Search CVE reports


Toggle filters

141 – 150 of 42760 results

Status is adjusted based on your filters.


CVE-2026-59888

Medium priority
Needs evaluation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore...

1 affected package

jackson-databind

Package 20.04 LTS
jackson-databind Needs evaluation
Show less packages

CVE-2026-59886

Medium priority
Needs evaluation

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only...

1 affected package

pyasn1

Package 20.04 LTS
pyasn1 Needs evaluation
Show less packages

CVE-2026-59885

Medium priority
Needs evaluation

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing...

1 affected package

pyasn1

Package 20.04 LTS
pyasn1 Needs evaluation
Show less packages

CVE-2026-59884

Medium priority
Needs evaluation

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted...

1 affected package

pyasn1

Package 20.04 LTS
pyasn1 Needs evaluation
Show less packages

CVE-2026-59200

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size,...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-59197

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter()...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-54433

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting (XSS) via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session...

1 affected package

roundcube

Package 20.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-54432

Medium priority
Needs evaluation

Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting (XSS). The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page.

1 affected package

roundcube

Package 20.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-54058

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-62644

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

1 affected package

roundcube

Package 20.04 LTS
roundcube Needs evaluation
Show less packages