Lucene search
K

228 matches found

RedhatCVE
RedhatCVE
added 2026/07/07 12:38 a.m.5 views

CVE-2026-14604

A flaw was found in Open Asset Import Library Assimp. This vulnerability, a double free, exists within the PLY Model Handler component. A remote attacker could exploit this flaw by manipulating PLY model files, leading to a denial of service and making the application unavailable. Mitigation To...

6.5CVSS6AI score0.00233EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51521

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.4 through 0.7.x Description An authorization bypass in the API role handling allows unauthenticated access to privileged '/api/system/' endpoints. Because system resolves to the cron admin identity, attackers can invok...

10CVSS5.9AI score0.00408EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/22 12:11 p.m.8 views

CVE-2026-56378

A vulnerability in ImageMagick allows attackers to crash the application or expose system data if a maliciously crafted Picture CD PCD file is processed. Mitigation Avoid processing untrusted PCD Picture CD image files with ImageMagick. Applications that utilize ImageMagick for image processing...

8.2CVSS5.9AI score0.00223EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 8:16 p.m.9 views

CVE-2026-47747

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

7.8CVSS0.0018EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/16 6:32 p.m.3 views

CVE-2026-47747

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

7.8CVSS6AI score0.0018EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/16 6:32 p.m.26 views

CVE-2026-47747 stable-diffusion.cpp has a Heap-based Buffer Overflow

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

7.8CVSS0.0018EPSS
Exploits1References3
CVE
CVE
added 2026/06/16 6:32 p.m.17 views

CVE-2026-47747

The CVE affects stable-diffusion.cpp, a pure C/C++ library for running diffusion model inference. The vulnerability lies in the pickle .ckpt parser in src/model.cpp within versions prior to master-584-0a7ae07, where a heap-based overflow could occur in the BINUNICODE opcode handler due to sign co...

7.8CVSS5.7AI score0.0018EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/16 5:23 p.m.3 views

CVE-2026-47749 stable-diffusion.cpp: Heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORTBINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...

7.8CVSS6.5AI score0.00203EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49829

Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description The pickle .ckpt parser in src/model.cpp contains a heap buffer overflow in the BINUNICODE opcode handler. This occurs due to sign confusion on the opcode length field, wher...

7.8CVSS6AI score0.0018EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/21 9:32 p.m.15 views

Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory

Impact A maliciously crafted .onetoc2 table-of-contents file can cause Parser::parsenotebook to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the .onetoc2 and joins them against the notebook's base directory without...

6AI score0.00011EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/20 11:2 p.m.20 views

CVE-2026-9150

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption a...

6.5CVSS6.1AI score0.00399EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/20 10:28 p.m.17 views

CVE-2026-9149

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repoaddsolv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could...

6.5CVSS5.9AI score0.00291EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Containerd

Containerd is a container runtime. A bug was discovered in containerd versions prior to 1.4.8 and 1.5.4, where pulling and extracting a specially crafted container image could result in changes to Unix file permissions for existing files in the host’s filesystem. Changes to file permissions could...

6.8CVSS6.3AI score0.01608EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2026/05/19 11:44 p.m.150 views

eip-search

Exploit Intel Platform CLI Search Tool Package/command: eip-...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/15 3:56 p.m.13 views

CVE-2026-6664

A flaw was found in PgBouncer. An integer overflow in the network packet parsing code allows an unauthenticated remote attacker to bypass a boundary check by sending a malformed SCRAM authentication packet. This can lead to a crash, resulting in a Denial of Service DoS for the PgBouncer instance...

7.5CVSS5.9AI score0.00698EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 4:23 p.m.11 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the ExtractTarGz process. An attacker can write arbitrary files to locations outside the intended extraction directory by submitting a crafted .tar.gz archive containing directory traversal sequences. This is only...

7CVSS6.3AI score0.00606EPSS
Exploits1References2
OSV
OSV
added 2026/05/07 1:54 a.m.8 views

GHSA-FPF5-4JW8-67X8 rust-zserio has Unbounded Memory Allocation

Impact When deserializing arrays, strings or bytes blob types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allocate...

7.5CVSS5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/05 8:58 a.m.11 views

CVE-2026-41680

A flaw was found in marked, a markdown parser and compiler. An unauthenticated attacker can exploit this Denial of Service DoS vulnerability by providing a specific 3-byte input sequence a tab, a vertical tab, and a newline. This input triggers an infinite recursion loop during parsing, leading t...

8.7CVSS5.8AI score0.00342EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/04 9:49 a.m.8 views

CVE-2026-5654

A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause the application to crash by exploiting an issue within the AMR-NB codec. Successful exploitation leads to a denial of service, which prevents Wireshark from functioning and analyzing network traffic. Mitigation To...

7.5CVSS5.8AI score0.00206EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/25 11:9 a.m.8 views

CVE-2026-41314

A flaw was found in pypdf, a pure-Python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file that accesses an image using /FlateDecode with large size values. This can lead to memory exhaustion, resulting in a Denial of Service DoS for the system processing th...

6.5CVSS5.4AI score0.00226EPSS
Exploits0References7
Rows per page
Query Builder