206772 matches found
CVE-2026-59197
A flaw was found in Pillow prior to 12.3.0. The public RankFilter API can trigger a native heap out-of-bounds write when given a very large odd filter size. ImageFilter.RankFilter.filter calls image.expandsize // 2, size // 2 before rank-filter size validation, and ImagingExpand computes output...
CVE-2026-15945
A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions FGAP v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group the...
CVE-2026-43731
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, leading to memory corruption...
CVE-2026-43745
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds write due to improper input validation, resulting in an unexpected process crash...
CVE-2026-43740
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, leading to disclosure of process memory...
CVE-2026-43742
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43734
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43732
A flaw was found in WebKitGTK. Processing maliciously crafted web content can disclose sensitive user information due to a path handling issue that was addressed with improved validation...
CVE-2026-43727
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43721
A flaw was found in WebKitGTK. A malicious website can silently hijack clipboard data due to improper state management...
CVE-2026-43726
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43713
A flaw was found in WebKitGTK. Visiting a website can leak sensitive data due to a permissions issue that was addressed with additional restrictions...
CVE-2026-43712
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds write due to improper memory handling, resulting in an unexpected process crash...
CVE-2026-43720
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43716
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...
CVE-2026-43707
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger memory corruption due to improper memory handling, resulting in an unexpected process crash...
CVE-2026-43676
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds read due to improper bounds checking, resulting in an unexpected process crash...
CVE-2026-43699
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43663
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...
CVE-2026-39872
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...
CVE-2026-43715
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, leading to memory corruption...
CVE-2026-43725
A flaw was found in WebKitGTK. A malicious website can process restricted web content outside the sandbox due to improper input validation, potentially allowing access to resources that should be restricted...
CVE-2026-43701
A flaw was found in WebKitGTK. A malicious website can process restricted web content outside the sandbox due to improper checks, potentially allowing access to resources that should be restricted...
CVE-2026-43705
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a type confusion due to improper checks, leading to memory corruption...
CVE-2026-33382
A flaw in Grafana's API endpoints allows remote attackers to send excessively large request bodies without authentication. This exhausts server memory, resulting in a complete denial of service DoS. Mitigation Deploy a reverse proxy or API gateway e.g., Nginx in front of Grafana configured to...
CVE-2026-59884
A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...
CVE-2026-8609
A flaw was found in Grafana. An unauthenticated attacker can repeatedly access the OAuth login route with unique values. This can lead to unbounded memory growth, eventually exhausting system memory and causing the Grafana instance to crash. This results in a denial of service for legitimate user...
CVE-2026-5674
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...
CVE-2026-30623
A flaw was found in LiteLLM. This vulnerability allows a remote attacker to execute arbitrary operating system commands on the host where LiteLLM is running. This is possible because the application's MCP server creation functionality processes JSON configurations that can include unvalidated...
CVE-2026-38974
A flaw was found in Dulwich. The contrib/paramikovendor.py component is missing Secure Shell SSH host key verification. This vulnerability allows a remote attacker to impersonate a legitimate Git server. By doing so, the attacker could potentially intercept sensitive information or execute...
CVE-2026-58659
A flaw was found in PyTorch Lightning. This vulnerability allows attackers to achieve remote code execution by crafting malicious checkpoint files. These files exploit a weakness in the loadstate function, which imports and executes attacker-controlled module names from checkpoint instantiator...
CVE-2026-60082
A flaw was found in perl-DBI, a database interface for Perl. This vulnerability arises when the DBI library processes inconsistent data, specifically when a statement handle lacks fields but is associated with a non-empty data row. This inconsistency can cause the internal row-buffer to attempt...
CVE-2026-60081
A flaw was found in DBI::ProfileData, a Perl module. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a specially crafted input. The flaw exists because the software does not properly limit the path index when processing profile dump files, which can lead to...
CVE-2026-15043
A flaw was found in DBI::SQL::Nano, a mini-SQL engine for Perl. This vulnerability occurs because the engine incorrectly evaluates SQL operators for text comparisons, specifically inverting the logic for "less than or equal to" and "greater than or equal to" operations. This can lead to...
