Search CVE reports


Toggle filters

151 – 160 of 42760 results

Status is adjusted based on your filters.


CVE-2026-62643

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network...

1 affected package

roundcube

Package 20.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-62642

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.

1 affected package

roundcube

Package 20.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-62641

Medium priority
Needs evaluation

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size.

1 affected package

roundcube

Package 20.04 LTS
roundcube Needs evaluation
Show less packages

CVE-2026-60082

Medium priority
Needs evaluation

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array...

1 affected package

libdbi-perl

Package 20.04 LTS
libdbi-perl Needs evaluation
Show less packages

CVE-2026-60081

Medium priority
Needs evaluation

DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large...

1 affected package

libdbi-perl

Package 20.04 LTS
libdbi-perl Needs evaluation
Show less packages

CVE-2026-59205

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-59204

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-59203

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-59199

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages

CVE-2026-59198

Medium priority
Needs evaluation

Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the...

2 affected packages

pillow, pillow-python2

Package 20.04 LTS
pillow Needs evaluation
pillow-python2 Needs evaluation
Show less packages