Lucene search
+L
AlpinelinuxRecent

13058 matches found

AlpineLinux
AlpineLinux
added 2 days ago13 views

CVE-2026-45793

Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...

7.5CVSS6.1AI score0.00519EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2 days ago2 views

CVE-2026-61866

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...

7.5CVSS6.1AI score0.00187EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2 days ago4 views

CVE-2026-61863

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...

7.5CVSS6.1AI score0.00102EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2 days ago3 views

CVE-2026-61859

ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy...

4.8CVSS6.1AI score0.00131EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2 days ago4 views

CVE-2026-38754

A heap overflow in the ifsbreakup function shell/ash.c of Busybox v1.38.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS6.1AI score0.0016EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2 days ago3 views

CVE-2026-38753

A use-after-free in the awksub function editors/awk.c of Busybox v1.38.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AWK script...

7.5CVSS6.1AI score0.00145EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2 days ago3 views

CVE-2026-38755

A heap overflow in the evalcommand function shell/ash.c of Busybox v1.38.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS6.1AI score0.0016EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 3 days ago3 views

CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS6.1AI score0.00523EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 3 days ago3 views

CVE-2026-54572

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

8.8CVSS6.1AI score0.00343EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 3 days ago3 views

CVE-2026-59732

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...

5CVSS6.1AI score0.00144EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 3 days ago6 views

CVE-2026-59884

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...

7.5CVSS6.1AI score0.00354EPSS
Exploits0
AlpineLinux
AlpineLinux
added 3 days ago4 views

CVE-2026-59885

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode call and c...

7.5CVSS6.1AI score0.00339EPSS
Exploits0
AlpineLinux
AlpineLinux
added 3 days ago4 views

CVE-2026-59886

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...

7.5CVSS6.1AI score0.00339EPSS
Exploits0
AlpineLinux
AlpineLinux
added 3 days ago8 views

CVE-2026-15719

We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6...

5.4CVSS6.1AI score0.00133EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 3 days ago6 views

CVE-2026-15718

We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6...

4.3CVSS6.1AI score0.00156EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 4 days ago5 views

CVE-2026-13221

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

9.1CVSS6.1AI score0.00606EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 4 days ago5 views

CVE-2026-57432

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

8.4CVSS6.2AI score0.00196EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 4 days ago3 views

CVE-2026-40553

Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score0.00291EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 4 days ago7 views

CVE-2026-40469

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

9.1CVSS6AI score0.00213EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 4 days ago5 views

CVE-2026-40468

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below...

9.1CVSS6AI score0.00201EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 4 days ago5 views

CVE-2026-40467

Use After Free vulnerability has been found in "io.c" program file of gawk dogetlineredir routine. This issue may lead to a crash. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score0.00213EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 6 days ago3 views

CVE-2026-61861

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...

7.5CVSS6.2AI score0.00323EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 6 days ago5 views

CVE-2026-61870

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service...

7.5CVSS6.1AI score0.00191EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 6 days ago7 views

CVE-2026-61858

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 6 days ago3 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

6.5CVSS6.1AI score0.00173EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2026-61857

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...

7.5CVSS6.1AI score0.00265EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 6 days ago6 views

CVE-2026-56372

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

9.1CVSS6.2AI score0.00198EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added last week10 views

CVE-2026-57156

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

9.8CVSS6.2AI score0.00698EPSS
Exploits1
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00539EPSS
Exploits1
AlpineLinux
AlpineLinux
added last week5 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS7AI score0.0069EPSS
Exploits1
AlpineLinux
AlpineLinux
added last week10 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

8.8CVSS6.1AI score0.00526EPSS
Exploits1
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-53450

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS6.1AI score0.00287EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added last week3 views

CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00176EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS6.2AI score0.00677EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added last week8 views

CVE-2026-8595

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score0.00239EPSS
Exploits0
AlpineLinux
AlpineLinux
added last week6 views

CVE-2026-8609

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

7.5CVSS6.1AI score0.00397EPSS
Exploits0
AlpineLinux
AlpineLinux
added last week6 views

CVE-2026-33382

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-56366

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...

6.5CVSS6.1AI score0.00169EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-56373

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS6.1AI score0.0023EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/07/09 10:39 p.m.6 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/07/09 10:37 p.m.10 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/07/09 10:34 p.m.6 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6.1AI score0.00107EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/07/09 4:14 p.m.5 views

CVE-2026-58459

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

9.6CVSS6.4AI score0.01775EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/07/09 9:29 a.m.4 views

CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

5.5CVSS6AI score0.00115EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/09 9:29 a.m.5 views

CVE-2026-56288

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk single block of changes in diff data structures, causing the application to pass a NULL pointer...

5.5CVSS6AI score0.00115EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/08 9:47 p.m.5 views

CVE-2026-15168

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure...

3.3CVSS6.1AI score0.00102EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/07/08 9:0 p.m.4 views

CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2026/07/08 8:55 p.m.6 views

CVE-2026-15166

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00133EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/07/08 8:51 p.m.6 views

CVE-2026-15174

Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00092EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/07/08 8:51 p.m.5 views

CVE-2026-15172

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00097EPSS
Exploits1References2
Total number of security vulnerabilities13058