Common Vulnerabilities and Exposures (CVE)

CVE-2026-44410

May 26, 2026 09:39:55 UTC

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.

CVE-2025-68648

May 26, 2026 09:37:13 UTC

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAna...

CVE-2026-25713

May 26, 2026 09:08:22 UTC

MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability

CVE-2026-25104

May 26, 2026 09:08:20 UTC

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability

CVE-2026-4887

May 26, 2026 09:00:25 UTC

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation cou...

CVE-2026-34002

May 26, 2026 08:59:57 UTC

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, whic...

CVE-2026-34000

May 26, 2026 08:59:54 UTC

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bo...

CVE-2026-34003

May 26, 2026 08:45:22 UTC

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure...

CVE-2026-34001

May 26, 2026 08:45:20 UTC

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without ...

CVE-2026-33999

May 26, 2026 08:45:12 UTC

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to m...

CVE-2026-4775

May 26, 2026 08:44:54 UTC

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds hea...

CVE-2026-4878

May 26, 2026 08:41:24 UTC

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capa...

CVE-2026-24590

May 26, 2026 08:24:28 UTC

Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23.

CVE-2026-24638

May 26, 2026 08:21:11 UTC

Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121.

CVE-2026-27427

May 26, 2026 08:19:29 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18.