Search CVE reports


Toggle filters

41 – 50 of 39246 results

Status is adjusted based on your filters.


CVE-2026-56377

Medium priority
Needs evaluation

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion...

1 affected package

imagemagick

Package 24.04 LTS
imagemagick Needs evaluation
Show less packages

CVE-2026-56369

Medium priority
Needs evaluation

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext...

1 affected package

imagemagick

Package 24.04 LTS
imagemagick Needs evaluation
Show less packages

CVE-2026-56365

Medium priority
Needs evaluation

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

1 affected package

imagemagick

Package 24.04 LTS
imagemagick Needs evaluation
Show less packages

CVE-2026-56364

Medium priority
Needs evaluation

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the...

1 affected package

imagemagick

Package 24.04 LTS
imagemagick Needs evaluation
Show less packages

CVE-2026-56363

Medium priority
Needs evaluation

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow,...

1 affected package

imagemagick

Package 24.04 LTS
imagemagick Needs evaluation
Show less packages

CVE-2026-56361

Medium priority
Needs evaluation

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single...

1 affected package

imagemagick

Package 24.04 LTS
imagemagick Needs evaluation
Show less packages

CVE-2026-55223

Medium priority
Needs evaluation

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection()...

1 affected package

c3p0

Package 24.04 LTS
c3p0 Needs evaluation
Show less packages

CVE-2026-54696

Medium priority
Needs evaluation

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io)...

8 affected packages

ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...

Package 24.04 LTS
ruby2.3 Not in release
ruby2.5 Not in release
ruby2.7 Not in release
ruby3.0 Not in release
ruby3.2 Needs evaluation
ruby3.3 Not in release
jruby Needs evaluation
ruby-json Needs evaluation
Show all 8 packages Show less packages

CVE-2026-14156

Medium priority
Not affected

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page....

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14155

Medium priority
Not affected

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages