Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3338 vulnerabilities
CVE-2026-6069 (GCVE-0-2026-6069)
Vulnerability from cvelistv5 – Published: 2026-04-10 13:30 – Updated: 2026-04-10 14:53
VLAI?
Title
CVE-2026-6069
Summary
NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
Severity ?
7.5 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-6069",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T14:53:15.700852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T14:53:37.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NASM",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "nasm-3.02rc5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NASM\u2019s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T13:30:48.302Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/netwide-assembler/nasm/issues/217"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-6069",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-6069"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-6069",
"datePublished": "2026-04-10T13:30:48.302Z",
"dateReserved": "2026-04-10T13:29:59.611Z",
"dateUpdated": "2026-04-10T14:53:37.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6068 (GCVE-0-2026-6068)
Vulnerability from cvelistv5 – Published: 2026-04-10 13:30 – Updated: 2026-04-10 14:56
VLAI?
Title
CVE-2026-6068
Summary
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-6068",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T14:56:02.839621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T14:56:52.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NASM",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "nasm-3.02rc5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-416: Use After Free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T13:30:38.420Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/netwide-assembler/nasm/issues/222"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-6068",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-6068"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-6068",
"datePublished": "2026-04-10T13:30:38.420Z",
"dateReserved": "2026-04-10T13:29:25.329Z",
"dateUpdated": "2026-04-10T14:56:52.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6067 (GCVE-0-2026-6067)
Vulnerability from cvelistv5 – Published: 2026-04-10 13:30 – Updated: 2026-04-10 14:58
VLAI?
Title
CVE-2026-6067
Summary
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-6067",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T14:57:25.595690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T14:58:07.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NASM",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "nasm-3.02rc5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T13:30:26.140Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/netwide-assembler/nasm/issues/203"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-6067",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-6067"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-6067",
"datePublished": "2026-04-10T13:30:26.140Z",
"dateReserved": "2026-04-10T13:26:16.675Z",
"dateUpdated": "2026-04-10T14:58:07.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5439 (GCVE-0-2026-5439)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:44 – Updated: 2026-04-09 14:44
VLAI?
Title
Memory Exhaustion via Forged ZIP Metadata
Summary
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An attacker can craft a small ZIP archive containing a forged size value, causing the server to allocate extremely large buffers during extraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:44:37.078Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory Exhaustion via Forged ZIP Metadata",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5439"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5439",
"datePublished": "2026-04-09T14:44:37.078Z",
"dateReserved": "2026-04-02T19:22:13.583Z",
"dateUpdated": "2026-04-09T14:44:37.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5437 (GCVE-0-2026-5437)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:44 – Updated: 2026-04-09 14:44
VLAI?
Title
Out-of-Bounds Read in DicomStreamReader
Summary
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:44:17.972Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in DicomStreamReader",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5437"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5437",
"datePublished": "2026-04-09T14:44:17.972Z",
"dateReserved": "2026-04-02T19:21:45.325Z",
"dateUpdated": "2026-04-09T14:44:17.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5438 (GCVE-0-2026-5438)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:44 – Updated: 2026-04-09 14:44
VLAI?
Title
Gzip Decompression Bomb via Content-Encoding Header
Summary
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive memory allocation and exhaust system memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:44:05.375Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Gzip Decompression Bomb via Content-Encoding Header",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5438"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5438",
"datePublished": "2026-04-09T14:44:05.375Z",
"dateReserved": "2026-04-02T19:21:58.543Z",
"dateUpdated": "2026-04-09T14:44:05.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5440 (GCVE-0-2026-5440)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:43 – Updated: 2026-04-09 14:43
VLAI?
Title
Memory Exhaustion via Unbounded Content-Length
Summary
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:43:55.684Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory Exhaustion via Unbounded Content-Length",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5440"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5440",
"datePublished": "2026-04-09T14:43:55.684Z",
"dateReserved": "2026-04-02T19:22:26.410Z",
"dateUpdated": "2026-04-09T14:43:55.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5442 (GCVE-0-2026-5442)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:43 – Updated: 2026-04-09 14:43
VLAI?
