Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-48853

A flaw was found in the grpc component of elixir-grpc. This vulnerability allows unauthenticated attackers to send specially crafted messages, leading to two critical outcomes. First, it can cause a Denial of Service DoS by crashing the Erlang virtual machine BEAM node. Second, under certain...

9.8CVSS7.5AI score0.00573EPSS
Exploits0References7
OSV
OSV
added 4 days ago4 views

EEF-CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Summary Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, ex\document\to\comrak\ast and...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References5
EUVD
EUVD
added last week14 views

EUVD-2026-31691

Hackney vulnerable to atom-table exhaustion via unrecognized URL schemes...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

MPEG-4 container plugin for Membrane Framework 安全漏洞

The MPEG-4 container plugin for Membrane Framework is an open-source plugin developed by Membrane Framework for parsing and multiplexing MP4 containers. Versions of the MPEG-4 container plugin for Membrane Framework from 0.3.0 to 0.36.7 contained security vulnerabilities. These vulnerabilities...

5.9CVSS5.3AI score0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:46 p.m.10 views

CVE-2026-48593

Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

5.9CVSS5.8AI score0.00341EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/14 1:8 p.m.4 views

GHSA-QF4G-9FQQ-MMM7 Absinthe: Unbounded atom creation from parsed directive name

Summary When Absinthe parses a GraphQL SDL document, every directive @ definition is converted into a freshly created atom without any allow-list or length cap. Because atoms are never garbage-collected and the BEAM has a hard 1,048,576 atom-table limit, any application that feeds...

8.2CVSS6AI score0.00613EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/01 12:14 a.m.15 views

Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Summary Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has ...

8.2CVSS6AI score0.00423EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29495

Summary Ash.Type.Module.cast input/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has...

8.2CVSS6AI score0.00423EPSS
Exploits1References7
Rows per page
Query Builder