CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в ffmpeg, ffmpeg5

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds...

9.1CVSS6.7AI score0.00224EPSS

Exploits0References2

Fedora•added 2026/03/28 12:46 a.m.•1 views

[SECURITY] Fedora 43 Update: perl-XML-Parser-2.51-1.fc43

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

9.8CVSS5.8AI score0.00035EPSS

Exploits0

RedhatCVE•added 2026/03/13 2:18 p.m.•1 views

CVE-2026-28356

A flaw was found in multipart. The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, causing an exponential backtracking ReDoS when parsing a specially crafted HTTP or multipart segment headers. A web application parsing request headers or...

7.5CVSS5.7AI score0.00859EPSS

Exploits0References4

SUSE CVE•added 2026/03/13 1:16 p.m.•0 views

SUSE CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS5.8AI score0.00859EPSS

Exploits0References3

Debian•added 2026/03/12 7:47 p.m.•2 views

[SECURITY] [DSA 6161-1] multipart security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6161-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2026 https://www.debian.org/security/faq -...

7.5CVSS5.8AI score0.00859EPSS

Exploits0

OSV•added 2026/03/12 6:32 p.m.•1 views

GHSA-P2M9-WCP5-6QW3 multipart vulnerable to ReDoS in `parse_options_header()`

Summary The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...

7.5CVSS5.8AI score0.00859EPSS

Exploits0References3

Snyk•added 2026/03/12 6:32 p.m.•1 views

Regular Expression Denial of Service (ReDoS)

Overview multipart is a Parser for multipart/form-data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the parseoptionsheader function due to the use of a regular expression with ambiguous alternation. An attacker can cause significant resource...

8.7CVSS5.8AI score0.00859EPSS

Exploits0References2

EUVD•added 2026/03/12 6:32 p.m.•2 views

EUVD-2026-11607

multipart vulnerable to ReDoS in parseoptionsheader...

7.5CVSS5.8AI score0.00859EPSS

Exploits0References2

OSV•added 2026/03/12 5:16 p.m.•0 views

DEBIAN-CVE-2026-28356

7.5CVSS8.3AI score0.00859EPSS

Exploits0References1

OSV•added 2026/03/12 5:16 p.m.•2 views

UBUNTU-CVE-2026-28356

7.5CVSS5.8AI score0.00859EPSS

Exploits0References4

Cvelist•added 2026/03/12 4:45 p.m.•21 views

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

7.5CVSS0.00859EPSS

Exploits0References1

ATTACKERKB•added 2026/03/12 4:45 p.m.•0 views

CVE-2026-28356

7.5CVSS5.8AI score0.00859EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/12 4:45 p.m.•0 views

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

7.5CVSS5.8AI score0.00859EPSS

Exploits0References3

OSV•added 2025/10/19 7:8 p.m.•2 views

JLSEC-2025-140 FFmpeg n6.1.1 is Integer Overflow

9.1CVSS6.9AI score0.00224EPSS

Exploits0References3

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2019-13445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. parseOptions in tools/rosbag/src/record.c...

9.8CVSS8.2AI score0.00513EPSS

Exploits1References2

OSV•added 2025/05/15 12:3 a.m.•3 views

OSV-2025-368 Heap-buffer-overflow in __parse_options

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=417576708 Crash type: Heap-buffer-overflow READ 2 Crash state: parseoptions parseoptions parsebyblocktype...

7.2AI score

Exploits0References1

OSV•added 2024/12/06 3:23 p.m.•1 views

OESA-2024-2498 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: FFmpeg n6.1.1 is Intege...

9.1CVSS7AI score0.00224EPSS

Exploits0References3

SUSE CVE•added 2024/12/03 12:33 a.m.•1 views

SUSE CVE-2024-35366

5.3CVSS6.9AI score0.00224EPSS

Exploits0References3

CNVD•added 2024/12/03 12:0 a.m.•5 views

FFmpeg parse_options integer overflow vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An integer overflow vulnerability exists in FFmpeg parseoptions, which can be exploited by an attacker to submit a special file and trick the user into parsing it, which can crash the...

9.1CVSS6.9AI score0.00224EPSS

Exploits0References1

OSV•added 2024/11/29 8:15 p.m.•2 views

DEBIAN-CVE-2024-35366

9.1CVSS6.7AI score0.00224EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by