CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•6 views

CVE-2026-46602

The CVE affects the TIFF decoder in golang.org/x/image, where the tile size limit is not enforced. This can enable a malicious or corrupted TIFF image with very large tiles to drive unbounded memory consumption. The provided documents describe the vulnerability and its impact; they do not specify...

5.9AI score

Tenable Nessus•added 3 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-9029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before...

7.3CVSS5.9AI score0.00296EPSS

NVD•added 4 days ago•8 views

CVE-2026-9029

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS0.00296EPSS

OSV•added 4 days ago•2 views

UBUNTU-CVE-2026-9029

7.3CVSS5.9AI score0.00296EPSS

EUVD•added 4 days ago•6 views

EUVD-2026-38243

7.3CVSS6.7AI score0.1546EPSS

Positive Technologies•added 4 days ago•11 views

PT-2026-51321

7.3CVSS5.9AI score0.00296EPSS

Exploits0References6

AstraLinux•added last week•7 views

Astra Linux – Vulnerability in openexr

A flaw was discovered in the function dataWindowForTile of the IlmImf/ImfTiledMisc.cpp file. An attacker who can submit a crafted file for processing with OpenEXR could trigger an integer overflow, resulting in an out-of-bounds write operation on the heap. The most significant impact of this flaw...

6.1CVSS6.9AI score0.0079EPSS

AstraLinux•added last week•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Media: Verisilicon: AV1 – Fix for the tile info buffer size. Each tile info consists of: rowsb, colsb, startpos, and endpos 4 bytes each. Therefore, the total memory required is AV1MAXTILES 16 bytes. Use the correct define to...

7.8CVSS5.8AI score0.00138EPSS

AstraLinux•added last week•3 views

Astra Linux – Vulnerability in Zabbix

Currently, the geomap configuration Administration - General - Geographical maps allows the use of HTML in the “Attribution text” field when the “Other” Tile provider is selected...

5.5CVSS5.6AI score0.62046EPSS

Cvelist•added 2026/06/15 7:15 p.m.•29 views

CVE-2026-52718 Gstreamer1-plugins-bad-free: gstreamer: denial of service via av1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS0.00307EPSS

Redos•added 2026/06/15 12:0 a.m.•5 views

ROS-20260615-73-0038

The vulnerability of the progressivedecompresstileupgrade function in the RDP client FreeRDP is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failure...

6.5CVSS4.8AI score0.00252EPSS

Exploits0

SUSE Linux•added 2026/06/12 2:0 p.m.•6 views

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issue CVE-2026-42050: stack buffer overflow in XTileImage bsc1265048. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

5.5CVSS5.5AI score0.0013EPSS

Exploits0References4

Amazon•added 2026/06/08 12:0 a.m.•6 views

Important: libheif

Issue Overview: libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap...

8.8CVSS5.5AI score0.00446EPSS

Exploits1

OSV•added 2026/06/05 3:18 p.m.•8 views

JLSEC-2026-572

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.3AI score0.00446EPSS

Exploits1References2

OSV•added 2026/05/29 2:22 p.m.•5 views

CLSA-2026-1780061802 Fix CVE(s): CVE-2026-42050

SECURITY UPDATE: fix stack-based buffer overflow in XTileImage triggered by a malicious MIFF file when right-clicking a tile to invoke the Load / Update menu item - debian/patches/CVE-2026-42050.patch: fix stack-based buffer overflow in XTileImage triggered by a malicious MIFF file when...

5.5CVSS6.1AI score0.0013EPSS

SUSE CVE•added 2026/05/27 4:17 a.m.•2 views

SUSE CVE-2023-29452

Currently, geomap configuration Administration - General - Geographical maps allows using HTML in the field “Attribution text” when selected “Other” Tile provider...

5.5CVSS6AI score0.62046EPSS