Lucene search
K

5623 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-48604

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.1 Description The uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit offset + unit size. An integer wrap during this addition allows a crafted HEIF file to bypass range checks an...

6.5CVSS5.9AI score0.00199EPSS
Exploits0References68
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-48609

This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. - CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read...

8.8CVSS6.5AI score0.00514EPSS
Exploits6References51
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : gdk-pixbuf2 (EulerOS-SA-2026-2203)

According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper...

7.5CVSS7.5AI score0.01069EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : gdk-pixbuf2 (EulerOS-SA-2026-2241)

According to the versions of the gdk-pixbuf2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper...

7.5CVSS7.5AI score0.01069EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/08 11:25 a.m.8 views

CVE-2026-10231

A flaw was found in Assimp, a library for importing various 3D model formats. A local attacker could exploit a heap-based buffer overflow vulnerability in the Half-Life 1 MDL Loader component. By manipulating a specific argument, an attacker could cause the application to crash, leading to a deni...

5.3CVSS5.7AI score0.00124EPSS
Exploits0References10
Malwarebytes
Malwarebytes
added 2026/06/08 10:53 a.m.33 views

Pirated PC games are delivering password-stealing malware

A new Windows malware campaign hides inside pirated PC games and modified installers for franchises like Far Cry, Need for Speed, FIFA, and Assassin’s Creed. Researchers estimate that more than 400,000 devices worldwide have been infected, with around 30,000 users in the US. The infection method ...

5.7AI score
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Medium: python3.12

Issue Overview: The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire. CVE-2026-2297...

6.1CVSS5.4AI score0.00229EPSS
Exploits1
VulnCheck KEV
VulnCheck KEV
added 2026/06/08 12:0 a.m.14 views

VulnCheck KEV: CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS6.8AI score0.01001EPSS
In wildExploits3References3
RedhatCVE
RedhatCVE
added 2026/06/07 5:17 a.m.8 views

CVE-2026-11240

An insufficient validation of untrusted input flaw was found in the Loader component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497030032...

4.3CVSS5.4AI score0.00186EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:41 a.m.6 views

SUSE CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

3.1CVSS5.4AI score0.00186EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/06 8:49 p.m.117 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

FreePBX 16 — Unauthenticated SQLi to RCE Proof-of-concept exp...

10CVSS6.4AI score0.93286EPSS
Exploits24
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.9 views

CVE-2026-34302

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Loader. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the...

5.5CVSS7.3AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41068

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

7.7CVSS5.5AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.6AI score0.00335EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.9 views

Chromium: CVE-2026-11240 Insufficient validation of untrusted input in Loader

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

3.1CVSS5.4AI score0.00186EPSS
Exploits0
EUVD
EUVD
added 2026/06/05 12:31 a.m.9 views

EUVD-2026-34701

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00186EPSS
Exploits0References3
NVD
NVD
added 2026/06/05 12:17 a.m.7 views

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

3.1CVSS0.00186EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 12:17 a.m.7 views

DEBIAN-CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

3.1CVSS5.4AI score0.00186EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process ...

3.1CVSS5.4AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

5.4AI score0.00186EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder