206382 matches found
CVE-2026-54060
A flaw was found in Pillow, a Python imaging library. When processing a specially crafted font file, the library's font compilation function does not adequately check for excessive memory allocation. This oversight allows a remote attacker to trigger an unreasonable consumption of system memory,...
CVE-2026-54502
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without...
CVE-2026-54500
A flaw was found in Oj Optimized JSON, a Ruby gem. When parsing a specially crafted JSON object with a key 254 bytes or longer using Oj.load in :object mode, an attacker can trigger a read of uninitialized stack memory. This vulnerability, an out-of-bounds read CWE-125, can lead to information...
CVE-2026-54901
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...
CVE-2026-54898
A flaw was found in Oj, a Ruby library designed for efficient JSON JavaScript Object Notation parsing. This vulnerability, a heap use-after-free, occurs when a specific function, called a callback, modifies the input JSON string during the parsing process. This action can lead to the program...
CVE-2026-54902
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...
CVE-2026-54900
A flaw was found in Oj, a Ruby gem for JSON parsing. When processing a specially crafted JSON object key of a specific length 65,535 bytes in usual mode with createid enabled, an integer truncation vulnerability occurs. This leads to a negative size being passed to the memcpy function, causing he...
CVE-2026-54592
A flaw was found in Oj, a Ruby gem for JSON parsing. A remote attacker can exploit this vulnerability by providing a deeply nested JSON document. This can lead to a stack buffer overflow in the Oj::Doceachchild function, causing the process to abort and resulting in a denial of service DoS for th...
CVE-2026-54903
A flaw was found in Oj, an Optimized JSON JavaScript Object Notation parser for Ruby. This vulnerability allows a remote attacker to cause heap corruption and a denial of service DoS by providing a JSON string larger than 2 gigabytes GB. An integer overflow occurs when processing the string lengt...
CVE-2026-54897
A flaw was found in Oj Optimized JSON, a Ruby gem for parsing JSON. This vulnerability, categorized as a heap use-after-free CWE-416, occurs in the Oj::Doc iterators, specifically eachvalue, eachchild, and eachleaf. An attacker could exploit this when a Ruby code block, executed during iteration,...
CVE-2026-54896
A flaw was found in Oj Optimized JSON, a Ruby gem used for processing JSON data. This vulnerability occurs when the software attempts to serialize convert into a format for storage or transmission Exception objects with a very large indentation setting. The internal process for handling this...
CVE-2026-55380
A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit this vulnerability by providing a specially crafted GD 2.x image file. The GdImageFile.open function reads image dimensions without proper validation, leading to excessive memory allocation. This can result in a...
CVE-2026-54899
A flaw was found in Oj Optimized JSON, a Ruby gem for parsing JSON. When a Oj::Parser instance is reused and its symbolkeys setting is toggled from true to false, a heap use-after-free vulnerability occurs. This happens because the internal key cache is freed but its pointer is not cleared,...
CVE-2026-11610
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...
CVE-2026-14476
A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...
CVE-2026-14474
A flaw was found in SSSD's LDAP sudo provider. When the ldapsudosearchbase option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo...
CVE-2026-55379
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted BDF font file. The library's image processing function fails to properly validate dimensions from the font file, bypassing a critical...
CVE-2026-14684
A flaw was found in HdrHistogram. A local attacker can exploit a vulnerability in the decodeFromByteBuffer function by manipulating the numberOfSignificantValueDigits argument. This manipulation leads to uncontrolled memory allocation, which can result in a Denial of Service DoS condition, making...
CVE-2026-8924
A flaw was found in curl's cookie parsing logic. A malicious HTTP server can exploit this by setting 'super cookies' that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl then transmits to unrelated third-party domains, leading to...
CVE-2026-14604
A flaw was found in Open Asset Import Library Assimp. This vulnerability, a double free, exists within the PLY Model Handler component. A remote attacker could exploit this flaw by manipulating PLY model files, leading to a denial of service and making the application unavailable. Mitigation To...
CVE-2026-11352
A flaw was found in curl and libcurl. A malicious HTTP/3 server can exploit an issue in the QUIC UDP receive function by continuously streaming empty UDP datagrams. This can lead to a remote denial of service DoS against a curl or libcurl client, as the helper function discards zero-length UDP...
CVE-2026-11586
A flaw was found in curl. A malicious server can exploit this vulnerability by sending rapid, sequential WebSocket PING messages. Due to a lack of an upper bound on memory allocation for unacknowledged frames, curl can be forced to exhaust all available memory, leading to a denial of service...
CVE-2026-12064
A flaw was found in curl. When a user invokes curl with a schemeless URL and specifies SFTP SSH File Transfer Protocol or SCP Secure Copy Protocol as the default protocol, the tool layer fails to initialize critical SSH security options. This bypasses host verification, allowing curl to connect t...
CVE-2026-14570
A flaw was found in Crypt::DSA. Versions before 1.22 for Perl use a biased random number generator when creating the Digital Signature Algorithm DSA signing nonce and private key. This bias allows a remote attacker to recover the private key through a lattice attack if they collect a sufficient...
CVE-2026-8286
A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...
