Lucene search
K

487 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/15 3:17 p.m.6 views

CVE-2026-20202

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability editusercould create a special...

6.6CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software2
Amazon
Amazon
added 2026/04/14 12:0 a.m.12 views

Medium: rust

Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...

8.1CVSS5.9AI score0.00688EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.7 views

PT-2026-32394

Name of the Vulnerable Software and Affected Versions MongoDB C Driver versions prior to 1.30.5 MongoDB C Driver version 2.0.0 MongoDB C Driver version 2.0.1 Description The bson validate function may return early on specific inputs and incorrectly report success. This behavior could result in...

7.5CVSS5.8AI score0.00184EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31388

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem gb2312, and mem utf8 parameters...

7.5CVSS6.2AI score0.00599EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 12:0 a.m.21 views

CVE-2025-50665

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /webkeyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, memgb2312, and memutf8 parameters...

0.00599EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 10:22 p.m.27 views

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS0.00156EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 10:22 p.m.4 views

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS6AI score0.00156EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:3 a.m.3 views

CVE-2006-10002

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters while SvPV gives...

9.8CVSS6AI score0.00604EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/03/19 11:3 a.m.4 views

CVE-2006-10002

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters while SvPV gives...

9.8CVSS5.7AI score0.00604EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2006-10002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8...

9.8CVSS6AI score0.00604EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 1:50 p.m.9 views

CLSA-2026-1773669005 compat-openssl11: Fix of CVE-2025-69419

CVE-2025-69419: fix heap buffer overflow in OPENSSLuni2utf8 via bmptoutf8...

7.4CVSS7.3AI score0.00444EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/06 7:14 a.m.29 views

CVE-2026-29062 jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...

8.7CVSS0.00552EPSS
Exploits0References3
NVD
NVD
added 2026/03/04 6:16 p.m.6 views

CVE-2026-20031

A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...

5.3CVSS0.00414EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 6:16 p.m.3 views

DEBIAN-CVE-2026-20031

A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...

5.3CVSS5.4AI score0.00414EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 9:38 a.m.6 views

CLSA-2026-1772098723 openssl: Fix of CVE-2025-69419

CVE-2025-69419: fix one-byte write-before-buffer triggered by malicious PKCS12 BMPString containing non-ASCII BMP code point; validate UTF8putc return and use correct destination capacity during conversion from UTF-16BE into UTF-8...

7.4CVSS5.9AI score0.00444EPSS
Exploits1References1
OSV
OSV
added 2026/02/16 10:25 a.m.5 views

CLSA-2026-1771237525 Fix CVE(s): CVE-2025-69419

SECURITY UPDATE: check return code of UTF8putc - debian/patches/CVE-2025-69419.patch: add missing return code checks for UTF8putc in astrex.c and OPENSSLuni2utf8 in p12utl.c. - CVE-2025-69419...

7.4CVSS5.9AI score0.00444EPSS
Exploits1References1
Rosalinux
Rosalinux
added 2026/02/16 7:27 a.m.8 views

Advisory ROSA-SA-2026-3153

Software: libtomcrypt 1.18.2 OS: ROSA Virtualization 3.1 unaffected versions = libtomcrypt-1.18.2-5.0.1.rv31 affected versions libtomcrypt-1.18.2-5.0.1.1.rv31 CVE-ID: CVE-2019-17362 BDU-ID: 2025-16070 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the derdecodeutf8string function of the...

9.1CVSS7.1AI score0.03195EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/07 12:0 a.m.10 views

Fedora 42 : xorgxrdp / xrdp (2026-b409dad73e)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b409dad73e advisory. Release notes for xrdp v0.10.5 2026/01/27 Security fixes - CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based...

9.8CVSS5.5AI score0.01318EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.5 views

SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:0360-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0360-1 advisory. - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in...

7.5CVSS6.7AI score0.00844EPSS
Exploits1References22
OSV
OSV
added 2026/01/28 9:37 a.m.7 views

SUSE-SU-2026:0312-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with...

9.8CVSS6.1AI score0.47621EPSS
Exploits7References17
Rows per page
Query Builder