Skip to main content

Red Hat

8625 CVEs vendor

Monthly

CVE-2026-3909 HIGH POC KEV PATCH THREAT Act Now

Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers.

Buffer Overflow Memory Corruption Google Chrome Red Hat +1
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2026-30853 MEDIUM PATCH This Month

Arbitrary file write vulnerability in Calibre's RocketBook input plugin enables attackers to write files to any location accessible by the Calibre process when a user opens or converts a malicious .rb file. The path traversal flaw affects versions prior to 9.5.0 and represents an unpatched instance of the same vulnerability class previously fixed in the PDB reader component. Local attackers can leverage this to corrupt files, modify configuration, or potentially achieve code execution depending on file system permissions.

Path Traversal Calibre Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-31899 PyPI HIGH PATCH GHSA This Week

Denial of service vulnerability in CairoSVG (Python SVG rendering library) caused by exponential amplification through recursive <use> SVG elements without depth limits. An attacker can cause 100% CPU exhaustion indefinitely with a tiny 1,411-byte SVG file, affecting any service that processes SVG input (thumbnails, PDFs, avatars). A working proof-of-concept is publicly available, patches have been released, and while not in KEV, the vulnerability has a 7.5 CVSS score with network-based, unauthenticated exploitation.

Denial Of Service Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31885 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.0 contain an out-of-bounds read vulnerability in MS-ADPCM and IMA-ADPCM audio decoders that allows unauthenticated remote attackers to read sensitive information from process memory. The vulnerability affects all FreeRDP installations using these audio codecs; an attacker can trigger the flaw by providing specially crafted audio data during RDP session establishment, potentially disclosing confidential data such as credentials or session tokens without requiring privileges or interaction beyond basic RDP connection initiation.

Buffer Overflow Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31884 MEDIUM PATCH This Month

A denial of service vulnerability in FreeRDP (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31883 MEDIUM PATCH This Month

Size_t integer underflow vulnerability in FreeRDP's IMA-ADPCM and MS-ADPCM audio decoders that triggers a heap buffer overflow write via the RDPSND audio channel. All FreeRDP versions prior to 3.24.0 are affected. An unauthenticated remote attacker can exploit this vulnerability over the network without user interaction to cause information disclosure and data corruption, though not denial of service based on the CVSS impact ratings.

Buffer Overflow Integer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29775 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.0 contain a client-side heap out-of-bounds read/write vulnerability in the bitmap cache subsystem caused by an off-by-one boundary check error. A malicious RDP server can exploit this by sending a specially crafted CACHE_BITMAP_ORDER (Rev1) packet with cacheId equal to maxCells, allowing access to memory one element past the allocated array boundary. This vulnerability affects FreeRDP clients connecting to untrusted or compromised servers and could lead to information disclosure or denial of service, though the CVSS score of 5.3 and lack of confidentiality impact suggest limited real-world severity.

Memory Corruption Buffer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29774 MEDIUM PATCH This Month

A client-side heap buffer overflow vulnerability exists in FreeRDP's AVC420/AVC444 YUV-to-RGB color space conversion code due to missing horizontal bounds validation of H.264 metablock region coordinates. FreeRDP versions prior to 3.24.0 are affected, allowing a malicious RDP server to trigger out-of-bounds memory writes via specially crafted WIRE_TO_SURFACE_PDU_1 packets with oversized regionRects left coordinates, resulting in denial of service through heap corruption. The vulnerability requires no user interaction or authentication and has a CVSS score of 5.3 with EPSS risk classification indicating moderate exploitation likelihood; no public exploit code is known to exist at this time.

Buffer Overflow Memory Corruption Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2581 npm MEDIUM PATCH This Month

Node.js Undici's response deduplication feature accumulates response bodies in memory instead of streaming them, allowing remote attackers to trigger denial of service through large or concurrent responses from untrusted endpoints. Applications using the deduplicate() interceptor are vulnerable to out-of-memory crashes when processing large or chunked responses. No patch is currently available.

