8.7
CVE-2026-3336 - PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should u…
0.0
CVE-2026-2256 - Command injection vulnerability in ModelScope's ms-agent
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
2.7
CVE-2026-25884 - Exiv2: Out-of-bounds read in CrwMap::decode0x0805
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
2.7
CVE-2026-27596 - Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra comm…
2.7
CVE-2026-27631 - Exiv2: Uncaught exception - cannot create std::vector larger than max_size()
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra comm…
