Lucene search
K

2210 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-46057

Name of the Vulnerable Software and Affected Versions libxls versions prior to 1.6.4 Description The OLE container parser contains an issue where memory allocated for the Master Sector Allocation Table MSAT in the read MSAT function is not fully initialized before being used by the ole2 validate...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/03 12:0 a.m.15 views

EUVD-2026-34178

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

5.8AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/06/01 11:7 a.m.5 views

SUSE-SU-2026:21963-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. -...

7.8CVSS6.4AI score0.03663EPSS
Exploits17References13
Redos
Redos
added 2026/05/29 12:0 a.m.12 views

ROS-20260529-73-0025

The vulnerability of the JSONSCHEMAVALID function in the MariaDB database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause service interruptions and execute arbitrary code by sending a specially crafted JSON file...

9.9CVSS6.3AI score0.00856EPSS
Exploits1
OSV
OSV
added 2026/05/28 4:16 p.m.10 views

DEBIAN-CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

IBM多款产品 安全漏洞

IBM WebSphere Application Server WAS, among others, are products of the American multinational company IBM. IBM WebSphere Application Server is an application server product. IBM WebSphere Application Server Liberty is a Java application server built upon the Open Liberty project. IBM webMethods...

7.5CVSS5.9AI score0.005EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 10:50 a.m.11 views

EUVD-2026-31091

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

6CVSS5.8AI score0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 10:50 a.m.10 views

CVE-2026-0857

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...

6CVSS5.8AI score0.00101EPSS
Exploits0References1
Redos
Redos
added 2026/05/20 12:0 a.m.12 views

ROS-20260520-73-0052

A vulnerability in the Dawn component of the Google Chrome web browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS5.7AI score0.00313EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.15 views

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-317...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/18 8:37 p.m.9 views

Use After Free

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.9 views

CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS5.8AI score0.00932EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from memory processing issues. This vulnerability may cause damage to process memory when handling maliciously crafted images. The...

7.5CVSS5.8AI score0.00311EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/08 6:45 a.m.10 views

Security Bulletin: IBM Automation Decision Services for April 2026- Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8....

9.6CVSS7.5AI score0.09917EPSS
Exploits3Affected Software1
OSV
OSV
added 2026/05/07 8:53 a.m.7 views

BIT-THRIFT-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.5CVSS5.8AI score0.00665EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38479

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.3CVSS5.8AI score0.00665EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 12:16 p.m.4 views

UBUNTU-CVE-2026-43218

In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9903: Fix potential memory leak in tw9903probe In one of the error paths in tw9903probe, the memory allocated in v4l2ctrlhandlerinit and v4l2ctrlnewstd is not freed. Fix that by calling v4l2ctrlhandlerfree on the...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References8
OSV
OSV
added 2026/05/06 12:16 p.m.6 views

UBUNTU-CVE-2026-43162

In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in tegrachanneltryformat The state object allocated by v4l2subdevstatealloc must be freed with v4l2subdevstatefree when it is no longer needed. In tegrachanneltryformat, two error paths return...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/30 8:17 p.m.6 views

CVE-2026-28532

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6.5CVSS5.9AI score0.00225EPSS
Exploits0
Rows per page
Query Builder