Lucene search
+L

650 matches found

Veracode
Veracode
added 3 days ago7 views

Improper Authentication

Apollo ConfigService is vulnerable to Improper Authentication. The vulnerability is due to incorrect parsing of the appId during authentication for the raw configuration file endpoint, which allows an attacker to bypass AccessKey or management key authentication and access protected configuration...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References4Affected Software1
OSV
OSV
added 4 days ago3 views

JLSEC-2026-708

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

9.8CVSS6.2AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

JLSEC-2026-706 Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier...

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...

7.5CVSS6.1AI score0.00257EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-15712

CVE-2026-15712 affects libsoup’s HTTP/2 connection tracking in/libsoup3 (versions 3.0–3.7.0) where the GOAWAY frame’s Additional Debug Data is parsed as a NUL-terminated C-string without strict length checks. This permits a remote, unauthenticated attacker to send malformed GOAWAY frames, causing...

5.9CVSS6.1AI score0.00498EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43573

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

6.1AI score0.00212EPSS
Exploits0References3
OSV
OSV
added 2026/07/09 12:49 p.m.5 views

OESA-2026-2889 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

7.5CVSS6AI score0.0035EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/07/09 8:3 a.m.7 views

Pion DTLS: Denial of service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message

...

6.3CVSS6.1AI score0.0032EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56359

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue occurs when the application opens a PDF file containing an abnormal Unity 3D object. During the parsing process, the application incorrectly resolves a portion of the...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 9:48 p.m.4 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS6AI score0.00394EPSS
Exploits0References5
NVD
NVD
added 2026/07/04 8:16 p.m.12 views

CVE-2026-14650

A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grasscompiler::rawtoparseerror of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publishe...

4.8CVSS0.00116EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/07/01 8:1 a.m.5 views

Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

...

9.1CVSS6.1AI score0.00373EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Python 3.11

Python-Markdown version 3.8 contains a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Since Python-Markdown does not catch this exception, any application that processes Markdown controlled by...

8.2CVSS5.8AI score0.00566EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 12:49 a.m.5 views

CVE-2026-12681

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.9 views

CVE-2026-12892

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...

4.4CVSS5.8AI score0.00119EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 5:16 p.m.18 views

CVE-2025-71325

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 3:5 p.m.13 views

EUVD-2025-210271

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS5.2AI score0.00475EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 2:8 p.m.17 views

hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.3AI score0.00186EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 2:8 p.m.11 views

GHSA-J6C9-X7QJ-28XF hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.4AI score0.00186EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/15 1:49 a.m.12 views

GIMP: GIMP: Arbitrary code execution via specially crafted PSD file

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

7.8CVSS7.6AI score0.00755EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 8:52 p.m.35 views

CVE-2026-4870 Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.

IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser...

7.5CVSS0.00268EPSS
Exploits0References1
Rows per page
Query Builder