Lucene search
+L

525 matches found

CVE
CVE
added 2 days ago7 views

CVE-2026-16118

CVE-2026-16118 : Affects the xdgmime component, specifically the heap-based overflow in _xdg_mime_magic_parse_magic_line() within xdgmimemagic.c. On little-endian systems, parsing a user-writable MIME magic file (e.g., $XDG_DATA_HOME/mime/magic) can trigger an out-of-bounds write of 2 bytes durin...

7.1CVSS5.6AI score0.00136EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 4 days ago7 views

perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names

A flaw was found in XML::LibXML for Perl. A remote attacker could exploit this vulnerability when processing specially crafted XML node names containing incomplete UTF-8 character sequences. This can lead to an out-of-bounds read in heap memory, potentially causing the application to crash and...

7.5CVSS6AI score0.00629EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago6 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 5 days ago6 views

kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send()

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM networking component. A local attacker, by acting as a malicious signaling daemon, could send a specially crafted message containing an unvalidated pointer. This unvalidated pointer would be directly used by the kernel, leading...

5.5CVSS6.1AI score0.00131EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 9:16 a.m.9 views

CVE-2026-57260

The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 10:17 a.m.5 views

PYSEC-2026-992 Heap overflow in `QuantizeAndDequantizeV2`

Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...

4.8CVSS6AI score0.00401EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:38 a.m.3 views

CVE-2026-24012 Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6.1AI score0.00546EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This...

5.5CVSS6AI score0.00112EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 8:36 a.m.7 views

CVE-2026-53307

A flaw was found in the Linux kernel. The pinctrl: pinconf-generic subsystem does not properly validate the 'pinmux' property. An attacker could provide an empty 'pinmux' property, which would cause the system to crash due to invalid memory access. This could lead to a denial of service...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.7 views

SUSE CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.8AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.8AI score0.00112EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/26 7:41 p.m.10 views

EUVD-2026-39842

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:11 a.m.9 views

SUSE CVE-2026-53176

In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISERHEADERSLEN In drivers/infiniband/ulp/isert/ibisert.c, isertloginrecvdone computes the login request payload length as wc-bytelen minus ISERHEADERSLEN with no lower bound, and loginreql...

5.5CVSS6AI score0.00742EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/24 5:0 a.m.11 views

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.13 views

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2026-3381 (ALAS-2026-3381)

The version of webkitgtk4 installed on the remote host is prior to 2.52.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3381 advisory. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7....

8.8CVSS6.8AI score0.00693EPSS
Exploits0References34
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:28 p.m.6 views

CVE-2026-56210

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...

7.1CVSS5.8AI score0.00245EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50871

Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A use-after-free issue exists in the RASC video decoder. The decode move function initializes a read pointer into a decompressed buffer; however, a subsequent reallocation of that buffer durin...

6.5CVSS6AI score0.00245EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:58 a.m.8 views

CVE-2026-50643

8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation when accessing source line arrays. By supplying invalid or oversized line...

5.1CVSS5.3AI score0.00138EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 8:58 a.m.22 views

CVE-2026-50643

The CVE-2026-50643 entry concerns the 8cc compiler. It describes an Out-of-Bounds Read caused by improper handling of #line directives and GNU linemarkers, where attacker-controlled filename and line-number metadata is used without validation when accessing source line arrays. This can lead to ou...

5.1CVSS5.3AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder