CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2258 matches found

CVE-2026-10118

CVE-2026-10118 – Poppler Splash backend integer overflow : The vulnerability affects Poppler’s Splash backend, in the tilingPatternFill path, where crafted PDFs can trigger an integer overflow that yields an undersized heap allocation, enabling an out-of-bounds write. This can lead to arbitrary c...

7.8CVSS6AI score0.00065EPSS

Exploits0References3

EUVD•added 3 days ago•7 views

EUVD-2026-33694

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6AI score0.00065EPSS

Exploits0References3

Debian CVE•added 3 days ago•5 views

CVE-2026-10118

7.8CVSS6AI score0.00065EPSS

Exploits0

Cvelist•added 3 days ago•20 views

CVE-2026-10118 Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buffer overflow via unchecked dimension multiplication

7.8CVSS0.00065EPSS

Exploits0References3

RedhatCVE•added 3 days ago•4 views

CVE-2026-10118

7.8CVSS6AI score0.00065EPSS

Exploits0References4

CNNVD•added 3 days ago•2 views

Claw Orchestrator security vulnerabilities

Claw Orchestrator is a multi-agent coding agent runtime platform developed by Guian Fang personally. Versions of Claw Orchestrator 3.7.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter body.pattern in the validateRegex functio...

5.3CVSS5.7AI score0.0006EPSS

Exploits0References9

CNNVD•added 3 days ago•3 views

Poppler input validation vulnerability

Poppler is an open-source PDF rendering library developed by Poppler. Poppler has a vulnerability related to input validation errors. This vulnerability stems from an integer overflow in the tilingPatternFill function within the Splash backend. As a result of this overflow, insufficient heap memo...

7.8CVSS6.1AI score0.00065EPSS

Exploits0References3

Positive Technologies•added 3 days ago•7 views

PT-2026-45444

7.8CVSS6AI score0.00065EPSS

Exploits0References4

OSV•added 4 days ago•8 views

MAL-2026-5095 Malicious code in @challenger6/vm-pattern-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 396b490a90fc45f797d57bb02503489b3a924a18b927cabce392cad7f591c868 The OpenSSF Package Analysis project identified '@challenger6/vm-pattern-library' @ 99.0.0 npm as malicious. It is considered malicious because:...

5.8AI score

Exploits0

OSSF Malicious Packages•added 4 days ago•10 views

Malicious code in @challenger6/vm-pattern-library (npm)

5.8AI score

Exploits0

NVD•added 6 days ago•9 views

CVE-2026-45324

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmdsearch.c:bytepatternsearch due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe...

3.3CVSS0.00017EPSS

Exploits0References2

ATTACKERKB•added 6 days ago•5 views

CVE-2026-45324

3.3CVSS5.8AI score0.00017EPSS

Exploits0References3

Cvelist•added 6 days ago•22 views

CVE-2026-45324 Rizin: Double free in cmd_search.c

3.3CVSS0.00017EPSS

Exploits0References2

EUVD•added 6 days ago•6 views

EUVD-2026-33424

3.3CVSS5.8AI score0.00017EPSS

Exploits0References2

CNNVD•added 6 days ago•5 views

Rizin 资源管理错误漏洞

Rizin is a free, open-source reverse-engineering framework developed by the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensics tool, and as a command-line hexadecimal editor capable of opening disk files. Rizin has a resource manageme...

3.3CVSS5.8AI score0.00017EPSS

Exploits0References2

Positive Technologies•added 6 days ago•3 views

PT-2026-44974

Name of the Vulnerable Software and Affected Versions Rizin affected versions not specified Description Rizin is a UNIX-like reverse engineering framework and command-line toolset. A double free occurs in the byte pattern search function within the librz/core/cmd/cmd search.c file due to...

3.3CVSS6.1AI score0.00017EPSS

Exploits0References5

Github Security Blog•added last week•6 views

tuf has platform-dependent delegation path matching

DelegatedRole.istargetinpathpattern uses fnmatch.fnmatch to decide whether a given target path is authorized by a delegation's glob pattern. Python's fnmatch.fnmatch calls os.path.normcase on both arguments before matching. On POSIX hosts normcase is the identity function; on Windows hosts os.pat...

5.8AI score

Exploits0References3Affected Software1

Vulnrichment•added last week•4 views

CVE-2026-48116 AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

7.5CVSS6AI score0.00058EPSS

Exploits1References2

EUVD•added last week•3 views

EUVD-2026-33068

7.5CVSS6AI score0.00058EPSS

Exploits1References2

Packet Storm News•added 2026/05/28 12:0 a.m.•6 views

YARA-X 1.17.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by