel's Smack module. A local user with privileges to modify Smack's Domain of Interpretation DOI values could cause a denial of service. By writing a previously used DOI value to /smack/doi, networking for non-ambient labels becomes disabled. This prevents network...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 9:9 p.m.14 views

CVE-2026-46175

A flaw was found in the Linux kernel's f2fs filesystem. During Foreground Garbage Collection FGGC of node blocks, the system fails to properly clear internal metadata marks. This can lead to filesystem inconsistencies, where the fsck utility may misinterpret the state of migrated data. A local us...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References4
Rows per page
Query Builder