Node.js Denial Of Service Undici Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-1527 npm MEDIUM PATCH This Month

CRLF injection in undici's HTTP upgrade handling allows authenticated attackers to inject arbitrary headers and perform request smuggling attacks against backend services like Redis and Elasticsearch when user input is passed unsanitized to the upgrade option. The vulnerability stems from insufficient validation of the upgrade parameter before writing to the socket, enabling attackers to terminate HTTP requests prematurely and route malicious data to non-HTTP protocols. This requires prior authentication and user interaction, with no patch currently available.

Code Injection Redis Elastic Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2023-1289 NuGet MEDIUM POC PATCH This Month

Medium severity vulnerability in ImageMagick. # Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS.

Denial Of Service PHP Debian Docker Red Hat +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-32259 MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by stack-based buffer overflow (CVSS 6.7).

Stack Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-32249 MEDIUM PATCH This Month

command line text editor. From 9.1.0011 to versions up to 9.2.0137 is affected by null pointer dereference (CVSS 5.3).

Null Pointer Dereference Denial Of Service Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32240 MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that allows attackers to HTTP request/response smuggling.

Information Disclosure Capnproto Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32239 MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 is affected by integer overflow or wraparound.

Information Disclosure Integer Overflow Capnproto Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1525 npm MEDIUM PATCH This Month

Undici fails to normalize HTTP header names when processing arrays, allowing duplicate Content-Length headers with case-variant names (e.g., "Content-Length" and "content-length") to be sent in malformed requests. Applications using undici's low-level APIs with user-controlled header inputs are vulnerable to request rejection by strict HTTP parsers or potential HTTP request smuggling attacks if intermediaries and backend servers interpret conflicting header values inconsistently. No patch is currently available.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32235 npm MEDIUM PATCH This Month

Medium severity vulnerability in See description. #

Open Redirect Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-3099 MEDIUM PATCH This Month

Libsoup's digest authentication mechanism fails to validate nonce reuse and enforce proper nonce-count incrementation, enabling attackers to replay captured authentication headers to bypass access controls. A remote attacker can exploit this to impersonate legitimate users and access protected resources without valid credentials. No patch is currently available.

Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-3234 MEDIUM This Month

mod_proxy_cluster's decodeenc() function is vulnerable to CRLF injection, enabling unauthenticated attackers with network access to the MCMP protocol port to manipulate cluster configuration and corrupt INFO endpoint responses. This input validation bypass affects systems relying on mod_proxy_cluster for load balancing and cluster management. No patch is currently available for this medium-severity vulnerability.

Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-2808 Go MEDIUM PATCH This Month

Medium severity vulnerability in HashiCorp Consul. HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Kubernetes Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-31988 npm MEDIUM PATCH This Month

Denial of service in yauzl 3.2.0 (Node.js zip parsing library) allows remote attackers to crash applications by submitting malformed zip files with specially crafted NTFS timestamp fields that trigger an out-of-bounds buffer read. The vulnerability affects any Node.js application that processes untrusted zip uploads and extracts file modification dates. No patch is currently available.

Node.js Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-3942 MEDIUM PATCH This Month

Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3941 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 4.3).

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3940 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3939 MEDIUM PATCH This Month

Insufficient policy enforcement in PDF in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3938 MEDIUM PATCH This Month

Insufficient policy enforcement in Clipboard in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3935 MEDIUM PATCH This Month

Incorrect security UI in WebAppInstalls in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3934 MEDIUM PATCH This Month

Insufficient policy enforcement in ChromeDriver in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3931 HIGH PATCH This Week

Heap buffer overflow in Skia in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Buffer Overflow Heap Overflow Chrome Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3930 MEDIUM PATCH This Month

Unsafe navigation in Navigation in Google Chrome on iOS versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Apple Chrome iOS +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3928 MEDIUM PATCH This Month

Insufficient policy enforcement in Extensions in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3927 MEDIUM PATCH This Month

Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3926 HIGH PATCH This Week

Out of bounds read in V8 in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).

Information Disclosure Buffer Overflow Chrome Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3924 HIGH PATCH This Week

use after free in WindowDialog in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 7.5).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3923 HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3922 HIGH PATCH This Week

Use after free in MediaStream in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3921 HIGH PATCH This Week

Use after free in TextEncoding in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3920 HIGH PATCH This Week

Out of bounds memory access in WebML in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).

