7.8
CVE-2025-47389 - Buffer Copy Without Checking Size of Input in Automotive Platform
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
6.5
CVE-2025-47374 - Use After Free in Camera Driver
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
8.5
CVE-2024-14032 - Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite sโฆ
8.4
CVE-2026-34589 - OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. For โฆ
8.6
CVE-2026-34588 - OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, โฆ
7.9
CVE-2026-34444 - Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setatโฆ
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitrarโฆ
6.9
CVE-2026-5666 - code-projects Online FIR System SQL Database Backup File complaints.sql sensitive information
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be performedโฆ
0.0
CVE-2026-34402 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidentโฆ
3.1
CVE-2026-33405 - Pi-hole has a Stored HTML Injection in queries.js
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo() function in queries.js renders data.upstream, data.client.ip, and data.ede.text into HTML without escaping when a user expands a quโฆ
5.9
CVE-2026-34380 - OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-checโฆ
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undo_pxr24_impl() in src/lib/OpenEXRCore/internal_pxr24.c at line 377. Tโฆ