Title
Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions
Summary
A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:43:43.571Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5442"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5442",
"datePublished": "2026-04-09T14:43:43.571Z",
"dateReserved": "2026-04-02T19:22:48.196Z",
"dateUpdated": "2026-04-09T14:43:43.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5443 (GCVE-0-2026-5443)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:43 – Updated: 2026-04-09 14:43
VLAI?
Title
Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)
Summary
A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:43:15.227Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5443"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5443",
"datePublished": "2026-04-09T14:43:15.227Z",
"dateReserved": "2026-04-02T19:23:06.757Z",
"dateUpdated": "2026-04-09T14:43:15.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5445 (GCVE-0-2026-5445)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:42 – Updated: 2026-04-09 14:42
VLAI?
Title
Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable)
Summary
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:42:51.673Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable)",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5445"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5445",
"datePublished": "2026-04-09T14:42:51.673Z",
"dateReserved": "2026-04-02T19:23:30.637Z",
"dateUpdated": "2026-04-09T14:42:51.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5444 (GCVE-0-2026-5444)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:42 – Updated: 2026-04-09 14:42
VLAI?
Title
Heap Buffer Overflow in PAM Image Buffer Allocation
Summary
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, resulting in the allocation of a small buffer followed by a much larger write operation during pixel processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:42:30.696Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Buffer Overflow in PAM Image Buffer Allocation",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5444"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5444",
"datePublished": "2026-04-09T14:42:30.696Z",
"dateReserved": "2026-04-02T19:23:20.072Z",
"dateUpdated": "2026-04-09T14:42:30.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5441 (GCVE-0-2026-5441)
Vulnerability from cvelistv5 – Published: 2026-04-09 14:42 – Updated: 2026-04-09 14:42
VLAI?
Title
Out-of-Bounds Read in DicomImageDecoder (PMSCT_RLE1 Decompression)
Summary
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Orthanc | DICOM Server |
Affected:
0 , ≤ 1.12.10
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"product": "DICOM Server",
"vendor": "Orthanc",
"versions": [
{
"lessThanOrEqual": "1.12.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T14:42:04.597Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.orthanc-server.com/"
},
{
"url": "https://www.machinespirits.de/"
},
{
"url": "https://kb.cert.org/vuls/id/536588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in DicomImageDecoder (PMSCT_RLE1 Decompression)",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5441"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5441",
"datePublished": "2026-04-09T14:42:04.597Z",
"dateReserved": "2026-04-02T19:22:35.863Z",
"dateUpdated": "2026-04-09T14:42:04.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4931 (GCVE-0-2026-4931)
Vulnerability from cvelistv5 – Published: 2026-04-07 15:22 – Updated: 2026-04-08 14:45
VLAI?
Title
CVE-2026-4931
Summary
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost.
Severity ?
6.8 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Marginal | Marginal Smart Contract |
Affected:
1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:44:25.365284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681 Incorrect Conversion between Numeric Types",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T14:45:03.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Marginal Smart Contract",
"vendor": "Marginal",
"versions": [
{
"status": "affected",
"version": "1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-681 Incorrect Conversion between Numeric Types",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:22:36.700Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://cvefeed.io/cwe/detail/cwe-681-incorrect-conversion-between-numeric-types"
},
{
"url": "https://scs.owasp.org/SCWE/SCSVS-CODE/SCWE-041/"
},
{
"url": "https://marginal.gitbook.io/docs"
},
{
"url": "https://github.com/MarginalProtocol"
},
{
"url": "https://medium.com/@clarkcorrin/cve-2026-4931-how-spearbits-cantina-denied-a-critical-vulnerability-using-verifiably-false-0a27b92ac2db"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-4931",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4931"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-4931",
"datePublished": "2026-04-07T15:22:36.700Z",
"dateReserved": "2026-03-26T19:31:49.120Z",
"dateUpdated": "2026-04-08T14:45:03.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35467 (GCVE-0-2026-35467)
Vulnerability from cvelistv5 – Published: 2026-04-02 20:27 – Updated: 2026-04-03 13:51
VLAI?
