366309 matches found
CVE-2026-42568
CVE-2026-42568 affects YAMCS when LdapAuthModule is configured. The root cause is that the username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, enabling an authentication bypass (e.g., username=*) and potentially granting access to tokens for first matching ...
CVE-2026-47768
The Nebula Mesh advisory (GHSA-9PG3-25FQ-P6CC) details a vulnerability where an API key issued for an operator is exposed via a redirect URL after handleOperatorCreateAPIKey. Affected: all released Nebula Mesh versions up to v0.3.1. Root cause: after token mint, the raw 32-byte bearer token is pl...
CVE-2026-52726
Technical details about CVE-2026-52726 are not publicly provided in the supplied documents; monitor for updates.
CVE-2026-44693
Pi-hole FTL contains a race condition in the HTTP session management subsystem (global session buffer) introduced with the v6.0 CivetWeb rewrite, allowing unauthenticated session hijacking. It affects versions prior to 6.6.1 and is patched in 6.6.1. CVSS v3.1 is 8.8 (Network, Privileges None, Use...
CVE-2026-47734
Dulwich prior to 1.2.5 is vulnerable to an unbounded memory allocation in receive-pack when processing a crafted thin pack. A tiny push (~174 bytes) can declare a huge dest_size in the delta header, causing add_thin_pack / apply_delta to allocate hundreds of MB regardless of actual data. Impacted...
CVE-2026-53465
ImageMagick (affected prior to 7.1.2-25) contains a heap buffer overwrite in the SF3 encoder when encoding a multi-frame image. The issue, tracked as CVE-2026-53465, can impact availability (HIGH) with little-to-no confidentiality or integrity impact as per the provided metrics. The root cause is...
CVE-2026-53464
CVE-2026-53464 (ImageMagick) : A memory leak in the wand option parser occurs when invalid arguments are provided (pre-7.1.2-25). The issue is triggered locally by malformed wand options and results in a "Memory leak" with low attack complexity and no user interaction. The advisory states it has ...
CVE-2026-53463
CVE-2026-53463 affects ImageMagick's distort operation. When incorrect arguments are passed, a null pointer dereference can occur, potentially impacting availability. This issue is fixed in ImageMagick releases: 6.9.13-50 and 7.1.2-25. The CVSS metrics provided assign a Medium severity (score 4.3...
CVE-2026-53462
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-53461
ImageMagick contains an out-of-bounds heap write in the ICON decoder caused by an incorrect loop, affecting releases before 6.9.13-50 and 7.1.2-25. The vulnerability can lead to a crash (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is rated HIGH with network exploitation and no user interaction requi...
CVE-2026-53460
CVE-2026-53460 (ImageMagick) affects ImageMagick due to a missing check for maximum memory requests in AcquireAlignedMemory, which can trigger an out-of-Memory condition. Affected versions include pre-patch 6.9.13-50 and 7.1.2-25; patches fix in 6.9.13-50 and 7.1.2-25. The CVSS v3.1 base score is...
CVE-2026-47712
CVE-2026-47712 affects the Dulwich project (pure-Python Git implementation). The issue: porcelain.format_patch(outdir=...) derives patch file names from the commit subject, allowing a crafted subject to steer the created patch file outside the requested outdir. The root cause: get_summary previou...
CVE-2026-49219
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-49218
ImageMagick’s CVE-2026-49218 describes a policy bypass in the DCM decoder that could produce images with invalid dimensions, potentially causing crashes in other operations. Affected versions prior to 6.9.13-48 and 7.1.2-24 are vulnerable due to a missing check in the DCM decoder. The issue has b...
CVE-2026-48994
CVE-2026-48994 affects ImageMagick MAT decoder on 32-bit systems due to a missing check of a return value, leading to a heap buffer over-write. Affected versions prior to patch: 6.9.13-48 and 7.1.2-24; patches are available in those versions. CVSSv3.1 base score: 5.9 (Network, high complexity, no...
CVE-2026-48734
ImageMagick CVE-2026-48734 affects the MVG decoder and causes a stack overflow due to a missing depth or visited-set check. Affected versions are prior to 6.9.13-49 and 7.1.2-24. The issue can lead to denial of service with a crafted MVG file that exploits the stack overflow. The CVSS data indica...
CVE-2026-42305
Dulwich (pure-Python Git implementation) versions before 1.2.5 on Windows are vulnerable to an arbitrary file write via NTFS-hostile tree entries, causing remote code execution when cloning or checking out a malicious repository. Root cause: path-element validation allowed filenames that Windows ...
CVE-2024-21944
CVE-2024-21944 maps to an AMD SEV-SNP/ASP issue where SPD metadata can be improperly validated. Research show BadRAM-style exploits that can cause a memory module to misreport size, enabling a local attacker with ring0 or physical access to overwrite guest memory and compromise guest data integri...