CVE-2026-15392
A flaw was found in DBD::File. The completetablename method, responsible for building absolute table file paths, does not verify if the file is a symbolic link. This oversight allows a local attacker to create a symbolic link within the data directory that points to an arbitrary file outside of t...
CVE-2026-45363
A flaw was found in ruby-jwt, a Ruby implementation of the RFC 7519 OAuth JSON Web Token JWT standard. A remote attacker can exploit this vulnerability by crafting a malicious token that is accepted due to an empty key being used in the HMAC Hash-based Message Authentication Code digest calculati...
CVE-2026-54058
A flaw was found in Pillow prior to 12.3.0. When an uncompressed McIdas AREA image is loaded from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width. Pixel access such as Image.tobytes, getpixel, convert, or save ca...
CVE-2026-59199
A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit a vulnerability in the library's image processing functions, specifically when handling image coordinates near certain limits. This flaw, a native heap out-of-bounds write, could lead to a denial of service DoS,...
CVE-2026-59200
A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit a vulnerability in the PdfParser.PdfStream.decode function when processing a crafted FlateDecode PDF stream. By providing a specially designed PDF file, the attacker could cause the application to exhaust...
CVE-2026-8595
A flaw in Grafana allows authenticated 'Editor' users to inject malicious scripts into a table panel's field names. Viewing the compromised dashboard executes the script in the victim's browser, risking data theft or client-side attacks...
CVE-2026-61863
A flaw was found in ImageMagick. When processing a Tagged Image File Format TIFF image, a small memory leak can occur if the TIFF encoder is unable to create a temporary file. This can lead to a gradual consumption of system memory, potentially impacting the availability of the application...
CVE-2026-61872
A flaw was found in ImageMagick. A local user can exploit this vulnerability by supplying malformed tile geometry parameters to the TIFF encoder. This can cause a memory leak, preventing allocated memory from being released. The primary consequence is increased memory consumption, which may lead ...
CVE-2026-61859
A flaw was found in ImageMagick. A local attacker with low privileges can exploit a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows the attacker to read files from paths that are otherwise disallowed by the configured security policy, leadin...
CVE-2026-61868
A flaw was found in ImageMagick. A remote attacker could exploit a memory leak in the YUV decoder when processing a specially crafted image file. Repeatedly triggering this flaw can lead to resource exhaustion, resulting in a denial of service for the application. Mitigation Do not process...
CVE-2026-61871
A flaw was found in ImageMagick. A remote attacker could exploit a memory leak in the ICON decoder by providing a specially crafted ICON file. When the file is processed, a memory allocation failure occurs, leading to memory exhaustion. This can result in a denial of service DoS, making the...
CVE-2026-61866
A flaw was found in ImageMagick. A memory leak vulnerability exists in the JNG JPEG Network Graphics encoder when the application fails to open a blob. A remote attacker could exploit this by providing specially crafted malformed JNG files, leading to resource exhaustion and a denial of service D...
CVE-2026-61864
A flaw was found in ImageMagick. When processing image transformations to the log colorspace, a memory leak can occur if the operation fails. This vulnerability, which can be triggered by a local attacker without requiring special privileges or user interaction, may lead to a denial of service du...
CVE-2026-61862
A flaw was found in ImageMagick. When a user displays an image profile using the identify command with debug output enabled, a vulnerability allows for information disclosure. This occurs due to an out-of-bounds read, where a single byte beyond the profile's boundary can be unintentionally printe...
CVE-2026-61869
A flaw was found in ImageMagick. A memory leak in the Magick Image File Format MIFF encoder can occur when the software attempts to process an image and a memory allocation fails. This vulnerability allows an attacker to cause a denial of service DoS by exhausting system resources. Mitigation Do...
CVE-2026-61860
A flaw was found in ImageMagick. This vulnerability, a use-after-free, occurs when the freetype library fails to initialize, causing the software to continue processing with freed memory. A remote attacker could exploit this during image processing, leading to a denial of service DoS condition,...