CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...

10CVSS8.9AI score0.02074EPSS

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in CGal

There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h: SNCioparser::readsface and storesmboundaryitem. A specially crafted malformed file can lead to an out-of-bounds read and typ...

10CVSS8.8AI score0.02328EPSS

AstraLinux•added 6 days ago•9 views

Astra Linux – Vulnerability in CGal

10CVSS8.9AI score0.02074EPSS

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger an...

10CVSS8.9AI score0.02186EPSS

AstraLinux•added 6 days ago•10 views

Astra Linux – Vulnerability in CGal

10CVSS8.9AI score0.02191EPSS

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerability in CGal

There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h: SNCioParser::readsface sfh-boundaryentryobjects Sloopof. A specially crafted, malformed file can lead to an out-of-bounds re...

10CVSS8.8AI score0.02361EPSS

Tenable Nessus•added 2026/06/12 12:0 a.m.•12 views

Linux Distros Unpatched Vulnerability : CVE-2026-9752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygo...

OSSF Malicious Packages•added 2026/06/10 1:55 p.m.•8 views

Exploits0References2

Malicious code in martinez-polygon-clipping-simul-dalton (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc17081752344fc57ebe6468de5909582aa81fb2957e605ee81aa46252150a0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score

OSV•added 2026/06/10 1:55 p.m.•7 views

MAL-2026-5508 Malicious code in martinez-polygon-clipping-simul-dalton (npm)

5.5AI score

EUVD•added 2026/06/10 12:31 a.m.•8 views

EUVD-2026-35851

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

NVD•added 2026/06/09 11:17 p.m.•12 views

Exploits0References2

CVE-2026-9752

7.1CVSS0.0027EPSS

Cvelist•added 2026/06/09 10:27 p.m.•40 views

CVE-2026-9752 GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

7.1CVSS0.0027EPSS

Vulnrichment•added 2026/06/09 10:27 p.m.•5 views

CVE-2026-9752 GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

7.1CVSS5.2AI score0.0027EPSS

CVE•added 2026/06/09 10:27 p.m.•31 views

CVE-2026-9752

MongoDB CVE-2026-9752 describes a vulnerability where an authorized user can trigger a server crash by executing a query that builds a 2dsphere index on a field containing a GeoJSON GeometryCollection with a Polygon that uses a strict-winding CRS. The underlying issue is that while strict-winding...

Exploits0References1Affected Software1

MongoDB•added 2026/06/09 10:27 p.m.•11 views

GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/09 12:0 a.m.•14 views

PT-2026-48302

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...

7.1CVSS5.5AI score0.0027EPSS

Exploits0References8

OSV•added 2026/06/08 12:2 a.m.•3 views

OSV-2026-879 Heap-use-after-free in lsr_restore_base

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520664955 Crash type: Heap-use-after-free READ 8 Crash state: lsrrestorebase lsrreadpolygon lsrreadscenecontentmodel...

5.4AI score

OSSF Malicious Packages•added 2026/05/26 9:10 a.m.•16 views

Malicious code in massive (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02d8dea3e47a2bd45fc796f33fc582956aec2be887add9672fd5eccc91c2135d Package self-describes as the 'Official Massive formerly Polygon.io REST and Websocket client,' a false rebrand claim — Polygon.io has not changed...

5.9AI score

OSV•added 2026/05/26 9:10 a.m.•14 views

MAL-2026-4795 Malicious code in massive (PyPI)

5.9AI score