Search CVE reports


Toggle filters

171 – 180 of 43971 results

Status is adjusted based on your filters.


CVE-2026-59885

Medium priority
Needs evaluation

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing...

1 affected package

pyasn1

Package 22.04 LTS
pyasn1 Needs evaluation
Show less packages

CVE-2026-59884

Medium priority
Needs evaluation

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted...

1 affected package

pyasn1

Package 22.04 LTS
pyasn1 Needs evaluation
Show less packages

CVE-2026-59200

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 5.1.0 until 12.3.0, PdfParser.PdfStream.decode() in PIL/PdfParser.py calls zlib.decompress() with bufsize set to the PDF stream Length field without bounding the decompressed output size,...

2 affected packages

pillow, pillow-python2

Package 22.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-59197

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter()...

2 affected packages

pillow, pillow-python2

Package 22.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-54433

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting (XSS) via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session...

1 affected package

roundcube

Package 22.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-54432

Medium priority
Needs evaluation

Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting (XSS). The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page.

1 affected package

roundcube

Package 22.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-54058

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, when Pillow loads an uncompressed McIdas AREA image from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the...

2 affected packages

pillow, pillow-python2

Package 22.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-62644

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

1 affected package

roundcube

Package 22.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-62643

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network...

1 affected package

roundcube

Package 22.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-62642

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.

1 affected package

roundcube

Package 22.04 LTS
roundcube Needs evaluation
Show less packages