Search Results (46116 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-71351 2 Mmaitre314, Picklescan 2 Picklescan, Picklescan 2026-06-22 N/A
picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute when pickle.load() is called.
CVE-2026-56403 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
libexpat before 2.8.2 has an integer overflow in storeAtts.
CVE-2026-56404 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
libexpat before 2.8.2 has an integer overflow in addBinding.
CVE-2026-56405 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
libexpat before 2.8.2 has an integer overflow in getAttributeId.
CVE-2026-56406 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
CVE-2026-56411 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.
CVE-2026-48138 1 Ni 2 Grpc-device, Instrumentstudio 2026-06-22 7.5 High
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.
CVE-2026-56410 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
CVE-2026-56409 1 Libexpat Project 1 Libexpat 2026-06-22 6.5 Medium
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
CVE-2026-56408 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
libexpat before 2.8.2 has an integer overflow in copyString.
CVE-2026-56407 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
CVE-2026-3195 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openshift 2026-06-22 7.4 High
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.
CVE-2026-3196 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openshift 2026-06-22 5.5 Medium
An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.
CVE-2026-44663 1 Academysoftwarefoundation 1 Openexr 2026-06-22 6.1 Medium
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in src/lib/OpenEXRCore/internal_ht.cpp leads to a heap-buffer overflow when decoding a crafted HTJ2K-compressed EXR file. decode->channels[i].width (int32_t) is multiplied by bytes_per_element in 32-bit signed arithmetic. With large widths (e.g., >= 536870912 for FLOAT data), this overflows, producing a corrupted offset that is later used for pointer arithmetic and can cause a heap out-of-bounds write. The same unchecked multiplication pattern appears in two other HTJ2K paths (bytes-per-line accumulation and pixel-line pointer advancement). As with related CVE-2026-34378 through CVE-2026-34589 fixes in other codecs, validating only after the multiplication is too late because the value may already be overflowed. This issue has been fixed in version 3.4.12.
CVE-2026-9265 1 Jonasbn 1 Crypt::openssl::pkcs12 2026-06-22 9.1 Critical
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.
CVE-2026-49252 1 Deepstreamio 1 Deepstream.io 2026-06-22 9.9 Critical
deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any record. This issue has been fixed in version 10.0.5.
CVE-2026-49336 1 Microsoft 1 Kiota-typescript 2026-06-22 N/A
@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, `@microsoft/kiota-http-fetchlibrary`'s `RedirectHandler` is documented as stripping `Authorization` and `Cookie` from cross-origin redirect targets, but the default `scrubSensitiveHeaders` callback in `RedirectHandlerOptions` uses case-sensitive property deletion (`delete headers.Authorization`, `delete headers.Cookie`) on a headers object that `FetchRequestAdapter.getRequestFromRequestInformation` has already lower-cased. The delete therefore targets keys that do not exist, the scrub is a no-op, and any Bearer token or Cookie attached by a kiota-generated SDK is forwarded to an attacker-controlled host across a 30x redirect. This is reachable in the default middleware chain (`MiddlewareFactory.getDefaultMiddlewares`) with no custom configuration, and applies to every kiota-generated TypeScript SDK that uses `BaseBearerTokenAuthenticationProvider` or any other authentication provider that sets the `Authorization` request header. Version 1.0.0-preview.102 patches the issue.
CVE-2026-56132 1 Libexpat Project 1 Libexpat 2026-06-22 6.9 Medium
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
CVE-2026-12032 1 Google 2 Android, Chrome 2026-06-22 3.1 Low
Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CVE-2026-49293 1 Sunnyadn 1 Js-toml 2026-06-22 7.5 High
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accumulator by the radix once per input digit. Each iteration performs a `BigInt * BigInt` operation on an accumulator that grows linearly with the number of digits already consumed, so the whole loop is O(n²) in the literal length. The lexer regex places no upper bound on the literal length, so a single TOML document containing one ~500 kB hex literal pins one CPU core for ~40 seconds on a modern laptop (Apple M-series, Node v22). Memory amplification is bounded but CPU amplification is severe and grows quadratically: doubling the literal length quadruples the work. A caller that invokes `load()` on attacker-controlled TOML (configuration upload endpoints, CI/CD systems ingesting third-party `*.toml`, IDE plugins, build tools) is exposed to a single-request CPU exhaustion DoS. Version 1.1.1 fixes the issue.