Lucene search
+L

1949 matches found

Cvelist
Cvelist
added yesterday19 views

CVE-2026-62963 Centrifugo: Decompression bomb DoS via permessage-deflate in unidirectional WebSocket transport

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.4, Centrifugo unidirectional WebSocket transport with uniwebsocket.compression enabled enforced uniwebsocket.messagesizelimit against compressed wire-frame length in internal/websocket/conn.go advanceFrame, but...

8.7CVSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-59762 BIG-IP HTTP/2 vulnerability

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote,...

8.7CVSS0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-46629 Twig: Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

5.3CVSS0.00302EPSS
Exploits0References3
NVD
NVD
added 3 days ago4 views

CVE-2026-15709

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS0.00548EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

DEBIAN-CVE-2026-59204

Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates totalcomponentwidth across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and...

7.5CVSS6.1AI score0.00398EPSS
Exploits1References1
NVD
NVD
added last week9 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00524EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.9 views

PT-2026-57305

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 4.2.6 Description The RabbitMQ stream listener fails to enforce the configured stream frame-size limit when assembling frames during authentication and before Tune negotiation. This allows an unauthenticated remote...

7.5CVSS6.1AI score0.00515EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/07/09 9:14 p.m.8 views

CVE-2026-39197

A flaw was found in Vector. A remote attacker could send a specially crafted compressed request to Vector's HTTP ingest sources, causing unbounded memory allocation during decompression and leading to a Denial of Service DoS. Mitigation Restrict network access to Vector's HTTP and gRPC ingest...

7.5CVSS6AI score0.00289EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-59938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 6:16 p.m.1 views

DEBIAN-CVE-2026-59938

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

5.3CVSS6.1AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 6:16 p.m.11 views

CVE-2026-59938

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS0.00303EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/08 5:24 p.m.6 views

CVE-2026-59938

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS6AI score0.00303EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/08 5:24 p.m.11 views

CVE-2026-59938

CVE-2026-59938 affects the Python PDF library pypdf. Before version 6.14.0, an attacker can craft a PDF with image size values declared much larger than actual data, causing large memory usage during pypdf image parsing. Root cause: mismatch between declared image dimensions and image data in the...

6.9CVSS6AI score0.00303EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/08 5:24 p.m.4 views

CVE-2026-59938 pypdf: Possible large memory usage for wrong image dimensions

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 5:24 p.m.42 views

CVE-2026-59938 pypdf: Possible large memory usage for wrong image dimensions

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS0.00303EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56528

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.14.0 Description An attacker can craft a PDF file with declared image size values that are significantly larger than the actual data. This leads to excessive memory consumption during the image parsing process within...

6.9CVSS6AI score0.00303EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56560

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An unauthenticated MQTT client can cause the server to consume excessive memory by sending large incomplete MQTT CONNECT packets. The server retains these...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References11
NVD
NVD
added 2026/07/06 7:17 p.m.8 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS0.00364EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel...

5.3CVSS6.1AI score0.0033EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 4:26 p.m.32 views

CVE-2026-56150 Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS0.00312EPSS
Exploits0References1
Rows per page
Query Builder