Search CVE reports


Toggle filters

151 – 160 of 39835 results

Status is adjusted based on your filters.


CVE-2026-62641

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size.

1 affected package

roundcube

Package 24.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-60082

Medium priority
Needs evaluation

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array...

1 affected package

libdbi-perl

Package 24.04 LTS
libdbi-perl Needs evaluation
Show less packages

CVE-2026-60081

Medium priority
Needs evaluation

DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large...

1 affected package

libdbi-perl

Package 24.04 LTS
libdbi-perl Needs evaluation
Show less packages

CVE-2026-59205

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the...

2 affected packages

pillow, pillow-python2

Package 24.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-59204

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled...

2 affected packages

pillow, pillow-python2

Package 24.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-59203

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek...

2 affected packages

pillow, pillow-python2

Package 24.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-59199

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or...

2 affected packages

pillow, pillow-python2

Package 24.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-59198

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the...

2 affected packages

pillow, pillow-python2

Package 24.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-15697

Medium priority

Not in release

A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly...

1 affected package

node-svgdotjs-svg.js

Package 24.04 LTS
node-svgdotjs-svg.js Not in release
Show less packages

CVE-2026-15392

Medium priority
Needs evaluation

DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The complete_table_name method builds the absolute table file path without checking whether the file is a symbolic...

1 affected package

libdbi-perl

Package 24.04 LTS
libdbi-perl Needs evaluation
Show less packages