Lucene search
+L

13716 matches found

NVD
NVD
added 2026/07/08 6:16 p.m.17 views

CVE-2026-59937

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...

7.5CVSS0.00345EPSS
Exploits0References4
NVD
NVD
added 2026/07/08 6:16 p.m.9 views

CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

5.5CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 6:16 p.m.4 views

UBUNTU-CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

5.5CVSS6.1AI score0.00112EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 5:25 p.m.35 views

CVE-2026-59937 pypdf: Possible long runtimes for repeated malformed cross-reference entries

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...

6.9CVSS0.00345EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 5:25 p.m.11 views

CVE-2026-59937

CVE-2026-59937 affects the Python PDF library pypdf prior to 6.14.0. A crafted PDF with repeated malformed cross-reference streams can cause pypdf to spend long runtimes recovering broken cross-reference table entries, resulting in high impact on availability. The issue is fixed in version 6.14.0...

7.5CVSS6AI score0.00345EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/08 5:24 p.m.11 views

CVE-2026-59938

CVE-2026-59938 affects the Python PDF library pypdf. Before version 6.14.0, an attacker can craft a PDF with image size values declared much larger than actual data, causing large memory usage during pypdf image parsing. Root cause: mismatch between declared image dimensions and image data in the...

6.9CVSS6AI score0.00303EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/08 5:17 p.m.3 views

DEBIAN-CVE-2026-59882

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS6.1AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 5:17 p.m.3 views

DEBIAN-CVE-2026-29008

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS6.1AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 5:17 p.m.8 views

CVE-2026-29008

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS0.00446EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 4:14 p.m.12 views

CVE-2026-29008

U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...

8.7CVSS6AI score0.00446EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 4:3 p.m.33 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS0.00436EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 4:3 p.m.4 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6.1AI score0.00436EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 4:3 p.m.12 views

CVE-2026-59892

Summary: OpenTelemetry JavaScript’s JaegerPropagator (via @opentelemetry/propagator-jaeger) decodes uber-trace-id and uberctx-* headers with decodeURIComponent() without handling decode errors prior to 2.9.0, enabling an unauthenticated attacker to send a malformed percent-encoded value that resu...

7.5CVSS6AI score0.00436EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/08 3:52 p.m.7 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/08 2:20 p.m.6 views

openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

6.8CVSS6.1AI score0.0016EPSS
Exploits1References6
NVD
NVD
added 2026/07/08 9:16 a.m.8 views

CVE-2026-57255

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 7:36 a.m.16 views

CVE-2026-57255

CVE-2026-57255 affects Foxit PDF Editor/Reader. A PDF with an abnormal color space contains attributes referencing a semantically malformed function; the function’s output isn’t validated, leading to an illegal pointer read that accesses an out-of-bounds region and crashes the application. The de...

6.1CVSS6AI score0.00107EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/07/08 7:36 a.m.7 views

EUVD-2026-42198

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.9 views

CVE-2026-57255

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/07/08 7:36 a.m.37 views

CVE-2026-57255 Security vulnerability in Foxit PDF Editor/Reader — OOB Read via NaN-Bypass Clamp

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS0.00107EPSS
Exploits0References1
Rows per page
Query Builder