Google Information Disclosure Buffer Overflow AI / ML Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3919 HIGH PATCH This Week

Use after free in Extensions in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3918 HIGH PATCH This Week

Use after free in WebMCP in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3917 HIGH PATCH This Week

Use after free in Agents in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service Memory Corruption Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3916 CRITICAL PATCH Act Now

Sandbox escape via Web Speech in Chrome before 146.0.7680.71. Patch available.

Google Information Disclosure Buffer Overflow Chrome Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-3915 HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Google Buffer Overflow Heap Overflow AI / ML Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3914 HIGH PATCH This Week

Integer overflow in WebML in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 8.8).

Google Buffer Overflow AI / ML Chrome Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3913 HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Google Buffer Overflow Heap Overflow AI / ML Chrome +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31958 PyPI HIGH PATCH GHSA This Week

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.

Python Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-31870 HIGH PATCH This Week

cpp-httplib versions prior to 0.37.1 crash when the streaming API receives a malformed Content-Length header from any server, as the library fails to validate or handle exceptions from the underlying string parsing function. An attacker can exploit this denial of service condition by hosting a malicious server, performing a man-in-the-middle attack, or leveraging HTTP redirects to crash any client application using the vulnerable library. Currently no patch is available for this issue.

Denial Of Service Cpp Httplib Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-30226 npm HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3429 Maven MEDIUM PATCH This Month

Keycloak's Account REST API improperly validates session assurance levels, enabling authenticated attackers with a victim's password to remove MFA/OTP credentials without re-authentication and subsequently register their own authenticator. This allows complete account takeover by bypassing the intended multi-factor authentication protections. The vulnerability affects users relying on MFA as a security control and currently has no available patch.

Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-31853 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by heap-based buffer overflow (CVSS 5.7).

Buffer Overflow Heap Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-3805 HIGH POC PATCH This Week

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.

Use After Free Curl Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3783 MEDIUM POC PATCH This Month

OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.

.NET Curl Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1965 MEDIUM PATCH This Month

libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.

Information Disclosure Curl Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-31838 MEDIUM POC This Month

Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 are vulnerable to authorization policy bypass through improper Envoy RBAC handling of multi-valued HTTP headers. An attacker can craft requests with multiple header values that cause the authorization engine to evaluate headers differently than intended, allowing unauthorized access to protected microservices. No patch is currently available for this vulnerability.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-31826 PyPI MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.

Python Denial Of Service Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31808 npm MEDIUM PATCH This Month

Denial of service in file-type library versions prior to 21.3.1 allows remote attackers to hang Node.js event loops by submitting malformed ASF (WMV/WMA) files that trigger infinite loops during file type detection. Applications using file-type to analyze untrusted input are vulnerable, with a minimal 55-byte payload sufficient to stall processing. No patch is currently available for affected Node.js and File Type products.

Node.js Denial Of Service File Type Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30942 MEDIUM This Month

Flare versions before 1.7.3 contain a path traversal vulnerability in the avatar endpoint that allows authenticated users to read arbitrary files from the application container by exploiting unsanitized filename parameters. Any user with login access, including self-registered accounts on instances with open registration enabled (default configuration), can enumerate and retrieve sensitive files accessible to the Node.js process. The vulnerability requires authentication but poses a significant confidentiality risk on publicly accessible Flare instances without registration restrictions.

Path Traversal Flare Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-2742 Maven MEDIUM PATCH This Month

Authentication bypass in Vaadin framework (14.0.0-14.14.0, 23.0.0-23.6.x, and other ranges). The web application framework fails to properly enforce authentication on certain routes.

Authentication Bypass Java Red Hat
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-26131 NuGet HIGH PATCH This Week

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Privilege Escalation Red Hat
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26127 NuGet HIGH POC PATCH This Week

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Red Hat Suse
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23907 Maven MEDIUM PATCH This Month

Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles example that allows attackers to write files outside the intended extraction directory by manipulating embedded file names. Organizations that have integrated this example code into production systems are at risk of unauthorized file writes on the host system. No patch is currently available, requiring developers to manually implement path validation to ensure extracted files remain within the designated directory.

