Lucene search
K

3133 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-42044

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...

6.3CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-56197

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

6.1CVSS5.8AI score
Exploits0References5
CVE
CVE
added 2 days ago13 views

CVE-2026-59089

GIMP contains a vulnerability in its PlayStation TIM loader: the CLUT size is computed by multiplying two 16-bit unsigned values (num_colors and num_cluts), which can overflow and exceed integer limits. This overflow triggers undefined behavior that causes the GIMP plug-in to abort when processin...

5.5CVSS6AI score0.00121EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-13705

Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in readrgb16rle. readrgb16rle guards each literal run with if count dataleft, but count is a pixel count while every 16-bit sample consumes two bytes. The copy...

7.1CVSS0.00136EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41872

Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in readrgb16rle. readrgb16rle guards each literal run with if count dataleft, but count is a pixel count while every 16-bit sample consumes two bytes. The copy...

7.1CVSS6AI score0.00136EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-55931

Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in read rgb 16 rle. read rgb 16 rle guards each literal run with if count data left, but count is a pixel count while every 16-bit sample consumes two bytes. T...

7.1CVSS6AI score0.00136EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-55223

A flaw was found in c3p0, a JDBC Connection pooling library. This vulnerability allows a remote attacker to potentially execute arbitrary code by crafting a malicious data source object. When an application deserializes this object and automatically resolves its properties, it can trigger...

7.5CVSS6.3AI score0.00284EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41251

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoiaintroductionimage' parameter in all versions up to, and including, 4.16.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00235EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 6 days ago2 views

openSUSE 16 Security Update : lrzip (openSUSE-SU-2026:21179-1)

"The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21179-1 advisory. Changes in lrzip: - Update to version 0.660: Do not clean up thread structures in decompression failure conditions, fixing a use-after-free in...

7.8CVSS6AI score0.00243EPSS
Exploits3References9
RedHat Linux
RedHat Linux
added last week4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-44040

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes function seeds libc rand with time0 + getpid + rand and generates a 16-byte challenge. The combined seed space is...

6.5CVSS0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40888

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54477

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description The software uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. Specifically, the vncRandomBytes function seeds libc rand using a combinati...

6.5CVSS6AI score0.00221EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/30 11:36 a.m.6 views

CVE-2026-8402 SQLi in Exagate's SYSGUARD 6001

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-56018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup free...

7.5CVSS6.2AI score0.00609EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 6:31 p.m.6 views

EUVD-2026-40170

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...

7.5CVSS5.8AI score0.00695EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/06/29 12:43 p.m.5 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.16 Images

Red Hat OpenShift Virtualization release v4.16 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

8.7CVSS5.8AI score0.00656EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Fedora 44 : pgadmin4 (2026-c248414214)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c248414214 advisory. Update to pgadmin-9.16. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.5CVSS5.8AI score0.0071EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 7:26 p.m.12 views

EUVD-2026-37511

Remark42: Cross-Site Scripting XSS on /api/v1/img via content-type spoofing...

8.2CVSS7.3AI score0.00251EPSS
Exploits0References4
CVE
CVE
added 2026/06/26 5:38 p.m.18 views

CVE-2026-48706

CVE-2026-48706 affects Envoy TCP StatsD sink (TcpStatsdSink). A heap write overflow can occur when processing extremely long statistic names (>16 KiB) due to mismanagement of 16 KiB flush slices during buffer rotation, potentially causing process crash or remote code execution. Affected versio...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder