Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19901 matches found

OSV
OSVadded 2026/03/10 8:12 p.m.2 views

CVE-2026-30837 Elysia has a string URL format redos

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00027EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/03/10 7:4 p.m.2 views

CVE-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString()

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

5.3CVSS5.8AI score0.00004EPSS
Exploits1References1
CVE
CVEadded 2026/03/10 7:4 p.m.5 views

CVE-2026-26309

Envoy CVE-2026-26309 describes an off-by-one write in Envoy::JsonEscaper::escapeString() that can corrupt std::string null-termination, causing undefined behavior and potentially crashes or out-of-bounds reads when treated as a C-string. Affected before 1.37.1, 1.36.5, 1.35.8, 1.34.13. The vulner...

5.3CVSS5.8AI score0.00004EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2026/03/10 7:4 p.m.3 views

EUVD-2026-10801

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

5.3CVSS5.8AI score0.00004EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/10 7:4 p.m.3 views

CVE-2026-26309

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

5.3CVSS5.8AI score0.00004EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/03/10 6:31 p.m.1 views

EUVD-2025-208499

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7,...

7.2CVSS5.8AI score0.00086EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/10 6:31 p.m.1 views

EUVD-2025-208498

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7,...

7.2CVSS5.8AI score0.00086EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/10 6:30 p.m.4 views

EUVD-2026-10800

Envoy affected by off-by-one write in JsonEscaper::escapeString...

5.3CVSS5.8AI score0.00004EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/03/10 6:30 p.m.2 views

Envoy affected by off-by-one write in JsonEscaper::escapeString()

Summary An off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the resulting string is later treated as a C-string. Details The bug is in the control-character...

5.3CVSS5.6AI score0.00004EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/03/10 6:30 p.m.1 views

GHSA-56CJ-WGG3-X943 Envoy affected by off-by-one write in JsonEscaper::escapeString()

Summary An off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the resulting string is later treated as a C-string. Details The bug is in the control-character...

5.3CVSS5.6AI score0.00004EPSS
Exploits1References3
OSV
OSVadded 2026/03/10 6:18 p.m.1 views

CVE-2025-68648

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7,...

7.2CVSS5.8AI score
Exploits0References1
NVD
NVDadded 2026/03/10 6:18 p.m.1 views

CVE-2025-68648

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2...

7.2CVSS0.00086EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/10 5:52 p.m.3 views

CVE-2026-30983

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml strcpy causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5...

7.8CVSS6.1AI score0.00018EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/03/10 4:44 p.m.24 views

CVE-2025-68648

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2...

7.2CVSS0.00086EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/10 4:44 p.m.3 views

CVE-2025-68648

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2...

7.2CVSS5.8AI score0.00086EPSS
Exploits0References2Affected Software4
CVE
CVEadded 2026/03/10 4:44 p.m.8 views

CVE-2025-68648

Fortinet FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud are affected by a use of externally-controlled format string vulnerability. Versions impacted span FortiAnalyzer/Cloud 7.0, 7.2, 7.4, and 7.6 (and corresponding FortiManager/Cloud ranges), with a potential for privi...

7.2CVSS5.8AI score0.00086EPSS
Exploits0References1Affected Software4
Vulnrichment
Vulnrichmentadded 2026/03/10 4:44 p.m.1 views

CVE-2025-68648

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2...

7.2CVSS5.8AI score0.00086EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/03/10 9:26 a.m.2 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00019EPSS
Exploits2References8
Positive Technologies
Positive Technologiesadded 2026/03/10 12:0 a.m.3 views

PT-2026-24378

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.34.13 Envoy versions prior to 1.35.8 Envoy versions prior to 1.36.5 Envoy versions prior to 1.37.1 Description Envoy is a high-performance edge/middle/service proxy. An off-by-one write in the...

5.3CVSS5.8AI score0.00004EPSS
Exploits1References10
Tenable Nessus
Tenable Nessusadded 2026/03/10 12:0 a.m.2 views

Fortinet FortiManager Format string vulnerability in fazsvcd (FG-IR-26-092)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-092 advisory. - A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer...

7.2CVSS5.8AI score0.00086EPSS
Exploits0References2
Rows per page
Query Builder