Lucene search
K

2620 matches found

NVD
NVD
added 5 hours ago4 views

CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 hours ago3 views

CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 14 hours ago8 views

ROOT-OS-UBUNTU-2404-CVE-2026-43495 CVE-2026-43495 in rootio-linux - Patched by Root

Root has patched CVE-2026-43495 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

8.8CVSS5.8AI score0.00272EPSS
Exploits0
OSV
OSV
added 14 hours ago4 views

ROOT-OS-UBUNTU-2404-CVE-2025-38190 CVE-2025-38190 in rootio-linux - Patched by Root

Root has patched CVE-2025-38190 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS7.8AI score0.00164EPSS
Exploits0
Circl
Circl
added yesterday7 views

CVE-2026-43707

creationtimestamp| type| source ---|---|--- 2026-06-30 10:00:53+00:00| seen| https://thehackernews.com/2026/06/apple-patches-30-ios-macos-safari-flaws.html 2026-07-01 01:00:45+00:00| seen| https://thehackernews.com/2026/06/apple-patches-30-ios-macos-safari-flaws.html 2026-07-01 02:51:35+00:00|...

6.5CVSS6AI score0.00164EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

DEBIAN-CVE-2026-58050

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...

7.5CVSS6AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 3 days ago11 views

CVE-2026-58050

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...

8.3CVSS0.00311EPSS
Exploits0References3
CVE
CVE
added 3 days ago39 views

CVE-2026-58050

CVE-2026-58050 affects libssh2 up to 1.11.1. The publickey subsystem reads an attacker-controlled 32-bit attribute count and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking. On 32-bit platforms, this multiplication can overflow, producing an under...

8.3CVSS6AI score0.00311EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...

8.3CVSS0.00311EPSS
Exploits0References3
Debian CVE
Debian CVE
added 3 days ago5 views

CVE-2026-58050

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...

8.3CVSS6AI score0.00311EPSS
Exploits0
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-53082

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An integer overflow occurs when the software reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response. This value is used in the allocation num attrs sizeoflibssh2...

8.3CVSS6AI score0.00311EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-50136

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...

7.4CVSS5.8AI score0.00326EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-39667

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 5 days ago10 views

CVE-2026-53199

A flaw was found in the Linux kernel's Hyper-V network virtual service client hvnetvsc component. This vulnerability occurs in the netvsccopytosendbuf function, where incorrect memory mapping of page buffer entries can lead to a system fault. Specifically, on 32-bit x86 systems with high memory...

7.5CVSS6AI score0.0053EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-52832

Name of the Vulnerable Software and Affected Versions Contest Gallery versions prior to 30.0.1 Description A SQL Injection issue exists that allows attackers with contributor-level permissions to execute unauthorized database queries remotely. Recommendations Update to a version newer than 30.0.0...

8.5CVSS5.9AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-54917

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

10CVSS0.00345EPSS
Exploits1References2
CVE
CVE
added 6 days ago13 views

CVE-2026-54917

CVE-2026-54917 affects SeaweedFS prior to 4.30. The S3 gateway and Iceberg REST catalog gateway construct routers with mux.NewRouter().SkipClean(true); when path cleaning is disabled, a .. segment in URLs can survive routing (example: GET /bucket-A/../evil-bucket/key) and be parsed as a valid buc...

10CVSS5.9AI score0.00345EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 6 days ago19 views

CVE-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

7.8CVSS0.00345EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 6 days ago11 views

CVE-2026-54917

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

7.8CVSS5.9AI score0.00345EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder