CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

857 matches found

Hacker One•added 2025/11/15 10:45 p.m.•14 views

curl: Incorrect sizeof() in Rustls Backend Memory Allocation

Summary There's a bug in lib/vtls/rustls.c where malloc uses sizeofciphersuites instead of sizeofciphersuites. This allocates memory based on pointer size rather than element size. Steps To Reproduce 1. Look at lib/vtls/rustls.c line 530: c const struct rustlssupportedciphersuite ciphersuites =...

7.3AI score

Exploits0

Tenable Nessus•added 2025/11/13 12:0 a.m.•3 views

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2023-23916)

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this...

6.5CVSS6.7AI score0.01703EPSS

Exploits1References3

Tenable Nessus•added 2025/11/13 12:0 a.m.•4 views

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2025-29087)

In SQLite, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the result buffer, and thus malloc may...

7.5CVSS6.7AI score0.0042EPSS

Exploits0References5

Amazon•added 2025/10/27 12:0 a.m.•4 views

Medium: glibc

Issue Overview: The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffe...

5.9CVSS7.8AI score0.00158EPSS

Exploits0

OSV•added 2025/10/19 7:8 p.m.•4 views

JLSEC-2025-121 An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks chec...

An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointer dereference, impacting availability...

7.5CVSS7AI score0.0142EPSS

Exploits0References5

OSV•added 2025/10/10 1:22 p.m.•2 views

JLSEC-2025-12 cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of ser...

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call...

7.5CVSS6.8AI score0.03463EPSS

Exploits1References4