Lucene search
+L

20780 matches found

RedHat Linux
RedHat Linux
added 4 days ago8 views

python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS6AI score0.00553EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 4 days ago9 views

CVE-2026-53539

A flaw was found in Python-Multipart, a streaming multipart parser. A remote attacker can exploit this vulnerability by submitting a specially crafted application/x-www-form-urlencoded body. This can cause the QuerystringParser to perform inefficient processing, leading to excessive CPU...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-59869

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6.9AI score0.0037EPSS
Exploits1References8
NVD
NVD
added 5 days ago7 views

CVE-2026-58486

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load js-yaml v3 via @hedgedoc/meta-marked, which...

8.3CVSS0.00235EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago4 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS6AI score0.0041EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-60044

Impact AsyncListener.handle query or defer retained every truncated TC-bit incoming query in self. deferredaddr and armed a per-addr timer in self. timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped...

6.5CVSS6.1AI score0.00018EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/11 4:58 a.m.6 views

js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS6.2AI score0.00259EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/07/11 3:28 a.m.5 views

SUSE CVE-2026-15308

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

7.5CVSS6.1AI score0.00553EPSS
Exploits0References5
Wolfi
Wolfi
added 2026/07/11 2:16 a.m.16 views

GHSA-QCQ2-496W-V96P vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, jupyter-base-notebook, tensorflow-cpu-jupyter...

5.3AI score
Exploits0
NVD
NVD
added 2026/07/10 10:16 p.m.9 views

CVE-2026-57584

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...

8.7CVSS0.00419EPSS
Exploits0References4
Chainguard
Chainguard
added 2026/07/10 8:22 p.m.10 views

GHSA-QCQ2-496W-V96P vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, jupyter-base-notebook, tensorflow-cpu-jupyter...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/10 8:22 p.m.12 views

CVE-2026-49851 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, jupyter-base-notebook, tensorflow-cpu-jupyter...

8.7CVSS7.2AI score0.0035EPSS
Exploits0
NVD
NVD
added 2026/07/10 5:17 p.m.10 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00655EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2026/07/10 9:38 a.m.6 views

USN-8492-5: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.6AI score0.00686EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2026/07/10 5:14 a.m.6 views

js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS6.6AI score0.00259EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/10 5:14 a.m.9 views

decode-uri-component: decode-uri-component: Denial of Service via crafted input

A flaw was found in the decode-uri-component library. This vulnerability allows a remote attacker to trigger a Denial of Service DoS by submitting specially crafted input. The decode function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can le...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/10 5:14 a.m.6 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6.9AI score0.0037EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2026/07/10 3:12 a.m.4 views

SUSE CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

3.3CVSS6AI score0.00115EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/07/10 3:12 a.m.3 views

SUSE CVE-2026-59922

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.7 views

PT-2026-57332

Name of the Vulnerable Software and Affected Versions Phalcon versions prior to 5.15.0 Description In Phalcon MVC applications using a default router, the CLI router, or the /:params placeholder, a built-in route is registered with a compiled PCRE Perl Compatible Regular Expressions pattern...

8.7CVSS6.1AI score0.00419EPSS
Exploits0References8
Rows per page
Query Builder