Lucene search
+L
AlpinelinuxRecent

13035 matches found

alpinelinux
alpinelinux
added 2026/03/13 5:19 p.m.4 views

CVE-2026-29079

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...

8.2CVSS5.8AI score0.00263EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/03/13 5:18 p.m.5 views

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS5.8AI score0.00269EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/03/13 1:23 p.m.6 views

CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

6.5CVSS5.9AI score0.00435EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/12 9:30 p.m.5 views

CVE-2026-3910

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.02EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/12 9:30 p.m.6 views

CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.01629EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/03/12 7:38 p.m.3 views

CVE-2026-32259

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and...

6.7CVSS6AI score0.00096EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/12 7:35 p.m.3 views

CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References5
alpinelinux
alpinelinux
added 2026/03/12 7:33 p.m.5 views

CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References5
alpinelinux
alpinelinux
added 2026/03/12 7:17 p.m.3 views

CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

5.5CVSS5.8AI score0.00133EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/12 6:27 p.m.3 views

CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

8.2CVSS6.3AI score0.0218EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/12 2:51 p.m.10 views

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS6AI score0.00502EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/12 12:0 a.m.29 views

CVE-2025-70873

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file...

7.5CVSS5.8AI score0.00301EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3942

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00177EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3941

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00166EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.3 views

CVE-2026-3940

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

5.3CVSS5.8AI score0.00163EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.3 views

CVE-2026-3938

Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00171EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.4 views

CVE-2026-3934

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00187EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3931

Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.0025EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3929

Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.9AI score0.00164EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.3 views

CVE-2026-3923

Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.3 views

CVE-2026-3922

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 10:4 p.m.3 views

CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 7:15 p.m.4 views

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/03/11 5:9 p.m.2 views

CVE-2026-31853

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

5.7CVSS5.9AI score0.00093EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/11 3:54 p.m.2 views

CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/03/11 3:50 p.m.8 views

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

7.2CVSS5.8AI score0.00235EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/03/11 10:9 a.m.7 views

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS5.8AI score0.00715EPSS
Exploits2References4
alpinelinux
alpinelinux
added 2026/03/11 10:9 a.m.31 views

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS5.8AI score0.00302EPSS
Exploits1References5
alpinelinux
alpinelinux
added 2026/03/11 10:9 a.m.5 views

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS5.8AI score0.00333EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2026/03/11 10:8 a.m.7 views

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS5.8AI score0.00259EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/03/10 8:34 p.m.4 views

CVE-2025-66413

Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...

7.4CVSS5.8AI score0.00268EPSS
Exploits1References2
alpinelinux
alpinelinux
added 2026/03/10 6:53 p.m.7 views

CVE-2026-23868

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible...

7CVSS5.8AI score0.00144EPSS
Exploits0References27
alpinelinux
alpinelinux
added 2026/03/10 5:5 p.m.1 views

CVE-2026-26130

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.02818EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/10 5:5 p.m.1 views

CVE-2026-26127

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS6AI score0.02049EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/10 5:5 p.m.3 views

CVE-2026-26131

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00359EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/03/10 4:16 p.m.2 views

CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

9.8CVSS5.8AI score0.00364EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/03/10 4:15 p.m.4 views

CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

8.7CVSS5.8AI score0.01657EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/03/10 3:3 p.m.4 views

CVE-2026-3847

Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2...

8.8CVSS5.9AI score0.00308EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/03/10 3:3 p.m.4 views

CVE-2026-3846

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...

6.5CVSS5.8AI score0.00112EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/03/10 3:3 p.m.3 views

CVE-2026-3845

Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2...

8.8CVSS6AI score0.00442EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/03/09 9:50 p.m.3 views

CVE-2026-30937

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD X Windows encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of...

6.8CVSS6AI score0.00099EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/09 9:49 p.m.4 views

CVE-2026-30936

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operati...

5.5CVSS5.8AI score0.00106EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/09 9:48 p.m.4 views

CVE-2026-30935

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds rea...

4.4CVSS6AI score0.00105EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/09 9:47 p.m.4 views

CVE-2026-30931

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16...

7.8CVSS6AI score0.00108EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/09 9:46 p.m.2 views

CVE-2026-30929

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fix...

7.8CVSS6AI score0.00107EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/09 9:45 p.m.6 views

CVE-2026-30883

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

7.8CVSS5.8AI score0.00123EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/09 9:42 p.m.6 views

CVE-2026-28693

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

8.1CVSS5.8AI score0.00334EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/09 9:41 p.m.2 views

CVE-2026-28692

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

4.8CVSS5.8AI score0.00258EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/03/09 9:40 p.m.2 views

CVE-2026-28691

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

7.5CVSS5.8AI score0.00353EPSS
Exploits0
Total number of security vulnerabilities13035