CVE-2026-8925
A flaw was found in curl. The logic handling SASL Simple Authentication and Security Layer authentication could lead to a double-free vulnerability. This occurs because the GSASL context may be deallocated twice without clearing the pointer, potentially leading to memory corruption. An attacker...
CVE-2026-8927
A flaw was found in libcurl. When reusing a libcurl handle for sequential transfers with environment-variable proxy configuration, the library does not properly clear the proxy authentication state. This oversight can lead to the unintended disclosure of Proxy-Authorization headers to an incorrec...
CVE-2026-8926
A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...
CVE-2026-9079
A flaw was found in curl. When libcurl is instructed to clear proxy authentication credentials, it fails to do so, leaving the old credentials available. This could lead to the unintended reuse of sensitive proxy authentication credentials for subsequent network transfers, potentially resulting i...
CVE-2026-8932
A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...
CVE-2026-13769
A flaw was found in AWS CLI. Overly permissive file permissions on Unix-like systems, where the umask has not been configured to restrict file permissions, may allow other local users on the same host to read credentials. This occurs when certain AWS CLI subcommands, such as aws codeartifact logi...
CVE-2026-9080
A flaw was found in libcurl. When curleasypause is called within the event-based CURLMOPTSOCKETFUNCTION callback, a use-after-free vulnerability is triggered. This occurs because libcurl attempts to store a flag using a pointer to memory that has already been freed. An attacker could potentially...
CVE-2026-9545
A flaw was found in libcurl. An attacker can exploit this by replacing a legitimate HTTP/3 server with an impostor machine. When libcurl attempts a second transfer to the same site with a cached SSL session and early data enabled, it may send sensitive request data before verifying the server's...
CVE-2026-9546
A flaw was found in libcurl. This vulnerability causes the HTTP Referer header to persist even after it has been explicitly cleared. This can lead to the previous referrer string being unintentionally reused and sent in subsequent requests, potentially disclosing sensitive information to unintend...
CVE-2026-14761
A flaw was found in radare2. This vulnerability, an integer overflow, exists within the rstrndup and rstrappend functions. A local attacker could exploit this flaw by manipulating these string handling operations, potentially leading to a denial of service DoS condition...
CVE-2026-14786
A flaw was found in radareorg radare2. A local attacker could exploit an integer overflow vulnerability in the rstrwordget0set function. This flaw could lead to a denial of service DoS, making the affected system or application unavailable to legitimate users...
CVE-2026-14758
A flaw was found in radareorg radare2. A local attacker can exploit an integer overflow vulnerability within the hexpairs parser, specifically in the cmdanalopcode function. This manipulation can lead to an integer overflow, potentially causing a denial of service DoS condition...
CVE-2026-14787
A flaw was found in radareorg radare2. A local user can exploit an integer overflow vulnerability by manipulating the cmdprint function in the libr/core/cmdprint.inc library. This manipulation causes an integer overflow, leading to a denial of service DoS...
CVE-2026-14789
A flaw was found in radare2. A local attacker can exploit a stack-based buffer overflow vulnerability in the Memory64ListStream Parser component by manipulating its functionality. This manipulation can lead to a denial of service DoS due to memory corruption...
CVE-2026-59089
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...
CVE-2026-9547
A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...
CVE-2026-56140
A flaw was found in the Apache Camel AWS SNS component camel-aws2-sns. An improper input validation vulnerability exists in the Sns2HeaderFilterStrategy due to a missing inbound filter rule. However, this component is producer-only, meaning it does not process external messages in a way that woul...
CVE-2026-55180
A flaw was found in pnpm and pacquet. A malicious repository could exploit this vulnerability by crafting specific .npmrc or pnpm-workspace.yaml files. When these package managers process these files, they improperly expand environment variable placeholders, leading to the disclosure of sensitive...
CVE-2026-50573
A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass package integrity checks during the pnpm install process when operating in non-frozen mode. If a malicious package registry serves altered content for a locked package, pnpm may accept this new...
CVE-2026-50014
A flaw was found in pnpm, a package manager. An attacker could exploit this vulnerability by providing a malicious lockfile, which could lead to arbitrary code execution. This occurs because pnpm incorrectly processes git dependency information, allowing a crafted input to execute unauthorized...
CVE-2026-50017
A flaw was found in pnpm, a package manager. This vulnerability allows pnpm to send user-level unscoped npm authentication credentials to a registry specified by a repository-local .npmrc file. During normal pnpm operations, the user's authentication token, intended for their default registry, ca...
CVE-2026-55699
A flaw was found in pnpm, a package manager. When a malicious package with specially crafted manifest bin object keys such as "." or ".." is installed globally, subsequent package management operations like removal, update, or replacement could lead to the deletion of critical directories. This...
CVE-2026-55697
A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by crafting a malicious repository that declares a configDependency in its pnpm-workspace.yaml file. When a user installs packages from this repository, pnpm improperly treats the declared dependency a...
CVE-2026-55487
A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass security checks by manipulating how package source strings are processed. By crafting a specially designed source string, an attacker could trick the system into approving and using a malicious...
CVE-2026-48995
A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to serve malicious software packages if the codeload.github.com server is compromised or a user's machine configuration is tampered with. The issue arises because pnpm does not verify the integrity of...