CVE-2026-48733
ImageMagick suffers an infinite loop in subimage-search when processing a crafted image, potentially causing a denial of service. The vulnerability affects 6.9.13-49 and 7.1.2-24 before the patch; patched versions are 6.9.13-49 and 7.1.2-24. Attack vector is local with user interaction required; ...
CVE-2026-48724
ImageMagick (CVE-2026-48724) fixes a heap buffer underwrite in Floyd‑Steinberg depth dithering when processing images with a mask. Affected versions prior to 7.1.2-24 are vulnerable; the issue is patched in 7.1.2-24. CVSSv3.1 base score 5.5 (Medium) with Local attack vector, Low attack complexity...
CVE-2026-47166
Summary (CVE-2026-47166) ImageMagick’s distributed pixel cache server is vulnerable to a heap buffer over-read when a privileged, local attacker can connect to the magick -distribute-cache service. This flaw could lead to information disclosure (and potential DoS) in affected server processes. Th...
CVE-2026-47165
ImageMagick CVE-2026-47165 (and CVE-2026-47166) affect versions prior to 6.9.13-48 and 7.1.2-23 where the distributed pixel cache lacked a challenge–response authentication model, enabling local attackers with high privileges to access sensitive pixel data. Additionally, CVE-2026-47166 describes ...
CVE-2026-46693
Summary : CVE-2026-46693 affects ImageMagick’s distributed pixel cache server. A race condition can allow a privileged attacker who can connect to a magick -distribute-cache service to hijack a file descriptor in the server process. The issue is specifically tied to the distributed cache mechanis...
CVE-2026-42563
CVE-2026-42563 affects the Python package Dulwich (versions
CVE-2026-46692
CVE-2026-46692 affects ImageMagick via a heap buffer over-write in the distributed pixel cache server when a client connects to magick -distribute-cache. The CVE entry notes this vulnerability and states fixes have been applied in ImageMagick versions 6.9.13-48 and 7.1.2-23, addressing the issue....
CVE-2026-46559
ImageMagick CVE-2026-46559 is a JP2 encoder heap buffer over-write of a single byte triggered by certain options. Affected versions are 6.9.13-47 and earlier and 7.1.2-22 and earlier; patch applied in 6.9.13-48 and 7.1.2-23. This CVE has a CVSSv3.1 base score of 4.0 (Medium), with LOCAL attack ve...
CVE-2026-46557
ImageMagick (fx operation) is affected by CVE-2026-46557 due to a missing depth check that can cause a stack overflow when processing crafted inputs. Affected versions are pre-7.1.2-23 (and related Debian/OSV entries reference the same issue); the vulnerability is fixed in 7.1.2-23. Exploitation ...
CVE-2026-46521
CVE-2026-46521 affects ImageMagick: a heap buffer over-write in the MIFF encoder when using LZMA compression due to a missing check. Exploitation is local with low complexity and requires user interaction, potentially impacting availability. A patch is available: fixed in ImageMagick versions 6.9...
CVE-2026-42558
CVE-2026-42558 affects Xibo CMS (prior to 4.4.2). A vulnerability chain combining Stored XSS and an Iframe sandbox escape via the Data Connector Script in DataSet can be exploited by an authorized user who has DataSet permissions and the ability to add DataSets to layouts. The issue requires the ...
CVE-2026-46520
ImageMagick contains a vulnerability (CVE-2026-46520) where reading multiple images with differing dimensions can trigger an out-of-bounds heap write in the IPL decoder. Affected releases prior to the patch are 6.9.13-48 and 7.1.2-23; the issue is fixed in those versions. The CVSS metrics indicat...
CVE-2026-45664
ImageMagick (MNG coder) contains a vulnerability (CVE-2026-45664) that could allow reading more images than the list-limit policy, leading to excessive resource usage. The issue, caused by a missing check in the MNG coder, has been patched in ImageMagick versions 6.9.13-47 and 7.1.2-22. Affected ...
CVE-2026-46522
CVE-2026-46522 : ImageMagick’s MIFF decoder contains a missing input-length check in ReadMIFFImage, causing an infinite loop that can exhaust CPU. This affects pre-fix releases prior to 7.1.2.23 and 6.9.13-48. The issue’s impact is CPU exhaustion (availability) as described in multiple advisories...
CVE-2026-45624
CVE-2026-45624 affects ImageMagick; in versions prior to 6.9.13-47 and 7.1.2-22, a polynomial distortion can trigger an out-of-bounds over-read of 24 bytes when using specific arguments. The issue is a root-cause in the distortion implementation and can lead to information disclosure via a memory...
CVE-2026-45359
CVE-2026-45359 (ImageMagick) : A flaw in the connected-components operation arises from an invalid keep-top value, which can cause a heap buffer over-read. This affects ImageMagick versions prior to 6.9.13-48 and 7.1.2-22. The issue is mitigated by the patched releases 6.9.13-48 and 7.1.2-22. Upg...