Apache Path Traversal Pdfbox Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31802 npm MEDIUM PATCH This Month

node-tar is a full-featured Tar for Node.js.

Node.js Path Traversal Tar Red Hat
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-30937 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.

Buffer Overflow Microsoft Heap Overflow Imagemagick Windows +2
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-30936 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-30935 NuGet MEDIUM PATCH This Month

BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ```

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-30931 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.

Buffer Overflow Heap Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-30929 NuGet HIGH PATCH This Week

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

Buffer Overflow Stack Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-30883 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-28692 NuGet MEDIUM PATCH This Month

Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.

Buffer Overflow Information Disclosure Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-28690 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-28689 NuGet MEDIUM PATCH This Month

Imagemagick versions up to 7.1.2-16 is affected by improper link resolution before file access (CVSS 6.3).

Path Traversal Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-28688 NuGet MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-16 and 6.9.13-41 contain a heap-use-after-free vulnerability in the MSL encoder that can be triggered by local attackers to cause denial of service through double-free conditions on cloned images. The vulnerability requires local access with no special privileges or user interaction, resulting in application crashes or potential memory corruption. No patch is currently available for affected versions.

Use After Free Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28687 NuGet MEDIUM PATCH This Month

Heap use-after-free in ImageMagick's MSL decoder (versions before 7.1.2-16 and 6.9.13-41) allows remote attackers to trigger memory access violations via specially crafted MSL files, resulting in denial of service. The vulnerability requires no authentication or user interaction and affects systems processing untrusted image files. No patch is currently available for this MEDIUM severity issue.

Use After Free Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28686 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-28494 NuGet HIGH PATCH This Week

High severity vulnerability in ImageMagick. A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.

Linux Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-28493 NuGet MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.

Integer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-14027 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-69648 MEDIUM PATCH This Month

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. [CVSS 6.2 MEDIUM]

RCE Denial Of Service Buffer Overflow Binutils Red Hat +1
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-69647 MEDIUM PATCH This Month

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. [CVSS 6.2 MEDIUM]

Denial Of Service Binutils Red Hat Suse
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-3731 MEDIUM PATCH This Month

Out-of-bounds read in libssh versions up to 0.11.3 allows remote attackers to cause denial of service by manipulating the idx argument in the SFTP extension name handler functions. The vulnerability resides in the sftp_extensions_get_name and sftp_extensions_get_data functions, enabling unauthenticated attackers to trigger memory access violations without user interaction. Upgrading to libssh 0.11.4 or 0.12.0 resolves this issue.

Buffer Overflow Libssh Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-29076 MEDIUM POC PATCH This Month

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server processes by submitting HTTP POST requests with maliciously crafted RFC 5987 filename* parameters that trigger catastrophic backtracking in the regex parser. The vulnerability exploits the recursive stack-based implementation of libstdc++'s regex engine, causing uncontrolled stack growth and stack overflow. Public exploit code exists for this vulnerability.

Stack Overflow Denial Of Service Cpp Httplib Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-30827 npm HIGH POC PATCH This Week

express-rate-limit versions 8.0.0 through 8.3.0 (excluding patched versions) collapse all IPv4 client traffic into a single rate-limit bucket due to incorrect IPv6 subnet masking of IPv4-mapped addresses, allowing any client to trigger denial of service for all other IPv4 users by exhausting the shared limit. Public exploit code exists for this vulnerability, affecting Node.js applications using the vulnerable middleware versions. Organizations should upgrade to versions 8.0.2, 8.1.1, 8.2.2, or 8.3.0 immediately.

Node.js Express Rate Limit Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30231 MEDIUM This Month

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched...

Authentication Bypass Red Hat
NVD GitHub
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-30230 HIGH This Week

self-hostable file sharing platform that integrates with screenshot tools. versions up to 1.7.2 is affected by authorization bypass through user-controlled key.

