Lucene search
+L

693 matches found

redhatcve
redhatcve
added 2026/07/08 6:55 a.m.6 views

CVE-2026-46592

A flaw was found in the Apache Camel CXF SOAP component. A remote attacker can exploit this vulnerability by manipulating the operationName header in an unauthenticated HTTP request. This improper input validation allows the attacker to force the CxfProducer to invoke unintended SOAP operations o...

7.5CVSS6AI score0.00396EPSS
Exploits1References4
osv
osv
added 2026/07/03 11:17 a.m.3 views

OPENSUSE-SU-2026:21230-1 Security update for keybase-client

This update for keybase-client fixes the following issues: Changes in keybase-client: - CVE-2026-46604: TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset bsc1269600 - Update to version 6.6.3 Various bug fixes...

7.5CVSS6AI score0.00346EPSS
Exploits0References2
osv
osv
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13984

Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 10:38 p.m.26 views

CVE-2026-13984

Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

0.00183EPSS
Exploits0References2
osv
osv
added 2026/06/26 9:16 p.m.4 views

DEBIAN-CVE-2026-46604

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
nvd
nvd
added 2026/06/26 9:16 p.m.12 views

CVE-2026-46604

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

7.5CVSS0.00346EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/26 8:22 p.m.7 views

CVE-2026-46604

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/26 8:22 p.m.29 views

CVE-2026-46604 Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

0.00346EPSS
Exploits0References3
debiancve
debiancve
added 2026/06/26 8:22 p.m.8 views

CVE-2026-46604

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

7.5CVSS5.8AI score0.00346EPSS
Exploits0
cve
cve
added 2026/06/26 8:22 p.m.30 views

CVE-2026-46604

The CVE-2026-46604 entry concerns a panic in the Go TIFF decoder (golang.org/x/image/tiff) when decoding a malformed image containing an out-of-bounds strip offset. Affected component: TIFF decoding path in golang.org/x/image/x/image/tiff. Root cause: decoding invalid TIFF data triggers a panic d...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/26 8:4 p.m.5 views

GO-2026-5066 Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.8 views

PT-2026-52971

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder can panic when processing an invalid image that contains an out-of-bounds strip offset. A panic is a critical error that causes a program to cra...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References13
osv
osv
added 2026/06/25 10:34 p.m.5 views

GO-2026-5752 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik

Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik...

10CVSS5.8AI score0.00591EPSS
Exploits2References4
redhatcve
redhatcve
added 2026/06/24 3:19 p.m.8 views

CVE-2025-61020

A flaw was found in openlink virtuoso-opensource. Attackers can exploit this vulnerability by sending specially crafted SQL statements to the sqlostripinjoin component. This can lead to a Denial of Service DoS, making the service unavailable to legitimate users...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/23 7:10 p.m.39 views

CVE-2026-48020 Traefik StripPrefix Route-Level Auth Bypass via Path Normalization

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...

7.8CVSS0.00591EPSS
Exploits2References4
nvd
nvd
added 2026/06/23 6:18 p.m.13 views

CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS0.00153EPSS
Exploits1References1
osv
osv
added 2026/06/23 5:47 p.m.1 views

CVE-2026-52846 Caddy: stripHTML template function bypass

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS5.9AI score0.00153EPSS
Exploits1References3
nvd
nvd
added 2026/06/23 5:16 p.m.9 views

CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.00482EPSS
Exploits0References4
osv
osv
added 2026/06/23 5:16 p.m.6 views

UBUNTU-CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61020

An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

5.9AI score0.00482EPSS
Exploits0References1
Rows per page
Query Builder