Title
Private Key stored as extractable in browser IndexeDB
Summary
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
Severity ?
7.5 (High)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERT/CC | cveClient/encrypt-storage.js |
Affected:
0 , < 1.1.15
(server)
|
Credits
Jerry Gamblin (https://github.com/jgamblin)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-35467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T13:50:34.898716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:51:22.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cveClient/encrypt-storage.js",
"vendor": "CERT/CC",
"versions": [
{
"lessThan": "1.1.15",
"status": "affected",
"version": "0",
"versionType": "server"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerry Gamblin (https://github.com/jgamblin)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T20:27:27.792Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "Github PR to fix the issue",
"url": "https://github.com/CERTCC/cveClient/pull/39"
},
{
"name": "Github Repository of the project.",
"url": "https://github.com/CERTCC/cveClient/"
}
],
"title": "Private Key stored as extractable in browser IndexeDB",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-35467",
"datePublished": "2026-04-02T20:27:27.792Z",
"dateReserved": "2026-04-02T20:09:50.057Z",
"dateUpdated": "2026-04-03T13:51:22.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35466 (GCVE-0-2026-35466)
Vulnerability from cvelistv5 – Published: 2026-04-02 20:20 – Updated: 2026-04-03 13:55
VLAI?
Title
Stored XSS via unsanitized input from remote service
Summary
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CERT/CC | cveClient/cveInterface.js |
Affected:
0 , < 1.0.24
(semver)
|
Credits
Jerry Gamblin (https://github.com/jgamblin)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-35466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T13:54:50.933767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:55:40.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cveClient/cveInterface.js",
"vendor": "CERT/CC",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerry Gamblin (https://github.com/jgamblin)"
}
],
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T20:30:00.719Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "Patch PR",
"url": "https://github.com/CERTCC/cveClient/pull/37"
},
{
"name": "GitHub Repository",
"url": "https://github.com/CERTCC/cveClient"
}
],
"title": "Stored XSS via unsanitized input from remote service",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-35466",
"datePublished": "2026-04-02T20:20:35.304Z",
"dateReserved": "2026-04-02T20:09:50.057Z",
"dateUpdated": "2026-04-03T13:55:40.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2265 (GCVE-0-2026-2265)
Vulnerability from cvelistv5 – Published: 2026-04-01 16:11 – Updated: 2026-04-01 19:27
VLAI?
Title
Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization
Summary
An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Replicator | Replicator |
Affected:
1.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2265",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T19:27:21.463751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:27:36.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Replicator",
"vendor": "Replicator",
"versions": [
{
"status": "affected",
"version": "1.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:11:25.107Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/inikulin/replicator"
},
{
"url": "https://github.com/inikulin/replicator/pull/19"
},
{
"url": "https://morielharush.github.io/2026/03/31/cve-2026-2265-replicator-deserialization-of-untrusted-data/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2265"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-2265",
"datePublished": "2026-04-01T16:11:25.107Z",
"dateReserved": "2026-02-09T19:27:28.332Z",
"dateUpdated": "2026-04-01T19:27:36.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3308 (GCVE-0-2026-3308)
Vulnerability from cvelistv5 – Published: 2026-03-31 13:13 – Updated: 2026-04-02 18:16
VLAI?
Title
CVE-2026-3308
Summary
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.
Severity ?
7.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Artifex Software Inc. *PyMuPDF* | MuPDF |
Affected:
0 , ≤ 1.27.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:47:30.846054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:48:14.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-02T18:16:49.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/951662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MuPDF",
"vendor": "Artifex Software Inc. *PyMuPDF*",
"versions": [
{
"lessThanOrEqual": "1.27.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in \u0027pdf-image.c\u0027 in Artifex\u0027s MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the \u0027pdf_load_image_imp\u0027 function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:13:12.088Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85"
},
{
"url": "https://github.com/ArtifexSoftware/mupdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-3308",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3308"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-3308",
"datePublished": "2026-03-31T13:13:12.088Z",
"dateReserved": "2026-02-26T21:04:05.303Z",
"dateUpdated": "2026-04-02T18:16:49.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4789 (GCVE-0-2026-4789)
Vulnerability from cvelistv5 – Published: 2026-03-30 20:44 – Updated: 2026-04-01 18:43
VLAI?