Authentication Bypass Red Hat
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-69652 MEDIUM POC PATCH This Month

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. [CVSS 6.2 MEDIUM]

Memory Corruption Denial Of Service Binutils Red Hat Suse
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-69650 HIGH POC PATCH This Week

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. [CVSS 7.5 HIGH]

Memory Corruption Denial Of Service Binutils Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69649 HIGH POC PATCH This Week

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. [CVSS 7.5 HIGH]

Null Pointer Dereference Memory Corruption Binutils Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3419 npm MEDIUM PATCH This Month

Fastify improperly validates Content-Type headers by accepting RFC 9110-violating malformed values with trailing characters, allowing attackers to bypass content-type restrictions and route requests to unintended parsers. When regex-based content-type parsing is enabled, requests with invalid Content-Type headers such as "application/json garbage" are processed normally instead of being rejected, potentially enabling request misrouting and manipulation of parser behavior. No patch is currently available for this medium-severity vulnerability affecting Fastify applications.

Authentication Bypass Fastify Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29089 HIGH This Week

Arbitrary code execution in TimescaleDB 2.23.0 through 2.25.1 allows local authenticated users to execute malicious functions by shadowing built-in PostgreSQL functions through user-writable schemas in the search_path setting during extension upgrades. An attacker with database access can create malicious functions in writable schemas that are invoked instead of legitimate PostgreSQL functions, resulting in code execution with database privileges. No patch is currently available for affected installations.

PostgreSQL RCE Timescaledb Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-69651 MEDIUM POC PATCH This Month

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. [CVSS 5.5 MEDIUM]

Memory Corruption Denial Of Service Binutils Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers.

Buffer Overflow Memory Corruption Google +3
NVD VulDB GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Arbitrary file write vulnerability in Calibre's RocketBook input plugin enables attackers to write files to any location accessible by the Calibre process when a user opens or converts a malicious .rb file. The path traversal flaw affects versions prior to 9.5.0 and represents an unpatched instance of the same vulnerability class previously fixed in the PDB reader component. Local attackers can leverage this to corrupt files, modify configuration, or potentially achieve code execution depending on file system permissions.

Path Traversal Calibre Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service vulnerability in CairoSVG (Python SVG rendering library) caused by exponential amplification through recursive <use> SVG elements without depth limits. An attacker can cause 100% CPU exhaustion indefinitely with a tiny 1,411-byte SVG file, affecting any service that processes SVG input (thumbnails, PDFs, avatars). A working proof-of-concept is publicly available, patches have been released, and while not in KEV, the vulnerability has a 7.5 CVSS score with network-based, unauthenticated exploitation.

Denial Of Service Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.0 contain an out-of-bounds read vulnerability in MS-ADPCM and IMA-ADPCM audio decoders that allows unauthenticated remote attackers to read sensitive information from process memory. The vulnerability affects all FreeRDP installations using these audio codecs; an attacker can trigger the flaw by providing specially crafted audio data during RDP session establishment, potentially disclosing confidential data such as credentials or session tokens without requiring privileges or interaction beyond basic RDP connection initiation.

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability in FreeRDP (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Size_t integer underflow vulnerability in FreeRDP's IMA-ADPCM and MS-ADPCM audio decoders that triggers a heap buffer overflow write via the RDPSND audio channel. All FreeRDP versions prior to 3.24.0 are affected. An unauthenticated remote attacker can exploit this vulnerability over the network without user interaction to cause information disclosure and data corruption, though not denial of service based on the CVSS impact ratings.

Buffer Overflow Integer Overflow Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.0 contain a client-side heap out-of-bounds read/write vulnerability in the bitmap cache subsystem caused by an off-by-one boundary check error. A malicious RDP server can exploit this by sending a specially crafted CACHE_BITMAP_ORDER (Rev1) packet with cacheId equal to maxCells, allowing access to memory one element past the allocated array boundary. This vulnerability affects FreeRDP clients connecting to untrusted or compromised servers and could lead to information disclosure or denial of service, though the CVSS score of 5.3 and lack of confidentiality impact suggest limited real-world severity.

