Lucene search
K

98 matches found

Amazon
Amazon
added 2026/07/08 12:0 a.m.5 views

Medium: gstreamer1-plugins-bad-free

Issue Overview: A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into...

7.1CVSS6.1AI score0.0031EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55924

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 3.0.16 Description The multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS POST. This occurs becau...

8.6CVSS6.1AI score0.0046EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55936

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in the PNM file format parser where the pnmscanner gettoken function contains an off-by-one error in its loop boundary check. When processing a specially crafted PNM file, the...

7.3CVSS6.6AI score0.00216EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2026/06/30 11:24 p.m.6 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53172

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value o...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/802/mrp: fix vector attribute parsing in mrppduparsevecattr In mrppduparsevecattr, vector attribute events are encoded three per byte and valen tracks the...

5.5CVSS6AI score0.00128EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.11 views

Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/16 8:52 a.m.120 views

objdump-dlx-calc-poc

objdump dlx calc poc Small repro for an objdump -g crash-to...

5.3AI score
Exploits0
FreeBSD
FreeBSD
added 2026/06/12 12:0 a.m.10 views

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports: Multiple security issues were identified and fixed in the GStreamer framework. GStreamer-SA-2026-0030: Missing bounds checks in RTCP SDES packet parsing GStreamer-SA-2026-0031: Integer overflow and truncation in MXF demuxer GStreamer-SA-2026-0032: Out-of-bounds read...

8.8CVSS5.9AI score0.0053EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/06/05 4:9 p.m.45 views

CVE-2026-48111 GHSL-2026-121 7-Zip UEFI DEPEX OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

4.3CVSS0.00225EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/04 2:34 p.m.11 views

EUVD-2026-34287

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:0 a.m.10 views

CVE-2026-48682

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simplepacketparserng.cpp, after validating that the packet contains at least sizeofipv4headert bytes 20 bytes, the code advances the localpointer by '4 ipv4header-getihl' line 164 without...

5.9AI score0.00267EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.17 views

openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20730-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20730-1 advisory. Changes in apptainer: - Fix CVE-2026-34986 bsc1262956 github.com/go-jose/go-jose/[email protected] CVE-2026-33186 GO-2026-4762 bsc1260311...

9.9CVSS7.3AI score0.91969EPSS
Exploits8References55
OSV
OSV
added 2026/05/08 10:56 p.m.8 views

GHSA-F8QV-7X5W-QR48 free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/08 10:56 p.m.15 views

free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:15 a.m.9 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 7:15 a.m.9 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

2.9CVSS5.8AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:47 a.m.6 views

BIT-JRE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

8.1CVSS5.9AI score0.00625EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39255

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The NRF root SBI endpoint "POST /oauth2/token" contains a parser-level type-confusion bug. The handler in NFs/nrf/internal/sbi/api accesstoken.go uses reflection over...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References8
SUSE Linux
SUSE Linux
added 2026/05/07 11:53 a.m.7 views

Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques bsc1262115. CVE-2026-5795: Fixed JaspiAuthenticator broken access control...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References8
Rows per page
Query Builder