Lucene search
K

644 matches found

NVD
NVD
added 5 days ago12 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6AI score0.00107EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6.1AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 3:33 a.m.9 views

EUVD-2026-40878

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb function passes a caller-supplied WCHAR pointer to wcslen before any bounds check. If the caller provides a wide-character buffer that is not properly...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/06/23 12:0 a.m.3 views

The vulnerability of the mbregexuringencoding() function in the PHP interpreter allows a hacker to trigger a service failure.

The vulnerability of the mbregexuringencoding function in the PHP interpreter is related to discrepancies in the lists of encodings between the Oniguruma library and mbfl, as a result of a pointer assignment error. Exploiting this vulnerability can allow an attacker to cause a service failure...

7.8CVSS5.7AI score0.00202EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2405-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2405-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

8.8CVSS6.5AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/16 6:53 a.m.4 views

SUSE-SU-2026:2403-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption bsc1266349. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341....

8.8CVSS5.2AI score0.02719EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:3 a.m.6 views

Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

...

8.1CVSS5.8AI score0.00358EPSS
Exploits0
OSV
OSV
added 2026/06/09 6:29 p.m.25 views

USN-8414-2 openssl, openssl1.0 vulnerabilities

USN-8414-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An...

9.1CVSS6.1AI score0.02719EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.13 views

CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

6.3AI score0.00358EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.49 views

CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

0.00358EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 12:0 a.m.10 views

UBUNTU-CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS6.6AI score0.00358EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-47676

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the...

5.3CVSS5.4AI score0.0026EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 12:4 p.m.10 views

RLSA-2026:22649 Important: php8.4 security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS5.7AI score0.0078EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/04 6:1 p.m.11 views

EUVD-2026-32924

Hono: app.mount strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.11 views

RockyLinux 10 : postgresql16 (RLSA-2026:19010)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19010 advisory. postgresql: PostgreSQL oidvector discloses a few bytes of memory CVE-2026-2003 postgresql: PostgreSQL missing validation of multibyte character length...

8.8CVSS6.3AI score0.01208EPSS
Exploits3References9
RedHat Linux
RedHat Linux
added 2026/06/02 10:29 p.m.12 views

php: global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

A flaw was found in PHP. When an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, an out-of-bounds read of only 1 byte can occur due to the incorrect processing of string lengths. This issue can cause a denial of service or limited...

9.1CVSS5.7AI score0.00469EPSS
Exploits0References5
OSV
OSV
added 2026/05/29 4:3 p.m.19 views

RLSA-2026:19009 Important: postgresql18 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS6.3AI score0.01208EPSS
Exploits3References6
OSV
OSV
added 2026/05/29 4:3 p.m.18 views

RLSA-2026:19010 Important: postgresql16 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS6.2AI score0.01208EPSS
Exploits3References5
Rockylinux
Rockylinux
added 2026/05/29 4:3 p.m.22 views

postgresql16 security update

An update is available for postgresql16. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced Object-Relational database management system...

8.8CVSS6.2AI score0.01208EPSS
Exploits3
Rows per page
Query Builder