Lucene search
K

53209 matches found

NVD
NVD
added 44 minutes ago4 views

CVE-2026-56373

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS
Exploits0References2
CVE
CVE
added 2 hours ago4 views

CVE-2026-56373

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-56373 ImageMagick - Use-After-Free Write in PDB Decoder

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-56373 ImageMagick - Use-After-Free Write in PDB Decoder

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2 hours ago5 views

This new Windows malware can take over your PC and wipe it clean

Microsoft published new research on GigaWiper, a modular Golang backdoor for Windows that combines robust remote access with multiple ways to permanently destroy systems and data. GigaWiper is a Windows backdoor that Microsoft has observed in intrusions since October 2025. Rather than being a...

6.1AI score
Exploits0
Rockylinux
Rockylinux
added 3 hours ago3 views

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs...

8.8CVSS6.2AI score0.0053EPSS
Exploits0
Rockylinux
Rockylinux
added 3 hours ago5 views

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...

8.8CVSS6.2AI score0.0053EPSS
Exploits0
The Hacker News
The Hacker News
added 4 hours ago4 views

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no logi...

9.2CVSS6.3AI score0.03225EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 7 hours ago3 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IF2 Vulnerability Details CVEID:CVE-2026-8368 DESCRIPTION: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response...

9.8CVSS6.6AI score0.00677EPSS
Exploits1Affected Software1
NVD
NVD
added 7 hours ago3 views

CVE-2026-40006

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

Exploits0References1
GithubExploit
GithubExploit
added 8 hours ago16 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-infinispan Remote Aggregation Repository Unsafe Deserial...

8.8CVSS6.3AI score0.00711EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 8 hours ago2 views

CVE-2026-40006

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

6.1AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 8 hours ago4 views

CVE-2026-40006 Apache IoTDB: Unauthenticated heap-exhaustion DoS via unbounded allocation in IoTDB AirGap pipe receiver

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago2 views

CVE-2026-40006 Apache IoTDB: Unauthenticated heap-exhaustion DoS via unbounded allocation in IoTDB AirGap pipe receiver

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

Exploits0References1
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42834

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

6.1AI score
Exploits0References1
CVE
CVE
added 8 hours ago4 views

CVE-2026-40006

Apache IoTDB (IoTDB AirGap pipe receiver) is affected by an unauthenticated heap-exhaustion DoS via unbounded allocation. When pipe_air_gap_receiver_enabled=true, it accepts raw TCP on port 9780 and reads a caller-controlled 32-bit length without an upper bound, leading to a JVM allocation of up ...

6.1AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 10 hours ago3 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty (CVE-2026-50010,CVE-2026-50020,CVE-2026-45416 & CVE-2026-44249)

Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...

8.1CVSS6.2AI score0.00552EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added 13 hours ago28 views

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

9.8CVSS7.7AI score0.70947EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago76 views

Hue Magic 3.0.0 - Local File Inclusion

Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. id: CVE-2021-25864 info: name: Hue Magic 3.0.0 - Local File Inclusion author: 0xAkoko severity: high description: Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. impact: | The LFI...

7.5CVSS7AI score0.09331EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago106 views

SolarView Compact < 6.00 - Directory Traversal

SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd. id:...

7.5CVSS7.2AI score0.02885EPSS
Exploits1References2
Rows per page
Query Builder