Lucene search
K

60485 matches found

OSV
OSV
added 2026/03/18 10:3 p.m.3 views

CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

9.9CVSS5.7AI score0.00432EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 9:44 p.m.16 views

CVE-2026-4407

The CVE-2026-4407 issue affects Xpdf 4.06 and earlier, caused by an out-of-bounds array write stemming from incorrect validation of the “N” field in ICCBased color spaces. The vulnerability is rooted in input validation for ICCBased color space handling, leading to potential memory access issues....

2.1CVSS5.8AI score0.00143EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/18 9:44 p.m.3 views

CVE-2026-4407

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

2.1CVSS5.3AI score0.00143EPSS
Exploits0
OSV
OSV
added 2026/03/18 9:16 p.m.3 views

DEBIAN-CVE-2026-32636

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue...

7.5CVSS5.2AI score0.00475EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/18 9:16 p.m.3 views

CVE-2026-32636

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/18 8:39 p.m.5 views

CVE-2026-32636

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue...

7.5CVSS5.2AI score0.00475EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/18 8:39 p.m.7 views

CVE-2026-32636

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue...

5.3CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/18 8:39 p.m.1 views

CVE-2026-32636

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue...

7.5CVSS5.8AI score0.00475EPSS
Exploits0
OSV
OSV
added 2026/03/18 8:16 p.m.3 views

UBUNTU-CVE-2026-31968

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

8.8CVSS6.3AI score0.00409EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 8:1 p.m.3 views

GHSA-8QVF-MR4W-9X2C Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...

10CVSS5.9AI score0.00713EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/18 8:1 p.m.6 views

Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...

10CVSS5.9AI score0.00713EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/18 7:49 p.m.3 views

GHSA-MWXC-M426-3F78 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

9.9CVSS5.8AI score0.00432EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/18 7:49 p.m.4 views

EUVD-2026-12978

ApostropheCMS has Arbitrary File Write Zip Slip / Path Traversal in Import-Export Gzip Extraction...

9.9CVSS5.8AI score0.00432EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/18 7:49 p.m.10 views

ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

9.9CVSS5.8AI score0.00432EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2026/03/18 6:53 p.m.165 views

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2025-24257 IOGPUFamily bitmapmask underflow — kernel h...

7.1CVSS5.8AI score0.00241EPSS
Exploits1
EUVD
EUVD
added 2026/03/18 6:31 p.m.3 views

EUVD-2026-12892

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...

5.7AI score0.001EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 6:31 p.m.4 views

EUVD-2026-12904

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...

5.7AI score0.00112EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/18 6:31 p.m.5 views

EUVD-2026-12868

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

5.9AI score0.00406EPSS
Exploits0References5
NVD
NVD
added 2026/03/18 6:16 p.m.5 views

CVE-2026-23267

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix ISCHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, when mounting F2FS, an -EINVAL error was returned from f2fsrecoverinodepage. The issue occurred under th...

5.5CVSS0.00114EPSS
Exploits0References6
NVD
NVD
added 2026/03/18 6:16 p.m.4 views

CVE-2026-23259

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...

5.5CVSS0.001EPSS
Exploits0References2
Rows per page
Query Builder