Lucene search
K

80265 matches found

OSV
OSV
added 2026/03/20 9:17 p.m.4 views

MGASA-2026-0061 Updated expat packages fix security vulnerabilities

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References3
Mageia
Mageia
added 2026/03/20 9:17 p.m.9 views

Updated expat packages fix security vulnerabilities

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.2 views

CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 9:17 p.m.4 views

UBUNTU-CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/20 8:44 p.m.2 views

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the LiveQuery WebSocket interface due to improper enforcement of pointer permissions. An attacker...

7.1CVSS5.8AI score0.00397EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/20 8:44 p.m.9 views

Parse Server's LiveQuery bypasses CLP pointer permission enforcement

Impact Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions,...

7.1CVSS5.8AI score0.00397EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/20 8:44 p.m.8 views

GHSA-FPH2-R4QG-9576 Parse Server's LiveQuery bypasses CLP pointer permission enforcement

Impact Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions,...

7.1CVSS5.8AI score0.00397EPSS
Exploits0References7
CVE
CVE
added 2026/03/20 8:33 p.m.16 views

CVE-2026-33164

libde265 prior to version 1.0.17 is vulnerable to a segmentation fault caused by a malformed H.265 PPS NAL unit in pic_parameter_set::set_derived_values(). The issue has a fix in version 1.0.17, which patches the fault. Affected component is the libde265 H.265 decoder; impact is a crash/segmentat...

8.7CVSS5.7AI score0.00349EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 8:33 p.m.3 views

CVE-2026-33164 NULL Pointer Dereference in libde265

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

8.7CVSS5.8AI score0.00349EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/20 8:33 p.m.3 views

CVE-2026-33164 NULL Pointer Dereference in libde265

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

8.7CVSS5.7AI score0.00349EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 8:33 p.m.23 views

CVE-2026-33164 NULL Pointer Dereference in libde265

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

8.7CVSS0.00349EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:20 p.m.8 views

CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/20 8:20 p.m.6 views

EUVD-2026-13794

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 8:20 p.m.2 views

CVE-2026-33179 libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.7AI score0.00197EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/20 8:20 p.m.3 views

CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.3AI score0.00197EPSS
Exploits0
CVE
CVE
added 2026/03/20 8:20 p.m.15 views

CVE-2026-33179

CVE-2026-33179 affects libfuse’s io_uring transport: versions 3.18.0 up to but not including 3.18.2. A NULL pointer dereference and a memory leak in fuse_uring_init_queue can crash the FUSE daemon or exhaust resources; if numa_alloc_local fails, NULL pointers are used, and on fuse_uring_register_...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:20 p.m.20 views

CVE-2026-33179 libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS0.00197EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 8:20 p.m.4 views

CVE-2026-33179 libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.9AI score0.00197EPSS
Exploits0References5
OSV
OSV
added 2026/03/20 12:39 p.m.8 views

CLSA-2026-1774010344 Fix of 8 CVEs

SECURITY UPDATE: stack buffer overflow in msl.c attribute handling, path traversal bypass of security policy, XSS in HTML coder output, and MSL attribute overflow - debian/patches/CVE-2026-25797CVE-2026-25965CVE-2026-25968CVE-2026-25982.patch: Fix memory leaks, stack overflows, integer overflows...

9.8CVSS7AI score0.00671EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/20 12:10 p.m.4 views

CVE-2026-23277

A flaw was found in the Linux kernel. A null pointer dereference vulnerability exists in the Traffic Equalizer TEQL module's interaction with the IP tunneling framework. When a Generic Routing Encapsulation GRE tap tunnel acts as a TEQL slave, the system attempts to access uninitialized statistic...

5.5CVSS5.7AI score0.00117EPSS
Exploits0References4
Rows per page
Query Builder