Title
CVE-2026-4789
Summary
Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.
Severity ?
9.8 (Critical)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-30T21:18:08.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/655822"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:43:09.447511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:43:50.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kyverno",
"vendor": "Kyverno",
"versions": [
{
"status": "affected",
"version": "1.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T20:44:00.607Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/kyverno/kyverno"
},
{
"url": "https://kb.cert.org/vuls/id/655822"
},
{
"url": "https://portswigger.net/web-security/ssrf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-4789",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4789"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-4789",
"datePublished": "2026-03-30T20:44:00.607Z",
"dateReserved": "2026-03-24T20:03:13.388Z",
"dateUpdated": "2026-04-01T18:43:50.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2285 (GCVE-0-2026-2285)
Vulnerability from cvelistv5 – Published: 2026-03-30 15:51 – Updated: 2026-04-01 18:45
VLAI?
Title
CVE-2026-2285
Summary
CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:45:17.318406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:45:39.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CrewAI",
"vendor": "CrewAI",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:51:39.962Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/221883"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-2285",
"x_generator": {
"engine": "VINCE 3.0.34",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2285"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-2285",
"datePublished": "2026-03-30T15:51:39.962Z",
"dateReserved": "2026-02-10T14:41:48.845Z",
"dateUpdated": "2026-04-01T18:45:39.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2286 (GCVE-0-2026-2286)
Vulnerability from cvelistv5 – Published: 2026-03-30 15:51 – Updated: 2026-04-01 18:46
VLAI?
Title
CVE-2026-2286
Summary
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.
Severity ?
9.8 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:46:13.729437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:46:31.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CrewAI",
"vendor": "CrewAI",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:51:25.512Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/221883"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-2286",
"x_generator": {
"engine": "VINCE 3.0.34",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2286"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-2286",
"datePublished": "2026-03-30T15:51:25.512Z",
"dateReserved": "2026-02-10T14:42:04.145Z",
"dateUpdated": "2026-04-01T18:46:31.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2287 (GCVE-0-2026-2287)
Vulnerability from cvelistv5 – Published: 2026-03-30 15:50 – Updated: 2026-04-01 18:47
VLAI?
Title
CVE-2026-2287
Summary
CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.
Severity ?
9.8 (Critical)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:47:05.261419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:47:21.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CrewAI",
"vendor": "CrewAI",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:50:54.907Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/221883"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-2287",
"x_generator": {
"engine": "VINCE 3.0.34",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2287"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-2287",
"datePublished": "2026-03-30T15:50:54.907Z",
"dateReserved": "2026-02-10T14:42:11.332Z",
"dateUpdated": "2026-04-01T18:47:21.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2275 (GCVE-0-2026-2275)
Vulnerability from cvelistv5 – Published: 2026-03-30 15:50 – Updated: 2026-03-31 17:53
VLAI?
Title
CVE-2026-2275
Summary
The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.
Severity ?
9.6 (Critical)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2275",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T17:52:35.698294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T17:53:04.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CrewAI",
"vendor": "CrewAI",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:50:25.922Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://docs.crewai.com/en/tools/ai-ml/codeinterpretertool"
},
{
"url": "https://www.kb.cert.org/vuls/id/221883"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-2275",
"x_generator": {
"engine": "VINCE 3.0.34",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2275"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-2275",
"datePublished": "2026-03-30T15:50:25.922Z",
"dateReserved": "2026-02-10T12:06:47.960Z",
"dateUpdated": "2026-03-31T17:53:04.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1995 (GCVE-0-2026-1995)
Vulnerability from cvelistv5 – Published: 2026-03-24 18:00 – Updated: 2026-03-25 13:14
VLAI?
Title
IDrive Cloud Backup Client for Windows contains a privilege escalation vulnerability
Summary
IDrive’s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the system. An attacker can overwrite or edit the files to specify a path to an arbitrary executable, which will then be executed by the id_service.exe process with SYSTEM privileges.
