Search CVE reports
531 – 540 of 30270 results
Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)
1 affected package
chromium-browser
| Package | 26.04 LTS |
|---|---|
| chromium-browser | Not affected |
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is...
3 affected packages
python-msgpack, python-pip, python-srsly
| Package | 26.04 LTS |
|---|---|
| python-msgpack | Needs evaluation |
| python-pip | Needs evaluation |
| python-srsly | Needs evaluation |
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage,...
1 affected package
pypdf
| Package | 26.04 LTS |
|---|---|
| pypdf | Needs evaluation |
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
1 affected package
dcmtk
| Package | 26.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which...
1 affected package
dcmtk
| Package | 26.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
1 affected package
dcmtk
| Package | 26.04 LTS |
|---|---|
| dcmtk | Needs evaluation |
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to execute arbitrary code via the register function in inc/auth.php
1 affected package
dokuwiki
| Package | 26.04 LTS |
|---|---|
| dokuwiki | Needs evaluation |
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
1 affected package
dcmtk
| Package | 26.04 LTS |
|---|---|
| dcmtk | Needs evaluation |