2337 matches found
CVE-2026-21057
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...
CVE-2026-21048
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
CVE-2026-21045
Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
CVE-2026-21057
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...
CVE-2026-21057
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...
CVE-2026-21048
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
EUVD-2026-42818
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
CVE-2026-21045
Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
CVE-2026-21045
Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
Summary Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...
EUVD-2026-42126
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary userid parameters or...
CVE-2026-59705
CVE-2026-59705 concerns mem0’s openmemory/api component, where an unauthenticated access flaw allows reading, writing, and deleting arbitrary user memories via API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory ret...
CVE-2026-53354
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an...
EUVD-2026-40624
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13938
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13938
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13938
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13938
CVE-2026-13938 affects Google Chrome fonts handling prior to 150.0.7871.47. The underlying issue is an integer overflow in the Fonts component that enables a remote attacker to induce an out-of-bounds memory write via a crafted HTML page. The vulnerability is described with a Chromium-derived sev...
PT-2026-54215
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An integer overflow in the Fonts component allows a remote attacker to perform an out-of-bounds memory write by inducing the user to open a crafted HTML page. An integer overflow occurs...
CVE-2026-38571
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...