Severity ?
7.8 (High)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IDrive | IDrive Cloud Backup Client for Windows |
Affected:
0 , < 7.0.0.63
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-24T19:24:11.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/330121"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-1995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T03:56:04.847305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:14:39.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IDrive Cloud Backup Client for Windows",
"vendor": "IDrive",
"versions": [
{
"lessThan": "7.0.0.63",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IDrive\u2019s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\\ProgramData\\IDrive\\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the system. An attacker can overwrite or edit the files to specify a path to an arbitrary executable, which will then be executed by the id_service.exe process with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-269 Improper Privilege Management",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T18:00:15.664Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/330121"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IDrive Cloud Backup Client for Windows contains a privilege escalation vulnerability",
"x_generator": {
"engine": "VINCE 3.0.34",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-1995"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-1995",
"datePublished": "2026-03-24T18:00:15.664Z",
"dateReserved": "2026-02-05T16:44:28.604Z",
"dateUpdated": "2026-03-25T13:14:39.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4404 (GCVE-0-2026-4404)
Vulnerability from cvelistv5 – Published: 2026-03-23 14:47 – Updated: 2026-03-24 15:25
VLAI?
Title
Use of hard coded credentials in GoHarbor Harbor
Summary
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
Severity ?
9.4 (Critical)
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T15:24:29.261835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T15:25:52.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-24T15:25:10.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/577436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Harbor",
"vendor": "Harbor",
"versions": [
{
"lessThanOrEqual": "2.15.0",
"status": "affected",
"version": "0.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T14:47:13.396Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://goharbor.io/docs/1.10/install-config/run-installer-script/#:~:text=If%20you%20did%20not%20change%20them%20in%20harbor.yml,%20the%20default%20administrator%20username%20and%20password%20are%20admin%20and%20Harbor12345"
},
{
"url": "https://github.com/goharbor/harbor/issues/1937"
},
{
"url": "https://cwe.mitre.org/data/definitions/1393.html"
},
{
"url": "https://github.com/goharbor/harbor/pull/22751"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of hard coded credentials in GoHarbor Harbor",
"x_generator": {
"engine": "VINCE 3.0.34",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4404"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-4404",
"datePublished": "2026-03-23T14:47:13.396Z",
"dateReserved": "2026-03-18T19:43:57.063Z",
"dateUpdated": "2026-03-24T15:25:10.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3029 (GCVE-0-2026-3029)
Vulnerability from cvelistv5 – Published: 2026-03-19 15:53 – Updated: 2026-03-24 01:35
VLAI?
Title
CVE-2026-3029
Summary
A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Artifex Software Inc. *PyMuPDF* | PyMuPDF |
Affected:
1.26.5 , < 1.26.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-19T16:21:32.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/504749"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T01:34:12.421332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T01:35:10.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PyMuPDF",
"vendor": "Artifex Software Inc. *PyMuPDF*",
"versions": [
{
"lessThan": "1.26.7",
"status": "affected",
"version": "1.26.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal and arbitrary file write vulnerability exist in the embedded get function in \u0027_main_.py\u0027 in PyMuPDF version, 1.26.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T15:53:38.778Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "http://github.com/pymupdf/PyMuPDF"
},
{
"url": "http://github.com/pymupdf/PyMuPDF/commit/603cafe38a183b8bab34f16d05043b4185d8d40a"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-3029",
"x_generator": {
"engine": "VINCE 3.0.34",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3029"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-3029",
"datePublished": "2026-03-19T15:53:38.778Z",
"dateReserved": "2026-02-23T14:10:15.439Z",
"dateUpdated": "2026-03-24T01:35:10.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4276 (GCVE-0-2026-4276)
Vulnerability from cvelistv5 – Published: 2026-03-16 15:31 – Updated: 2026-03-17 17:15
VLAI?
Title
LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.
