Lucene search
+L

20780 matches found

RedHat Linux
RedHat Linux
added 2026/07/03 5:27 a.m.4 views

js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU ti...

7.5CVSS6.5AI score0.00358EPSS
Exploits1References7
IBM AIX
IBM AIX
added 2026/07/03 4:2 a.m.8 views

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-13878 CVE-2026-1519 CVE-2026-3592 CVE-2026-5946 CVE-2026-5950)

IBM SECURITY ADVISORY First Issued: Fri Jul 3 04:02:10 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory30.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-13878, CVE-2026-1519,...

7.5CVSS7AI score0.08219EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel...

5.3CVSS6.1AI score0.0033EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 7:40 p.m.8 views

EUVD-2026-41425

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:40 p.m.8 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 3:49 p.m.10 views

USN-8498-1 linux-nvidia-tegra vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References298
RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.4 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6AI score0.00358EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2026/07/02 3:24 p.m.15 views

USN-8492-2: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4
OSV
OSV
added 2026/07/02 3:24 p.m.10 views

USN-8492-2 linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References300
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-709 Denial of Service in OpenCV

OpenCV Open Source Computer Vision Library through 3.3 corresponding to OpenCV-Python 3.3.0.9 has a denial of service CPU consumption issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case...

7.5CVSS7.1AI score0.02222EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/07/02 5:24 a.m.8 views

Important: Red Hat Security Advisory: Red Hat AI Base Images 3.0.2 (cpu)

Red Hat AI Base Images 3.0.2 cpu is now available. Red Hat® AI Base Images...

8CVSS5.8AI score0.0032EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS6.8AI score0.01125EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-14258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6.2AI score0.00103EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 6:55 p.m.3 views

js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU ti...

7.5CVSS6.5AI score0.00358EPSS
Exploits1References7
NVD
NVD
added 2026/07/01 6:16 p.m.12 views

CVE-2026-49090

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS0.00251EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 5:15 p.m.4 views

CVE-2026-49090 Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS6AI score0.00251EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 5:15 p.m.30 views

CVE-2026-49090

CVE-2026-49090 affects Elasticsearch and is caused by Uncontrolled Resource Consumption (CWE-400) via the bulk API, where an authenticated user can submit specially crafted bulk requests that trigger sustained high CPU and can render a node unresponsive. The issue is publicly discussed in Elastic...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
F5 Networks
F5 Networks
added 2026/07/01 4:15 p.m.12 views

K000162026: Multiple Go vulnerabilities

Security Advisory Description CVE-2026-33811 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-39820 Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU...

7.5CVSS7AI score0.00813EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.8 views

CVE-2026-53345

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will...

5.8AI score0.00156EPSS
Exploits0
Rows per page
Query Builder