CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

Debian CVE•added 2026/05/10 3:42 a.m.•9 views

CVE-2026-7568

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00055EPSS

Exploits0

Positive Technologies•added 2026/05/06 12:0 a.m.•5 views

PT-2026-38053

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

7.5CVSS6.4AI score0.00418EPSS

Exploits0References4

UbuntuCve•added 2026/04/13 6:16 p.m.•2 views

CVE-2026-32316

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

8.2CVSS6AI score0.00025EPSS

Exploits1References5

Cvelist•added 2026/04/13 5:49 p.m.•19 views

CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow

8.2CVSS0.00025EPSS

Exploits1References2

AlpineLinux•added 2026/04/13 5:49 p.m.•0 views

CVE-2026-32316

8.2CVSS6AI score0.00025EPSS

Exploits1References2

ATTACKERKB•added 2026/04/13 5:49 p.m.•3 views

CVE-2026-32316

8.2CVSS6.1AI score0.00025EPSS

Exploits1References3

EUVD•added 2026/04/13 5:49 p.m.•0 views

EUVD-2026-22039

8.2CVSS6.1AI score0.00025EPSS

Exploits1References2

Packet Storm•added 2026/03/26 12:0 a.m.•102 views

📄 V8 StringToBigInt Memory Corruption Sandbox Bypass

V8 suffers from a sandbox bypass vulnerability due to memory corruption during StringToBigInt conversion. The function v8::internal::StringToBigInt is used by V8 when converting a string to a BigInt e.g. via BigInt“1337”. It first parses the string into individual digitt’s in the...

5.8AI score

Exploits0

OSV•added 2026/01/27 3:15 p.m.•0 views

AZL-76469 CVE-2026-1489 affecting package glib 2.71.0-9

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...

5.4CVSS5.8AI score0.0002EPSS

Exploits1References1

NVD•added 2026/01/27 3:15 p.m.•1 views

CVE-2026-1489

5.4CVSS0.0002EPSS

Exploits1References4

Vulnrichment•added 2026/01/27 2:26 p.m.•2 views

CVE-2026-1489 Glib: glib: memory corruption via integer overflow in unicode case conversion

5.4CVSS5.9AI score0.0002EPSS

Exploits1References3

ATTACKERKB•added 2026/01/27 2:26 p.m.•3 views

CVE-2026-1489

5.4CVSS5.9AI score0.0002EPSS

Exploits1References3

Positive Technologies•added 2026/01/01 12:0 a.m.•2 views

PT-2026-4919

Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw exists in GLib related to its Unicode case conversion implementation. An integer overflow can lead to memory corruption when processing specially crafted, large Unicode strings. This...

5.4CVSS5.5AI score0.0002EPSS

Exploits1References18

OSV•added 2025/07/11 12:24 p.m.•2 views

OESA-2025-1796 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: A flaw was found in how GLib’s GString...

7.5CVSS7.1AI score0.00418EPSS

Exploits0References2

OSV•added 2025/06/13 4:15 p.m.•3 views

DEBIAN-CVE-2025-6052

7.5CVSS5.7AI score0.00418EPSS

Exploits0References1

Positive Technologies•added 2025/02/12 12:0 a.m.•1 views

PT-2025-7066 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: parse-duraton versions prior to 2.1.3 Description: The issue is related to an event loop delay due to the CPU-bound operation of resolving the provided string, which can range from 0.5ms to 50ms per operation, depending on the size of the inp...

7.5CVSS6.6AI score0.00117EPSS

Exploits0References9

OSV•added 2022/08/03 6:15 a.m.•2 views

AZL-10467 CVE-2022-35737 affecting package sqlite for versions less than 3.39.2-1

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

7.5CVSS7AI score0.54845EPSS

Exploits2References1

OSV•added 2022/08/03 6:15 a.m.•0 views

UBUNTU-CVE-2022-35737

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

7.5CVSS6.8AI score0.54845EPSS

Exploits2References6

CNNVD•added 2021/11/30 12:0 a.m.•2 views

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, which stems from the Spring AMQP Message object in its toString method, which will create a new...

6.5CVSS6.4AI score0.00571EPSS

Exploits0References2

CNVD•added 2017/08/15 12:0 a.m.•1 views

Adobe Acrobat/Reader Remote Code Execution Vulnerability (CNVD-2017-28433)

Adobe Reader is a PDF document reading software.Acrobat is a PDF document editing software. Adobe Acrobat Reader has a remote code execution vulnerability in the JavaScript engine when creating larger strings, which can be exploited by attackers to execute arbitrary code...

9.3CVSS9.4AI score0.0472EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by