Lucene search
+L

5765 matches found

osv
osv
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-700 Out-of-bounds Write in OpenCV

OpenCV Open Source Computer Vision Library 3.3 corresponding to OpenCV-Python 3.3.0.9 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597...

6.5CVSS6AI score0.01622EPSS
Exploits1References9
osv
osv
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-701 Out-of-bounds Write in OpenCV

OpenCV Open Source Computer Vision Library through 3.3 corresponding to OpenCV-Python and OpenCV-Contrib-Python 3.3.0.9 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the...

8.8CVSS6AI score0.0197EPSS
Exploits0References10
osv
osv
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-698 Out-of-bounds Read in OpenCV

OpenCV Open Source Computer Vision Library through 3.3 corresponding to OpenCV-Python 3.3.0.9 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the...

8.8CVSS6AI score0.0197EPSS
Exploits0References12
nvd
nvd
added 2026/07/02 12:16 a.m.6 views

CVE-2026-55792

Craft CMS is a content management system CMS. In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl Twig function is included in Craft’s Twig sandbox allowlist, allowing any control panel user granted the utility:system-messages permission ...

6CVSS0.00268EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/01 11:20 p.m.5 views

CVE-2026-55792

Craft CMS is a content management system CMS. In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl Twig function is included in Craft’s Twig sandbox allowlist, allowing any control panel user granted the utility:system-messages permission ...

6CVSS5.8AI score0.00268EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-13940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized Use in Cast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information...

6.5CVSS6.1AI score0.00147EPSS
Exploits0References2
osv
osv
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14048

Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Low...

6.5CVSS5.8AI score0.00116EPSS
Exploits0References1
nvd
nvd
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13905

Race in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: Medium...

4.2CVSS0.00092EPSS
Exploits0References2
cve
cve
added 2026/06/30 7:56 p.m.40 views

CVE-2026-10134

CVE-2026-10134 – Unauthenticated Server-Side RCE in Langflow OSS affects Langflow OSS 1.0.0–1.9.3. The vulnerability arises from a code-injection flaw via the PythonCodeStructuredTool in public flows, allowing an attacker to read secrets, read/modify flows, conversations, messages, files, and sav...

10CVSS5.8AI score0.00314EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.6 views

PT-2026-54323

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Chromecast component. This occurs when a program continues to use a pointer after the memory it points to has been freed, which can lead to crashes ...

9.8CVSS5.9AI score0.00413EPSS
Exploits0References448
osv
osv
added 2026/06/26 7:40 p.m.2 views

CVE-2026-53279 drm/gma500/oaktrail_lvds: fix hang on init failure

In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktraillvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2cgetadapter and tries to read the EDID before falling back to allocating and registering its own adapter. The error handling doe...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References9
euvd
euvd
added 2026/06/26 3:32 p.m.8 views

EUVD-2026-39657

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/26 3:15 p.m.8 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS5.8AI score0.00551EPSS
Exploits1References3Affected Software1
thn
thn
added 2026/06/25 2:12 p.m.49 views

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube, has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extensio...

6.3AI score
Exploits0
euvd
euvd
added 2026/06/25 9:31 a.m.7 views

EUVD-2026-39183

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
ossf
ossf
added 2026/06/23 2:12 p.m.10 views

Malicious code in @outmarket/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cd90f0d706cda01a5740f120f6e8d22ae57d907a5000854439c201b3c53a8c0 package.json declares a postinstall lifecycle script that fires automatically on npm install. The inline node -e payload uses hex-encoded property...

5.9AI score
Exploits0References3
astralinux
astralinux
added 2026/06/19 11:10 a.m.15 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed the issue of reading strings from synthetic events. The following commands caused a crash: cd /sys/kernel/tracing echo 's:open char file' dynamicevents echo...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.11 views

PT-2026-55944

Name of the Vulnerable Software and Affected Versions pydantic-settings versions 2.12.0 through 2.14.1 Description The NestedSecretsSettingsSource reads secret values from files within a configured secrets dir. When the secrets nested subdir variable is set to true, the system follows symbolic...

5.3CVSS6AI score0.00138EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-50848

Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References7
nvd
nvd
added 2026/06/18 5:16 p.m.15 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS0.0028EPSS
Exploits0References4
Rows per page
Query Builder