Lucene search
+L

20780 matches found

CVE
CVE
added yesterday8 views

CVE-2026-56741

JLine3 Telnet server's remote-telnet module did not bound NAWS-terminal dimensions, reading width/height as 16-bit values and passing 65535x65535 to setTerminalGeometry. This allowed an unauthenticated remote attacker to induce repeated heavy rendering, causing CPU exhaustion Denial of Service. A...

7.5CVSS5.5AI score
Exploits0References7
NVD
NVD
added yesterday4 views

CVE-2026-47180

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.init, causing...

6.5CVSS0.0002EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday18 views

CVE-2026-50273 Datadog .NET Tracer: Improper parsing of W3C baggage headers may lead to DoS

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on extraction, allowing a remote...

7.5CVSS0.00106EPSS
Exploits0References4
NVD
NVD
added yesterday7 views

CVE-2026-49209

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...

5.3CVSS
Exploits0References4
NVD
NVD
added yesterday7 views

CVE-2026-14741

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parsedate. parsedate matches the date string against a chain of alternative regexes, and str2time delegates to it. Several of these patterns place unbounded quantifiers next to each other before a...

Exploits0References4
Cvelist
Cvelist
added yesterday16 views

CVE-2026-14741 HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse_date

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parsedate. parsedate matches the date string against a chain of alternative regexes, and str2time delegates to it. Several of these patterns place unbounded quantifiers next to each other before a...

Exploits0References3
AlpineLinux
AlpineLinux
added yesterday5 views

CVE-2026-14741

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parsedate. parsedate matches the date string against a chain of alternative regexes, and str2time delegates to it. Several of these patterns place unbounded quantifiers next to each other before a...

5.3AI score
Exploits0
Cvelist
Cvelist
added yesterday11 views

CVE-2025-51677

An issue was discovered in openRISC OR1200 commit 83ac6b. An output mismatch between the RTL and the netlist of the or1200 cpu output port can lead to unexpected behavior...

Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2025-51678

CVE-2025-51678 affects the RISC‑V PicoRV32 core (commit 87c89a). The root cause is a mismatch between the PCPI INSN and memory address, which can cause unexpected behavior in PCPI instruction handling. The provided documents do not specify affected products beyond PicoRV32, nor do they detail exp...

5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60780

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse date. parse date matches the date string against a chain of alternative regexes, and str2time delegates to it. Several of these patterns place unbounded quantifiers next to each other before a...

5.4AI score
Exploits0References4
NVD
NVD
added 2 days ago9 views

CVE-2026-62963

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.8.4, Centrifugo unidirectional WebSocket transport with uniwebsocket.compression enabled enforced uniwebsocket.messagesizelimit against compressed wire-frame length in internal/websocket/conn.go advanceFrame, but...

8.7CVSS0.00301EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-48125

A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...

5.3CVSS6AI score0.00371EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-47736

A flaw was found in Puma, a Ruby/Rack web server. When PROXY protocol v1 support is enabled, a remote attacker can continuously send data without proper termination. This causes the server to consume an increasing amount of memory and CPU resources, leading to a Denial of Service DoS where the...

7.5CVSS6.1AI score0.0035EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-60360

Name of the Vulnerable Software and Affected Versions dd-trace-py versions prior to 4.8.2 Description Datadog tracing libraries implementing W3C baggage propagation fail to enforce limits on the number of items or total bytes when parsing incoming baggage HTTP headers during the extraction proces...

7.5CVSS5.4AI score0.00106EPSS
Exploits0References7
OSV
OSV
added 4 days ago5 views

CVE-2026-49477 Soup Sieve: Regular Expression Denial of Service (ReDoS) in soupsieve Selector Parser

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracking when processing an attribute selector with an unterminated quoted value in...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References5
CVE
CVE
added 4 days ago47 views

CVE-2026-47736

Summary: CVE-2026-47736 affects the Puma Ruby/Rack web server when PROXY protocol v1 is enabled. In affected releases (5.5.0 up to 7.2.1 and 8.0.2), Puma reads incoming bytes into an internal buffer while waiting for CRLF to detect a PROXY v1 line, allowing an attacker to send data without CRLF a...

7.5CVSS6.2AI score0.0035EPSS
Exploits0References5
NVD
NVD
added 4 days ago8 views

CVE-2026-59886

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...

7.5CVSS0.00339EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-59886

Summary: pyasn1 before 0.6.4 contains a vulnerability in the univ.Real ASN.1 type where mantissa/base/exponent are converted to a Python float via exact big-integer exponentiation. This can cause excessive CPU/memory usage when decoding untrusted ASN.1 data and subsequently printing, logging, or ...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 4 days ago5 views

CVE-2026-59886

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...

7.5CVSS6.1AI score0.00339EPSS
Exploits0
Rows per page
Query Builder