CVE-2026-14355
- EPSS 0.31%
- Veröffentlicht 03.07.2026 20:57:31
- Zuletzt bearbeitet 08.07.2026 20:11:16
In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding o...
CVE-2026-56968
- EPSS 0.24%
- Veröffentlicht 23.06.2026 16:18:29
- Zuletzt bearbeitet 29.06.2026 23:00:33
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
CVE-2026-49975
- EPSS 11.47%
- Veröffentlicht 08.06.2026 15:26:04
- Zuletzt bearbeitet 09.07.2026 13:17:24
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
CVE-2026-46333
- EPSS 1.38%
- Veröffentlicht 15.05.2026 12:58:44
- Zuletzt bearbeitet 01.07.2026 13:17:36
In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or n...
- EPSS 96.27%
- Veröffentlicht 22.04.2026 08:15:10
- Zuletzt bearbeitet 01.07.2026 17:30:58
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-pl...
CVE-2026-41082
- EPSS 0.21%
- Veröffentlicht 16.04.2026 17:32:40
- Zuletzt bearbeitet 08.07.2026 03:29:28
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
CVE-2026-34757
- EPSS 0.2%
- Veröffentlicht 09.04.2026 14:41:18
- Zuletzt bearbeitet 13.05.2026 23:07:51
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back ...
CVE-2026-4775
- EPSS 0.55%
- Veröffentlicht 24.03.2026 14:42:47
- Zuletzt bearbeitet 30.06.2026 03:20:41
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write du...
CVE-2026-1940
- EPSS 0.23%
- Veröffentlicht 23.03.2026 21:26:14
- Zuletzt bearbeitet 04.05.2026 15:30:08
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calcula...
CVE-2025-63261
- EPSS 1.05%
- Veröffentlicht 20.03.2026 00:00:00
- Zuletzt bearbeitet 07.04.2026 16:08:00
AWStats 8.0 is vulnerable to Command Injection via the open function