Lucene search
+L
AlpinelinuxRecent

13035 matches found

alpinelinux
alpinelinux
added 2026/02/20 10:23 p.m.3 views

CVE-2026-2048

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

7.8CVSS7.6AI score0.00622EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/02/20 10:10 p.m.2 views

CVE-2026-0797

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.01157EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/02/20 8:52 p.m.2 views

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

9.8CVSS5.9AI score0.02213EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/02/20 2:33 a.m.4 views

CVE-2026-26993

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

5.4CVSS6AI score0.0028EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/02/20 1:7 a.m.7 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.7AI score0.00288EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/02/20 12:26 a.m.5 views

CVE-2026-26967

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL...

9.3CVSS5.6AI score0.0029EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/19 10:27 p.m.6 views

CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

3.7CVSS5.5AI score0.00197EPSS
Exploits2References3
alpinelinux
alpinelinux
added 2026/02/19 9:22 p.m.4 views

CVE-2026-26315

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

7.5CVSS6.1AI score0.00447EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/19 9:15 p.m.6 views

CVE-2026-26314

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth...

8.7CVSS6.1AI score0.0058EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/19 9:7 p.m.4 views

CVE-2026-26313

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...

7.5CVSS6.1AI score0.00578EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/19 7:28 p.m.8 views

CVE-2026-26203

PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked...

6.5CVSS5.7AI score0.00101EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/18 9:39 p.m.4 views

CVE-2026-2650

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.00493EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/18 9:39 p.m.4 views

CVE-2026-2648

Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Chromium security severity: High...

8.8CVSS5.9AI score0.00481EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/18 9:39 p.m.4 views

CVE-2026-2649

Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.7AI score0.00642EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/18 8:28 p.m.4 views

CVE-2025-12343

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnnbackendtf.c source file. The issue occurs in the dnnexecutemodeltf function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free conditio...

5.5CVSS6.9AI score0.00149EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/02/18 5:45 p.m.7 views

CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

10CVSS6.5AI score0.0079EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/02/18 2:17 p.m.5 views

CVE-2026-27100

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...

4.3CVSS5.6AI score0.00333EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/02/18 2:17 p.m.5 views

CVE-2026-27099

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

8CVSS5.1AI score0.00505EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/02/18 2:36 a.m.4 views

CVE-2026-27171

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...

5.5CVSS5.4AI score0.00204EPSS
Exploits1References5
alpinelinux
alpinelinux
added 2026/02/17 6:53 p.m.4 views

CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

7.5CVSS6.6AI score0.00498EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/16 8:54 p.m.7 views

CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

7.5CVSS5.9AI score0.00295EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/16 2:13 p.m.3 views

CVE-2026-2447

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2...

8.8CVSS6AI score0.006EPSS
Exploits0References4
alpinelinux
alpinelinux
added 2026/02/16 2:13 p.m.13 views

CVE-2026-2032

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/02/13 7:18 p.m.4 views

CVE-2026-26269

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in specialkeys in...

7.5CVSS5.9AI score0.00284EPSS
Exploits0References4
alpinelinux
alpinelinux
added 2026/02/13 6:27 p.m.4 views

CVE-2026-2441

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.2202EPSS
Exploits12
alpinelinux
alpinelinux
added 2026/02/12 9:37 p.m.3 views

CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.4AI score0.00364EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/12 8:1 p.m.14 views

CVE-2026-25949

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

7.5CVSS5.7AI score0.00709EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/02/12 7:6 p.m.6 views

CVE-2026-24044

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

9.2CVSS5.6AI score0.00278EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/12 1:0 p.m.40 views

CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

8.2CVSS5.8AI score0.00481EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/12 1:0 p.m.7 views

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

8.8CVSS6.4AI score0.01079EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/12 1:0 p.m.5 views

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.4AI score0.01208EPSS
Exploits3
alpinelinux
alpinelinux
added 2026/02/12 1:0 p.m.5 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.1AI score0.00785EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/12 1:0 p.m.5 views

CVE-2026-2003

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

4.3CVSS5.5AI score0.00281EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/12 8:49 a.m.4 views

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.5AI score0.00239EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/02/12 8:49 a.m.11 views

CVE-2026-21722

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.4AI score0.00327EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/02/11 9:14 p.m.4 views

CVE-2026-26012

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References2
alpinelinux
alpinelinux
added 2026/02/11 8:56 p.m.7 views

CVE-2026-25994

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames...

9.8CVSS5.7AI score0.01927EPSS
Exploits3
alpinelinux
alpinelinux
added 2026/02/11 8:53 p.m.6 views

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

8.6CVSS6.4AI score0.00367EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/02/11 6:8 p.m.4 views

CVE-2026-2319

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. Chromium security severity: Medium...

7.5CVSS5.6AI score0.00204EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/11 6:8 p.m.2 views

CVE-2026-2320

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.0021EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/11 6:8 p.m.4 views

CVE-2026-2317

Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.6AI score0.00199EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/11 6:8 p.m.4 views

CVE-2026-2316

Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.6AI score0.00225EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/11 6:8 p.m.3 views

CVE-2026-2315

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.6AI score0.08272EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/11 3:27 p.m.7 views

CVE-2025-12474

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

4.4CVSS5.4AI score0.00101EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/11 3:19 p.m.3 views

CVE-2026-1837

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...

8.8CVSS5.8AI score0.00199EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/02/10 9:42 p.m.5 views

CVE-2026-26007

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...

8.2CVSS5.8AI score0.00341EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/10 5:51 p.m.6 views

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

7.5CVSS5.5AI score0.01015EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/10 5:4 p.m.15 views

CVE-2026-25646

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...

8.3CVSS5.5AI score0.00955EPSS
Exploits1References55
alpinelinux
alpinelinux
added 2026/02/10 4:25 p.m.4 views

CVE-2025-31648

Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local...

3.9CVSS5.4AI score0.00133EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/02/10 2:32 p.m.4 views

CVE-2025-15571

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed public...

5.5CVSS5.5AI score0.00158EPSS
Exploits1References6
Total number of security vulnerabilities13035