Lucene search
+L

1839 matches found

NVD
NVD
added last week9 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00524EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/07/10 5:14 a.m.6 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6.9AI score0.0037EPSS
Exploits1References9
CVE
CVE
added 2026/07/09 9:4 p.m.17 views

CVE-2026-33803

CVE-2026-33803 (Junos OS Evolved) : A wrong initialization allows a process that should be internal to be reachable over the network via an open port, exposing the device and increasing CPU usage from ingress processing. Affects Junos OS Evolved releases prior to the following: 23.2R2-S7-EVO, 23....

6.9CVSS5.9AI score0.00354EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/09 11:16 a.m.2 views

DEBIAN-CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

5.5CVSS6AI score0.00115EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.11 views

PT-2026-56776

Name of the Vulnerable Software and Affected Versions GNU patch affected versions not specified Description Improper validation of hunk line offsets in unified-diff input allows a denial of service DoS. A hunk is a single block of changes within a diff file. By supplying a specially crafted patch...

5.5CVSS6AI score0.00115EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/07/08 3:58 p.m.5 views

CVE-2026-59887

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS5.9AI score0.00346EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/08 3:58 p.m.37 views

CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS0.00346EPSS
Exploits0References3
IBM AIX
IBM AIX
added 2026/07/03 4:2 a.m.7 views

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-13878 CVE-2026-1519 CVE-2026-3592 CVE-2026-5946 CVE-2026-5950)

IBM SECURITY ADVISORY First Issued: Fri Jul 3 04:02:10 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory30.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-13878, CVE-2026-1519,...

7.5CVSS7AI score0.08219EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel...

5.3CVSS6.1AI score0.0033EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.3 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6AI score0.00358EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/30 10:56 p.m.3 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6.4AI score0.00358EPSS
Exploits1References7
OSV
OSV
added 2026/06/30 1:19 p.m.3 views

DEBIAN-CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:6 a.m.3 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
RedHat Linux
RedHat Linux
added 2026/06/29 12:53 p.m.8 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 9:53 p.m.16 views

EUVD-2026-31686

Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in libheif

libheif is a decoder and encoder for HEIF and AVIF file formats. In versions 1.21.2 and earlier, a crafted 800-byte HEIF sequence file could cause an infinite loop in the Boxstts::getsampleduration function. This loop consumed 100% of the CPU resources indefinitely, with no progress being made,...

6.5CVSS5.8AI score0.0032EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51098

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References20
NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2026-54417

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/17 12:44 a.m.10 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49583

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description A Denial of Service DoS issue exists in the @angular/common package. The formatDate function, also used by the standard DatePipe,...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References7
Rows per page
Query Builder