CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

Allocation of Resources Without Limits or Throttling

Overview turbo-stream is an A streaming data transport format that aims to support built-in features such as Promises, Dates, RegExps, Maps, Sets and more. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the serialization algorithm in th...

CVE-2026-43868

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

Allocation of Resources Without Limits or Throttling

Overview std/mime is a Go standard library package std/mime Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could allow attackers to exhaust the memory of the Mint client on an HTTP/...

Pterodactyl Panel 安全漏洞

Pterodactyl Panel is an open-source game server management panel developed by Pterodactyl. Versions of Pterodactyl Panel prior to 1.12.3 contained security vulnerabilities. These vulnerabilities stemmed from a complete failure of the database locking mechanism, which could allow users to bypass...

Tesla 安全漏洞

Tesla is an electric vehicle produced by the American company Tesla. Versions of Tesla from 1.3.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of resource allocation control in Tesla.Adapter.Mint, which could lead to denial-of-service attacks due to...

CVE-2026-45352

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request that includes a negative chunk-size in the chunked Transfer-Encoding. This incorrect parsing leads to unbounded memory allocation, causing the...

OPENSUSE-SU-2026:20863-1 Security update for tree-sitter

This update for tree-sitter fixes the following issue - CVE-2026-44216: wasmtime: allocation of a table exceeding the size of the host's address space leads to panic bsc1265300...

CVE-2026-48187

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

CVE-2026-48187 Email with special content can lead to DoS

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

Poppler 输入验证错误漏洞

Poppler is an open-source PDF rendering library developed by Poppler. Poppler has a vulnerability related to input validation errors. This vulnerability stems from an integer overflow in the tilingPatternFill function within the Splash backend. As a result of this overflow, insufficient heap memo...

EUVD-2026-33460

A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogspoolidcalloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been made available to the public and could...

GCVE: A Decentralized Model for Vulnerability Identification, Publication, and Operational Enrichment

The Global CVE initiative GCVE proposes a decentralized, open, and extensible model for vulnerability identification, publication, and enrichment. It addresses a gap in today's vulnerability ecosystem: centralized systems provide rigorous control and widely recognized identifiers, while many...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper validation of the chunk-size field in chunked Transfer-Encoding within the ChunkedDecoder::readpayload function. An attacker can cause unbounded memory allocation and...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

DEBIAN-CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...