Summary
LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-16T16:22:47.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/624941"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T17:14:14.174075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T17:15:16.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RAG API",
"vendor": "LibreChat",
"versions": [
{
"status": "affected",
"version": "0.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20 Improper Input Validation",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T15:31:35.542Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/624941"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.",
"x_generator": {
"engine": "VINCE 3.0.32",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4276"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-4276",
"datePublished": "2026-03-16T15:31:35.542Z",
"dateReserved": "2026-03-16T15:25:58.025Z",
"dateUpdated": "2026-03-17T17:15:16.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3989 (GCVE-0-2026-3989)
Vulnerability from cvelistv5 – Published: 2026-03-12 11:37 – Updated: 2026-04-07 18:46
VLAI?
Title
CVE-2026-3989
Summary
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.
Severity ?
7.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3989",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T18:21:15.871965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T18:21:27.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "0.5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T18:46:48.636Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/sgl-project/sglang/blob/main/scripts/playground/replay_request_dump.py"
},
{
"url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"
},
{
"url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"
},
{
"url": "https://github.com/sgl-project/sglang/pull/20904"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-3989",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3989"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-3989",
"datePublished": "2026-03-12T11:37:48.314Z",
"dateReserved": "2026-03-11T16:41:06.512Z",
"dateUpdated": "2026-04-07T18:46:48.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3060 (GCVE-0-2026-3060)
Vulnerability from cvelistv5 – Published: 2026-03-12 11:37 – Updated: 2026-04-07 18:45
VLAI?
Title
CVE-2026-3060
Summary
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3060",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:20:47.695650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:21:19.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "0.5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLang\u0027 encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T18:45:35.370Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/sgl-project/sglang/blob/main/python/sglang/srt/disaggregation/encode_receiver.py"
},
{
"url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"
},
{
"url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"
},
{
"url": "https://github.com/sgl-project/sglang/pull/20904"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-3060",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3060"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-3060",
"datePublished": "2026-03-12T11:37:37.009Z",
"dateReserved": "2026-02-23T18:17:34.976Z",
"dateUpdated": "2026-04-07T18:45:35.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3059 (GCVE-0-2026-3059)
Vulnerability from cvelistv5 – Published: 2026-03-12 11:37 – Updated: 2026-04-07 18:46
VLAI?
Title
CVE-2026-3059
Summary
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:26:09.705237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:26:54.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "0.5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLang\u0027s multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T18:46:03.195Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"
},
{
"url": "https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py"
},
{
"url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"
},
{
"url": "https://github.com/sgl-project/sglang/pull/20904"
},
{
"url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-3059",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3059"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-3059",
"datePublished": "2026-03-12T11:37:25.713Z",
"dateReserved": "2026-02-23T18:17:22.540Z",
"dateUpdated": "2026-04-07T18:46:03.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13476 (GCVE-0-2025-13476)
Vulnerability from cvelistv5 – Published: 2026-03-05 16:53 – Updated: 2026-03-06 10:36
VLAI?
Title
Rakuten Viber uses broken or risky cryptographic Algorithm
Summary
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Rakuten Viber | Rakuten Viber Cloak - Android |
Affected:
25.7.2.0g , < 27.2.0.0g
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-05T18:35:24.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/772695"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T10:34:45.858741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T10:36:09.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rakuten Viber Cloak - Android",
"vendor": "Rakuten Viber",
"versions": [
{
"lessThan": "27.2.0.0g",
"status": "affected",
"version": "25.7.2.0g",
"versionType": "custom"
}
]
},
{
"product": "Rakuten Viber Cloak - Windows",
"vendor": "Rakuten Viber",
"versions": [
{
"lessThan": "v27.3.0.0",
"status": "affected",
"version": "v25.6.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0\u2013v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-693",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T16:53:32.465Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.viber.com/en/download/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rakuten Viber uses broken or risky cryptographic Algorithm",
"x_generator": {
"engine": "VINCE 3.0.32",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2025-13476"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2025-13476",
"datePublished": "2026-03-05T16:53:32.465Z",
"dateReserved": "2025-11-20T12:38:19.605Z",
"dateUpdated": "2026-03-06T10:36:09.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}