Lucene search
K

3033 matches found

CVE
CVE
added yesterday9 views

CVE-2026-15551

CVE-2026-15551 : Samsung Open Source rlottie fraught with an integer overflow/ wraparound in the function gray_hline() , causing a heap-based buffer overflow when rendering a crafted Lottie animation at native canvas size. Risk details: attacker-controlled input through a crafted animation; CVSS3...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-15551 Samsung rlottie: Numeric truncation in gray_hline() leads to heap-based buffer overflow when rendering a crafted Lottie animation at native canvas size

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS0.00081EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-34196

CVE-2026-34196 concerns GPU-driver code: when non-privileged software makes improper GPU system calls, an integer overflow can cause two GPU virtual addresses to map to the same physical page. After freeing the first mapping and the physical page, the second mapping can be used to read/write to m...

7.8CVSS6.1AI score0.0015EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...

9.8CVSS6.9AI score0.0138EPSS
Exploits15References167
OSV
OSV
added 2026/07/02 3:40 p.m.7 views

GHSA-XWW8-GQVH-92X9 OpenClaw: Exec approval display truncation could hide the command being approved

Summary OpenClaw exec approvals could show a shortened command in the approval UI while keeping the full original command for execution. For very long commands, an approver could see and approve a benign-looking prefix while a hidden suffix remained part of the command that would run after...

8CVSS5.8AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54046

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...

7.1CVSS5.9AI score0.00226EPSS
Exploits1References23
RedHat Linux
RedHat Linux
added 2026/06/29 3:13 p.m.11 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS7.1AI score0.00405EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.8 views

CVE-2026-53923

A flaw was found in vLLM. Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels leads to partial tensor processing. This results in the output tensor retaining previously used GPU memory, which, in multi-tenant inference deployments, can expose sensitive tensor data from other...

7.5CVSS5.7AI score0.00281EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across...

7.8CVSS6AI score0.00129EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iomap: avoid potential null folio-mapping deref during error reporting When a buffered read fails, iomapfinishfolioread reports the error with...

7.5CVSS6.1AI score0.00359EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware- supplied datasize is cast to signed int before being used...

7.8CVSS6.2AI score0.00153EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:11 a.m.7 views

RDMA/umem: Fix truncation for block sizes >= 4G

...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
OSV
OSV
added 2026/06/26 2:16 a.m.5 views

ALPINE-CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.2AI score0.00405EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:16 a.m.9 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS0.00405EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.8 views

SUSE CVE-2026-53202

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

7.8CVSS6AI score0.00153EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39614

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.6AI score0.00405EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5450 KubeVirt's authorization mechanism improperly truncates subresource names in kubevirt.io/kubevirt

KubeVirt's authorization mechanism improperly truncates subresource names in kubevirt.io/kubevirt...

5.4CVSS5.8AI score0.0015EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 9:16 p.m.9 views

CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS0.00385EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 p.m.4 views

UBUNTU-CVE-2026-6679

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This...

8.8CVSS6AI score0.00385EPSS
Exploits0References5
Rows per page
Query Builder