Memory Corruption Buffer Overflow Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A client-side heap buffer overflow vulnerability exists in FreeRDP's AVC420/AVC444 YUV-to-RGB color space conversion code due to missing horizontal bounds validation of H.264 metablock region coordinates. FreeRDP versions prior to 3.24.0 are affected, allowing a malicious RDP server to trigger out-of-bounds memory writes via specially crafted WIRE_TO_SURFACE_PDU_1 packets with oversized regionRects left coordinates, resulting in denial of service through heap corruption. The vulnerability requires no user interaction or authentication and has a CVSS score of 5.3 with EPSS risk classification indicating moderate exploitation likelihood; no public exploit code is known to exist at this time.

Buffer Overflow Memory Corruption Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Node.js Undici's response deduplication feature accumulates response bodies in memory instead of streaming them, allowing remote attackers to trigger denial of service through large or concurrent responses from untrusted endpoints. Applications using the deduplicate() interceptor are vulnerable to out-of-memory crashes when processing large or chunked responses. No patch is currently available.

Node.js Denial Of Service Undici +2
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

CRLF injection in undici's HTTP upgrade handling allows authenticated attackers to inject arbitrary headers and perform request smuggling attacks against backend services like Redis and Elasticsearch when user input is passed unsanitized to the upgrade option. The vulnerability stems from insufficient validation of the upgrade parameter before writing to the socket, enabling attackers to terminate HTTP requests prematurely and route malicious data to non-HTTP protocols. This requires prior authentication and user interaction, with no patch currently available.

Code Injection Redis Elastic +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Medium severity vulnerability in ImageMagick. # Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS.

Denial Of Service PHP Debian +3
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by stack-based buffer overflow (CVSS 6.7).

Stack Overflow Buffer Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

command line text editor. From 9.1.0011 to versions up to 9.2.0137 is affected by null pointer dereference (CVSS 5.3).

Null Pointer Dereference Denial Of Service Vim +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that allows attackers to HTTP request/response smuggling.

Information Disclosure Capnproto Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 is affected by integer overflow or wraparound.

Information Disclosure Integer Overflow Capnproto +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Undici fails to normalize HTTP header names when processing arrays, allowing duplicate Content-Length headers with case-variant names (e.g., "Content-Length" and "content-length") to be sent in malformed requests. Applications using undici's low-level APIs with user-controlled header inputs are vulnerable to request rejection by strict HTTP parsers or potential HTTP request smuggling attacks if intermediaries and backend servers interpret conflicting header values inconsistently. No patch is currently available.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Medium severity vulnerability in See description. #

Open Redirect Red Hat
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Libsoup's digest authentication mechanism fails to validate nonce reuse and enforce proper nonce-count incrementation, enabling attackers to replay captured authentication headers to bypass access controls. A remote attacker can exploit this to impersonate legitimate users and access protected resources without valid credentials. No patch is currently available.

Authentication Bypass Red Hat Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

mod_proxy_cluster's decodeenc() function is vulnerable to CRLF injection, enabling unauthenticated attackers with network access to the MCMP protocol port to manipulate cluster configuration and corrupt INFO endpoint responses. This input validation bypass affects systems relying on mod_proxy_cluster for load balancing and cluster management. No patch is currently available for this medium-severity vulnerability.

Authentication Bypass Red Hat
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in HashiCorp Consul. HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

Kubernetes Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in yauzl 3.2.0 (Node.js zip parsing library) allows remote attackers to crash applications by submitting malformed zip files with specially crafted NTFS timestamp fields that trigger an out-of-bounds buffer read. The vulnerability affects any Node.js application that processes untrusted zip uploads and extracts file modification dates. No patch is currently available.

Node.js Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 4.3).

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient policy enforcement in PDF in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in Clipboard in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Incorrect security UI in WebAppInstalls in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in ChromeDriver in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Chrome +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Skia in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Buffer Overflow Heap Overflow Chrome +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unsafe navigation in Navigation in Google Chrome on iOS versions up to 146.0.7680.71 contains a security vulnerability.

Google Authentication Bypass Apple +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in Extensions in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Incorrect security UI in PictureInPicture in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability.

Google Information Disclosure Chrome +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds read in V8 in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).

Information Disclosure Buffer Overflow Chrome +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

use after free in WindowDialog in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 7.5).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in MediaStream in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in TextEncoding in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds memory access in WebML in Google Chrome versions up to 146.0.7680.71 is affected by out-of-bounds read (CVSS 8.8).

