Lucene search
+L

1185 matches found

osv
osv
added 2026/07/08 5:17 p.m.6 views

UBUNTU-CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References3
osv
osv
added 2026/07/08 4:16 p.m.5 views

UBUNTU-CVE-2026-59880

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/07/08 3:47 p.m.5 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score0.0037EPSS
Exploits1References6Affected Software1
redhatcve
redhatcve
added 2026/07/02 10:12 a.m.17 views

CVE-2026-44740

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

7.5CVSS6AI score0.00295EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.9 views

PT-2026-54831

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement occurs in the '/customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure' endpoint. This allows an authenticated user with low privileges to retrieve...

7.1CVSS5.8AI score0.00183EPSS
Exploits0References7
redhat
redhat
added 2026/06/29 9:51 a.m.5 views

github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

6.5CVSS6.1AI score0.00295EPSS
Exploits0References7
nessus
nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : python-pyasn1 (EulerOS-SA-2026-2504)

According to the versions of the python-pyasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by...

7.5CVSS6.7AI score0.00803EPSS
Exploits1References2
nessus
nessus
added 2026/06/27 12:0 a.m.10 views

EulerOS 2.0 SP15 : python-pyasn1 (EulerOS-SA-2026-2463)

According to the versions of the python-pyasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by...

7.5CVSS5.9AI score0.00803EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/26 11:28 a.m.39 views

CVE-2026-57914 Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures

By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...

0.00294EPSS
Exploits0References1
cve
cve
added 2026/06/26 11:28 a.m.22 views

CVE-2026-57914

CVE-2026-57914 concerns Apache Kerby: parsing a deeply nested ASN.1 structure can trigger a StackOverflow, causing a denial of service. The impact is limited to DoS with availability impact reported; no remote code execution details are provided. The root cause is a vulnerability in the ASN.1 par...

6.5CVSS5.7AI score0.00294EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in pyasn1

pyasn1 is a generic ASN.1 library for Python. Prior to version 0.6.3, the pyasn1 library was vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion during the decoding of ASN.1 data with deeply nested structures. An attacker could provide a crafted payload containing...

7.5CVSS6.7AI score0.00803EPSS
Exploits1References3
redhat
redhat
added 2026/06/23 8:6 p.m.11 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS7AI score0.01052EPSS
Exploits1References10
nvd
nvd
added 2026/06/19 5:16 p.m.13 views

CVE-2017-20268

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS0.0027EPSS
Exploits0References4
euvd
euvd
added 2026/06/19 4:11 p.m.7 views

EUVD-2017-18995

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
nvd
nvd
added 2026/06/19 6:17 a.m.16 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS0.00107EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/19 3:0 a.m.8 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.5AI score0.00107EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50953

Name of the Vulnerable Software and Affected Versions Joomla Ultimate Property Listing version 1.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the sf selectuser id parameter. Attackers can...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References5
redhat
redhat
added 2026/06/11 1:24 p.m.8 views

openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References4
packetstormnews
packetstormnews
added 2026/06/11 12:0 a.m.19 views

DNGBehaviorAnalyzer Telemetry-Based DNG/TIFF Metadata Parser and Anomaly Detection

This Python script provides a telemetry-driven analysis framework for inspecting Digital Negative DNG files through low-level TIFF metadata parsing and runtime event logging. The tool reads and validates TIFF headers, traverses Image File Directory IFD entries, and records parser activity using...

5.6AI score
Exploits0
packetstormnews
packetstormnews
added 2026/06/11 12:0 a.m.36 views

Font Generator for Embedded Bitmap and Color Glyph Pipeline Robustness Testing

This Python program constructs a handcrafted TrueType font file that combines multiple font subsystems - including embedded bitmap tables, color glyph definitions, glyph mapping structures, and minimal layout metadata - into a single synthetic test artifact...

5.3AI score
Exploits0
Rows per page
Query Builder