Lucene search
K

489 matches found

RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-52761

A flaw was found in ModSecurity, an open-source web application firewall WAF. The t:utf8toUnicode transformation function, responsible for converting UTF-8 encoded characters to Unicode, generates incorrect output on i386 architectures. This vulnerability allows an attacker to bypass WAF rules,...

5.8CVSS6AI score0.00438EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escap...

8.2CVSS6.1AI score0.00322EPSS
Exploits1References4
OSV
OSV
added 2026/06/20 2:16 a.m.9 views

DEBIAN-CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS6.1AI score0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/20 12:46 a.m.11 views

EUVD-2026-38103

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

6.1AI score0.00354EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/20 12:46 a.m.6 views

CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS6.1AI score0.00354EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 1:2 p.m.10 views

CVE-2026-11787 389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

5CVSS5.7AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 1:2 p.m.40 views

CVE-2026-11787

The CVE-2026-11787 entry concerns 389 Directory Server (389-ds-base). A heap buffer over-read occurs in the ldap_utf8prev() function when reading bytes before the start of a buffer during string filter parsing (via str2simple), which may influence internal filter processing behavior. Documented i...

6.3CVSS5.7AI score0.00177EPSS
Exploits0References2Affected Software3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.22 views

Astra Linux – Vulnerability in libtomcrypt

In LibTomCrypt version 1.18.2, the derdecodeutf8string function located in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service such as out-of-bounds reads and crashes or to read information from other...

9.1CVSS6.5AI score0.03195EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in mongo-c-driver

When calling bsonutf8validate on certain inputs, it is possible for an infinite loop to occur, with no way to exit. This issue affects All MongoDB C Driver versions prior to version 1.25.0...

7.5CVSS7.2AI score0.01103EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:17 p.m.8 views

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/12 3:6 p.m.7 views

node-ral (=0.17.0), protobufjs (=6.1.0) +1 more potentially affected by CVE-2026-44293 via @protobufjs/utf8 (>=1.0.1 <=1.1.0)

@protobufjs/utf8 NPM version =1.0.1, =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @protobufjs/utf8 and may be impacted: - node-ral =0.17.0 - protobufjs =6.1.0 - protobufjs-mod =6.8.2 Source cves: CVE-2026-44293 Source advisory:...

8.8CVSS5.8AI score0.00392EPSS
Exploits0
Snyk
Snyk
added 2026/05/12 3:6 p.m.10 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the toObject function when handling a schema-controlled bytes field default value. An attacker can execute arbitrary JavaScript code by providing a crafted descriptor with a malicious default value for a byte...

8.8CVSS6.1AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 10:42 p.m.38 views

CVE-2026-45130

Vim: Heap buffer overflow in read_compound() (src/spellfile.c) prior to 9.2.0450 when loading a crafted, UTF-8 spell file (.spl). An attacker-controlled length in the spell file’s compound section overflows a 32-bit signed multiplication, causing a small heap buffer to be allocated for a write lo...

6.6CVSS5.9AI score0.00248EPSS
Exploits1References4Affected Software2
Amazon
Amazon
added 2026/04/30 12:0 a.m.15 views

Medium: clamav1.4

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

5.3CVSS5.5AI score0.00414EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.11 views

Amazon Linux 2 : clamav1.4, --advisory ALAS2-2026-3276 (ALAS-2026-3276)

The version of clamav1.4 installed on the remote host is prior to 1.4.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3276 advisory. A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause ...

5.3CVSS5.4AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2026/04/23 3:10 p.m.5 views

JLSEC-2026-179

When calling bsonutf8validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0...

7.5CVSS6.7AI score0.01103EPSS
Exploits0References6
NVD
NVD
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35375

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS0.00143EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/22 4:9 p.m.30 views

CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS0.00143EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 5:6 p.m.8 views

CLSA-2026-1776416477 ImageMagick: Fix of CVE-2026-32636

CVE-2026-32636: fix out-of-bounds write in NewXMLTree/ConvertUTF16ToUTF8...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References1
Rows per page
Query Builder