Lucene search
K

34428 matches found

RedhatCVE
RedhatCVE
added 2026/05/10 2:20 p.m.9 views

CVE-2026-42477

A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because...

7.1CVSS5.9AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2026/05/10 5:16 a.m.28 views

CVE-2026-6722

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS0.00686EPSS
Exploits0References6
OSV
OSV
added 2026/05/10 5:16 a.m.5 views

UBUNTU-CVE-2026-6722

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00686EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/10 5:16 a.m.7 views

CVE-2026-6722

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS5.8AI score0.00686EPSS
Exploits0References2
CVE
CVE
added 2026/05/10 4:43 a.m.50 views

CVE-2026-7263

CVE-2026-7263 affects PHP 8.4.x (before 8.4.21) and 8.5.x (before 8.5.6). The issue is in the DOMNode::C14N() path, where XML processing can mis-handle data, creating a circular linked list in the XML document structure. This can cause the processor to enter an infinite loop, resulting in denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2026/05/10 4:19 a.m.17 views

CVE-2026-6722

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00686EPSS
Exploits0
EUVD
EUVD
added 2026/05/10 4:19 a.m.16 views

EUVD-2026-28966

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.5CVSS6.1AI score0.00686EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

PHP 资源管理错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a resource management vulnerability. This vulnerability stemmed from the object deduplication mechanism in the SOAP extension, which stored pointers to PHP...

9.8CVSS6.1AI score0.00686EPSS
Exploits0References1
Mageia
Mageia
added 2026/05/09 4:24 p.m.9 views

Updated rootcerts, nss & firefox packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

9.8CVSS5.8AI score0.00586EPSS
Exploits0References7
OSV
OSV
added 2026/05/09 12:32 p.m.13 views

OESA-2026-2242 apache-mina security update

Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...

9.8CVSS6AI score0.00902EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.10 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

9.1CVSS6.3AI score0.00634EPSS
Exploits4References1
Patchstack
Patchstack
added 2026/05/09 12:46 a.m.8 views

NPM: Hono has CSS Declaration Injection via Style Object Values in JSX SSR

NPM: Hono has CSS Declaration Injection via Style Object Values in JSX SSR vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/09 12:46 a.m.9 views

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output the styleObjectForEach and jsxAttr style serialization paths in the JSX runtime. An attacker can inject arbitrary CSS declarations by supplying...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:46 a.m.7 views

GHSA-QP7P-654G-CW7P Hono has CSS Declaration Injection via Style Object Values in JSX SSR

Summary The JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the rendered style attribute. The impact is limited to CSS and does not allow JavaScript executio...

4.3CVSS6AI score0.00197EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/09 12:46 a.m.14 views

Hono has CSS Declaration Injection via Style Object Values in JSX SSR

Summary The JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the rendered style attribute. The impact is limited to CSS and does not allow JavaScript executio...

4.3CVSS6AI score0.00197EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/09 12:40 a.m.10 views

Prototype Pollution

Overview velocityjs is a Velocity Template LanguageVTL for JavaScript Affected versions of this package are vulnerable to Prototype Pollution through the processing of set directives in templates. An attacker can modify the global object prototype by supplying specially crafted template content,...

9.8CVSS6.4AI score0.00505EPSS
Exploits1References2
OSV
OSV
added 2026/05/09 12:40 a.m.5 views

GHSA-J658-C2GF-X6PQ Velocity.js has a Prototype Pollution vulnerability through #set path assignment

Summary A prototype pollution vulnerability was discovered in Velocity.js key = val. Because there is no validation or filtering to block sensitive keys such as \proto\, constructor, or prototype, an attacker can traverse the prototype chain and pollute the global Object.prototype. PoC javascript...

8.3CVSS5.8AI score0.00505EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/09 12:40 a.m.9 views

Velocity.js has a Prototype Pollution vulnerability through #set path assignment

Summary A prototype pollution vulnerability was discovered in Velocity.js key = val. Because there is no validation or filtering to block sensitive keys such as \proto\, constructor, or prototype, an attacker can traverse the prototype chain and pollute the global Object.prototype. PoC javascript...

9.8CVSS5.8AI score0.00505EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/09 12:25 a.m.12 views

CVE-2026-43444

A flaw was found in the Linux kernel's drm/amdkfd component. This vulnerability arises from improper error handling where a buffer object bo is not released if a queue update fails. This could lead to a resource leak, potentially causing system instability or a denial of service DoS for a local...

5.5CVSS6AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.14 views

PT-2026-39328

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description The JSX renderer escapes style attribute object values for HTML but not for CSS. When untrusted input is interpolated into a JSX style object and rendered server-side, characters that act as CSS...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References170
Rows per page
Query Builder