Lucene search
K

1532 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-20214

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG...

7.5CVSS6AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-49451 Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause proce...

7.5CVSS0.00695EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:32 p.m.3 views

EUVD-2026-39396

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 10:2 p.m.5 views

PSF-2026-31

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 6:18 p.m.3 views

UBUNTU-CVE-2026-57062

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

2.9CVSS5.8AI score0.0011EPSS
Exploits0References3
OSV
OSV
added 2026/06/21 5:16 p.m.3 views

UBUNTU-CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS5.8AI score0.00105EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in gst-plugins-bad1.0

GStreamer MXF File Parsing: Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...

8.8CVSS8.6AI score0.01744EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in libxmltok

In libexpat before version 2.2.8, crafted XML inputs could trick the parser into switching from DTD parsing to document parsing too early. A consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber would then lead to a heap-based buffer overflow...

7.5CVSS7.4AI score0.06643EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/06/09 4:29 p.m.10 views

USN-8409-1: uriparser vulnerability

It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly use this issue to cause uriparser to crash, resulting in a denial of service...

2.9CVSS5.5AI score0.0012EPSS
Exploits0
Snyk
Snyk
added 2026/06/09 12:0 a.m.5 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improperly configured XML parsing in the PrettyPrintingContentModifier and XmlContentHandler classes, in PrettyPrintingContentModifier.java and payload/XmlContentHandler.java. When the...

6CVSS5.7AI score0.00223EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.6 views

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1771)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1771 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References16
OSV
OSV
added 2026/06/05 3:18 p.m.7 views

JLSEC-2026-574

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.2AI score0.00302EPSS
Exploits1References2
OSV
OSV
added 2026/06/05 12:16 p.m.8 views

SUSE-SU-2026:2285-1 Security update for yq

This update for yq fixes the following issues: - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267053. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels...

9.6CVSS5.6AI score0.00478EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.8 views

PT-2026-49254

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box stts::get sample duration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout...

6.5CVSS5.2AI score
Exploits0References3
OSV
OSV
added 2026/06/04 4:16 p.m.6 views

DEBIAN-CVE-2026-41178

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.4AI score0.00237EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:42 a.m.9 views

SUSE CVE-2022-46295

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

7.8CVSS7.1AI score0.00816EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Net::CIDR::Set 安全漏洞

Net::CIDR::Set is a Perl network address management library developed by RRWO’s individual developers. Versions of Net::CIDR::Set prior to 0.20 contained security vulnerabilities. These vulnerabilities stemmed from the acceptance of non-ASCII IP addresses and network masks. Unicode digits like...

6.5CVSS5.3AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:13 p.m.10 views

XML External Entity Injection

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML External Entity Injection in the METS-GBS backend's XML parsing and...

7.1CVSS5.5AI score0.00113EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

AIX : Multiple Vulnerabilities (IJ58140)

The version of AIX installed on the remote host is prior to APAR IJ58140. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58140 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...

7.5CVSS5.6AI score0.00755EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42502)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42502 advisory. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML...

6.1CVSS5.9AI score0.00178EPSS
Exploits0References1
Rows per page
Query Builder