Google Information Disclosure Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Extensions in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebMCP in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Agents in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape via Web Speech in Chrome before 146.0.7680.71. Patch available.

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Google Buffer Overflow Heap Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in WebML in Google Chrome versions up to 146.0.7680.71 contains a security vulnerability (CVSS 8.8).

Google Buffer Overflow AI / ML +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome versions up to 146.0.7680.71 is affected by heap-based buffer overflow (CVSS 8.8).

Google Buffer Overflow Heap Overflow +4
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.

Python Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

cpp-httplib versions prior to 0.37.1 crash when the streaming API receives a malformed Content-Length header from any server, as the library fails to validate or handle exceptions from the underlying string parsing function. An attacker can exploit this denial of service condition by hosting a malicious server, performing a man-in-the-middle attack, or leveraging HTTP redirects to crash any client application using the vulnerable library. Currently no patch is available for this issue.

Denial Of Service Cpp Httplib Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue +2
NVD GitHub VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Keycloak's Account REST API improperly validates session assurance levels, enabling authenticated attackers with a victim's password to remove MFA/OTP credentials without re-authentication and subsequently register their own authenticator. This allows complete account takeover by bypassing the intended multi-factor authentication protections. The vulnerability affects users relying on MFA as a security control and currently has no available patch.

Authentication Bypass Red Hat
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by heap-based buffer overflow (CVSS 5.7).

Buffer Overflow Heap Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.

Use After Free Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.

.NET Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.

Information Disclosure Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Istio versions prior to 1.29.1, 1.28.5, and 1.27.8 are vulnerable to authorization policy bypass through improper Envoy RBAC handling of multi-valued HTTP headers. An attacker can craft requests with multiple header values that cause the authorization engine to evaluate headers differently than intended, allowing unauthorized access to protected microservices. No patch is currently available for this vulnerability.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.

Python Denial Of Service Pypdf +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in file-type library versions prior to 21.3.1 allows remote attackers to hang Node.js event loops by submitting malformed ASF (WMV/WMA) files that trigger infinite loops during file type detection. Applications using file-type to analyze untrusted input are vulnerable, with a minimal 55-byte payload sufficient to stall processing. No patch is currently available for affected Node.js and File Type products.

Node.js Denial Of Service File Type +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Flare versions before 1.7.3 contain a path traversal vulnerability in the avatar endpoint that allows authenticated users to read arbitrary files from the application container by exploiting unsanitized filename parameters. Any user with login access, including self-registered accounts on instances with open registration enabled (default configuration), can enumerate and retrieve sensitive files accessible to the Node.js process. The vulnerability requires authentication but poses a significant confidentiality risk on publicly accessible Flare instances without registration restrictions.

Path Traversal Flare Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Authentication bypass in Vaadin framework (14.0.0-14.14.0, 23.0.0-23.6.x, and other ranges). The web application framework fails to properly enforce authentication on certain routes.

Authentication Bypass Java Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Privilege Escalation Red Hat
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Red Hat +1
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles example that allows attackers to write files outside the intended extraction directory by manipulating embedded file names. Organizations that have integrated this example code into production systems are at risk of unauthorized file writes on the host system. No patch is currently available, requiring developers to manually implement path validation to ensure extracted files remain within the designated directory.

Apache Path Traversal Pdfbox +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

node-tar is a full-featured Tar for Node.js.

Node.js Path Traversal Tar +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.

Buffer Overflow Microsoft Heap Overflow +4
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ```

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.

Buffer Overflow Heap Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

Buffer Overflow Stack Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. versions up to 7.1.2-16 is affected by buffer overflow (CVSS 5.7).

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Heap over-read in ImageMagick's MAT decoder prior to versions 7.1.2-16 and 6.9.13-41 results from incorrect arithmetic parenthesization, allowing remote attackers to leak sensitive memory contents and cause denial of service through crafted MAT image files. The vulnerability requires no authentication or user interaction and affects systems using vulnerable ImageMagick versions for image processing. No patch is currently available, leaving users dependent on upgrading to patched versions when released.