CVE-2026-45358
CVE-2026-45358 concerns ImageMagick, where an off-by-one in the meta encoder can cause an out-of-bounds read of a single byte. Affected releases include 6.9.13-46, 7.1.2-21 and earlier; it has been patched in 6.9.13-47 and 7.1.2-22. Other CVEs in the related advisories (e.g., CVE-2026-42326, CVE-...
CVE-2026-42326
ImageMagick contains CVE-2026-42326: a heap buffer over-read in the IPTC encoder when handling input during IPTC output file writing. Affected are ImageMagick versions prior to 6.9.13-47 and 7.1.2-22. The issue has been patched in 6.9.13-47 and 7.1.2-22. Upgrade to those versions (or newer) to re...
CVE-2026-45031
CVE-2026-45031 affects ImageMagick via a missing check in the PSD decoder that could bypass the list-length resource policy when decoding PSD images. The issue is specifically noted for versions prior to 6.9.13-47 and 7.1.2-22, with a patch applied in those two release lines. Connected sources al...
CVE-2026-2049
CVE-2026-2049 is a heap-based buffer overflow in HDR file parsing within gegl (used by GIMP) caused by insufficient validation of the length of user-supplied data. This can lead to remote code execution when a user opens a malicious HDR file or visits a crafted page, as indicated by the CVSS vect...
CVE-2026-46523
CVE-2026-46523 : ImageMagick contains a use-after-free in the MSL decoder that can be triggered by a crafted MSL image. Affected builds prior to 7.1.2.23 and 6.9.13-48 are vulnerable; the issue is fixed in 7.1.2.23 and 6.9.13-48. The CVSS indicates a low attack complexity, local access, and high ...
CVE-2026-46625
CVE-2026-46625 concerns the JavaScript Cookie library (js-cookie) prior to 3.0.7. A per-instance prototype hijack occurs in the internal assign() when merging properties from a source object produced by JSON.parse that may include an own enumerable proto key. This polluted prototype leads to atta...
CVE-2026-45783
CVE-2026-45783 pertains to libp2p’s Kad-DHT (JavaScript) implementation. Before version 16.2.6, an unauthenticated remote peer can flood a server-mode Kad-DHT node with unbounded PUT_VALUE messages, whose keys bypass content validation, causing the node’s datastore to exhaust disk space and rende...
CVE-2026-46679
CVE-2026-46679 affects the JS implementation of libp2p gossipsub. Three omissions in the default gossipsub logic allow an unauthenticated peer to flood subscriptions and exhaust the Node.js heap, causing memory DoS and potential OOM. The issue arises from an unbounded this.topics map, unbounded p...
CVE-2026-11604
CVE-2026-11604 concerns OpenVPN ovpn-dco-win, where an incorrect buffer size calculation in the epoch key generator (versions 2.0.0–2.8.3) can be abused by a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, causing a denial ...
CVE-2026-0274
Technical details (affected products, versions, root cause, exploit information) are not publicly provided in the supplied documents. Monitor for updates from official advisories and NVD entries.
CVE-2026-0273
CVE-2026-0273 is a command injection vulnerability in Palo Alto Networks PAN-OS software that allows an authenticated administrator to bypass system restrictions and execute arbitrary commands as root. The issue affects PAN-OS on PA-Series and VM-Series firewalls and Panorama , with access requir...
CVE-2026-0272
Technical details for CVE-2026-0272 are not publicly provided in the supplied documents beyond a general description of privilege escalation in PAN-OS CLI. Monitor for updates; no specifics on vulnerable component, affected versions, or fixes are present.
CVE-2026-0271
CVE-2026-0271 describes a privilege escalation vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux. A local user can execute code with elevated privileges, as indicated by the entry. Affected product: Prisma Access Agent (Linux). Impact per metrics: high impact to confidentia...
CVE-2026-0270
Palo Alto Networks Cortex XSOAR engine running on Linux is vulnerable to a path traversal issue that could allow an unauthenticated attacker in an adjacent network, via MITM-enabled interception of network responses, to write arbitrary files to the host. The vulnerability affects the Cortex XSOAR...
CVE-2026-0269
CVE-2026-0269 describes a memory corruption vulnerability in the tunnel traffic processing path of Palo Alto Networks PAN-OS software. An authenticated user can trigger system reboots by sending a maliciously crafted packet, and repeated attempts may cause the firewall to enter maintenance mode. ...
CVE-2026-0268
Prisma Access Agent for Linux contains a local authentication bypass that enables a local attacker to route traffic outside the VPN tunnel. The issue is limited to Linux; Windows, macOS, iOS, Android, and ChromeOS variants are not affected. The CVE entry notes a local attack vector with low privi...