CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1424 matches found

CVE-2026-53550

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS5.6AI score0.00259EPSS

Exploits1References4

CVE•added 3 days ago•13 views

CVE-2026-12993

Affected software: Apicurio Registry. Vulnerability: DocumentBuilderAccessor does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING, allowing an attacker with artifact-write permission to upload XML documents containing internal entity-expansion payloads (billion-laughs) that c...

6.5CVSS5.8AI score0.00249EPSS

Exploits0References2

Tenable Nessus•added 3 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-49851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately O...

8.7CVSS5.9AI score0.00253EPSS

Exploits0References2

Tenable Nessus•added 5 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located t...

7.5CVSS6.1AI score0.00263EPSS

Exploits0References3

OSV•added 6 days ago•3 views

DEBIAN-CVE-2026-53539

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead...

7.5CVSS6.1AI score0.00263EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•4 views

CVE-2026-53539

7.5CVSS6.1AI score0.00263EPSS

Exploits0References2Affected Software1

Debian CVE•added 6 days ago•5 views

CVE-2026-53539

7.5CVSS6.1AI score0.00263EPSS

Exploits0

OSV•added 6 days ago•2 views

DEBIAN-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block...

5.3CVSS5.8AI score0.00259EPSS

Exploits1References1

NVD•added 2026/06/20 7:16 p.m.•10 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

7.5CVSS0.00321EPSS

Exploits1References2

Cvelist•added 2026/06/20 6:27 p.m.•14 views

CVE-2025-71379 vllm - Regular Expression Denial of Service in Multiple Components

5.3CVSS0.00321EPSS

Exploits1References2

NVD•added 2026/06/19 7:16 p.m.•7 views

CVE-2026-49293

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS0.00415EPSS

Exploits1References3

ATTACKERKB•added 2026/06/19 6:14 p.m.•4 views

CVE-2026-49293

7.5CVSS5.8AI score0.00415EPSS

Exploits1References4Affected Software1

CVE•added 2026/06/19 6:14 p.m.•14 views

CVE-2026-49293

CVE-2026-49293 affects js-toml up to v1.1.0. The parsing of hexadecimal/octal/binary integer literals uses a hand-written parseBigInt loop that multiplies the BigInt accumulator by the radix for every digit, yielding an O(n^2) time complexity in the length of the literal. A single TOML document c...

7.5CVSS5.8AI score0.00415EPSS

Exploits1References3Affected Software1

OSV•added 2026/06/18 1:7 p.m.•4 views

GHSA-2R2C-CX56-8933 JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry

Summary The JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS Negotiate About Window Size option. An unauthenticated remote attacker can send a NAWS subnegotiation advertising a 65535×65535 terminal and repeatedly alternate...

7.5CVSS5.6AI score

Exploits0References2

OSV•added 2026/06/17 8:17 p.m.•3 views

ALPINE-CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

7.5CVSS5.8AI score0.00408EPSS

Exploits0References1

NVD•added 2026/06/17 8:17 p.m.•16 views

CVE-2026-55199

8.2CVSS0.00408EPSS

Exploits0References3

EUVD•added 2026/06/17 6:44 p.m.•10 views

EUVD-2026-37782

8.2CVSS5.3AI score0.00408EPSS

Exploits0References3

CVE•added 2026/06/17 6:44 p.m.•122 views

CVE-2026-55199

CVE-2026-55199 affects libssh2 up to version 1.11.1. The vulnerability lies in the SSH_MSG_EXT_INFO handler (src/packet.c), where return values from _libssh2_get_string() are unchecked. During key exchange, a malicious SSH server can set nr_extensions to 0xFFFFFFFF, causing the client to spin in ...

8.2CVSS5.3AI score0.00408EPSS

Exploits0References3Affected Software1

Debian CVE•added 2026/06/17 6:44 p.m.•8 views

CVE-2026-55199

8.2CVSS5.3AI score0.00408EPSS

Exploits0