Buffer Overflow Information Disclosure Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Imagemagick versions up to 7.1.2-16 is affected by improper link resolution before file access (CVSS 6.3).

Path Traversal Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-16 and 6.9.13-41 contain a heap-use-after-free vulnerability in the MSL encoder that can be triggered by local attackers to cause denial of service through double-free conditions on cloned images. The vulnerability requires local access with no special privileges or user interaction, resulting in application crashes or potential memory corruption. No patch is currently available for affected versions.

Use After Free Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap use-after-free in ImageMagick's MSL decoder (versions before 7.1.2-16 and 6.9.13-41) allows remote attackers to trigger memory access violations via specially crafted MSL files, resulting in denial of service. The vulnerability requires no authentication or user interaction and affects systems processing untrusted image files. No patch is currently available for this MEDIUM severity issue.

Use After Free Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

High severity vulnerability in ImageMagick. A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.

Linux Buffer Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Medium severity vulnerability in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.

Integer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. [CVSS 6.2 MEDIUM]

RCE Denial Of Service Buffer Overflow +3
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. [CVSS 6.2 MEDIUM]

Denial Of Service Binutils Red Hat +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in libssh versions up to 0.11.3 allows remote attackers to cause denial of service by manipulating the idx argument in the SFTP extension name handler functions. The vulnerability resides in the sftp_extensions_get_name and sftp_extensions_get_data functions, enabling unauthenticated attackers to trigger memory access violations without user interaction. Upgrading to libssh 0.11.4 or 0.12.0 resolves this issue.

Buffer Overflow Libssh Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server processes by submitting HTTP POST requests with maliciously crafted RFC 5987 filename* parameters that trigger catastrophic backtracking in the regex parser. The vulnerability exploits the recursive stack-based implementation of libstdc++'s regex engine, causing uncontrolled stack growth and stack overflow. Public exploit code exists for this vulnerability.

Stack Overflow Denial Of Service Cpp Httplib +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

express-rate-limit versions 8.0.0 through 8.3.0 (excluding patched versions) collapse all IPv4 client traffic into a single rate-limit bucket due to incorrect IPv6 subnet masking of IPv4-mapped addresses, allowing any client to trigger denial of service for all other IPv4 users by exhausting the shared limit. Public exploit code exists for this vulnerability, affecting Node.js applications using the vulnerable middleware versions. Organizations should upgrade to versions 8.0.2, 8.1.1, 8.2.2, or 8.3.0 immediately.

Node.js Express Rate Limit Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched...

Authentication Bypass Red Hat
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

self-hostable file sharing platform that integrates with screenshot tools. versions up to 1.7.2 is affected by authorization bypass through user-controlled key.

Authentication Bypass Red Hat
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM POC PATCH This Month

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. [CVSS 6.2 MEDIUM]

Memory Corruption Denial Of Service Binutils +2
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. [CVSS 7.5 HIGH]

Memory Corruption Denial Of Service Binutils +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. [CVSS 7.5 HIGH]

Null Pointer Dereference Memory Corruption Binutils +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Fastify improperly validates Content-Type headers by accepting RFC 9110-violating malformed values with trailing characters, allowing attackers to bypass content-type restrictions and route requests to unintended parsers. When regex-based content-type parsing is enabled, requests with invalid Content-Type headers such as "application/json garbage" are processed normally instead of being rejected, potentially enabling request misrouting and manipulation of parser behavior. No patch is currently available for this medium-severity vulnerability affecting Fastify applications.

Authentication Bypass Fastify Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Arbitrary code execution in TimescaleDB 2.23.0 through 2.25.1 allows local authenticated users to execute malicious functions by shadowing built-in PostgreSQL functions through user-writable schemas in the search_path setting during extension upgrades. An attacker with database access can create malicious functions in writable schemas that are invoked instead of legitimate PostgreSQL functions, resulting in code execution with database privileges. No patch is currently available for affected installations.

PostgreSQL RCE Timescaledb +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. [CVSS 5.5 MEDIUM]

Memory Corruption Denial Of Service Binutils +2
NVD VulDB
Prev Page 30 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy