Lucene search
K

3728 matches found

CVE
CVE
added yesterday6 views

CVE-2026-59803

The CVE-2026-59803 entry concerns rpcx (up to version 1.9.3) with a denial-of-service flaw in protocol.Message.Decode. When a message carries the compression flag, payloads are gzip-decompressed via util.Unzip without a decompressed-size limit; MaxMessageLength is checked only against the compres...

8.7CVSS6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday3 views

httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added yesterday2 views

httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
Nuclei
Nuclei
added yesterday13 views

Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

9.1CVSS7.2AI score0.03946EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2 days ago5 views

httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS6AI score0.11471EPSS
Exploits8References6
OSV
OSV
added 3 days ago4 views

EEF-CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax

Summary Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-58226

CVE-2026-58226 affects the hpax component of elixir-mint. The vulnerability is in Elixir.HPAX.Types:decode_remaining_integer/3 , which decodes HPACK integers without an upper bound, allowing an unauthenticated attacker to trigger excessive CPU and transient memory via a small HTTP/2 header block....

8.7CVSS6.1AI score0.00438EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS6.9AI score0.00244EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/01 5:3 p.m.6 views

EUVD-2026-41095

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:3 p.m.56 views

CVE-2026-54428

The CVE concerns Apache HttpComponents Core HPACK decoder: on HTTP/2, the HPACK decoder may allocate resources without limits or throttling, allowing a remote attacker to cause memory exhaustion and denial of service. Affected versions are 5.4.2 and earlier, and 5.5-beta1 and earlier. The issue o...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/01 12:3 p.m.2 views

RLSA-2026:30859 Important: perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS6.2AI score0.00292EPSS
Exploits3References2
OSV
OSV
added 2026/06/30 9:8 a.m.2 views

OPENSUSE-SU-2026:21175-1 Security update for python-zeroconf

This update for python-zeroconf fixes the following issues: Changes in python-zeroconf: - CVE-2026-47180: zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service bsc1268341 - CVE-2026-47183: zeroconf: Unbounded exception-dedup state retains pack...

5.8AI score0.00023EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.6 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS6.8AI score0.00244EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/29 4:49 a.m.6 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00292EPSS
Exploits3References6
AlmaLinux
AlmaLinux
added 2026/06/29 12:0 a.m.8 views

Important: perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS6.2AI score0.00292EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53263

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and...

5.5CVSS6AI score0.00119EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:19 a.m.9 views

6lowpan: fix off-by-one in multicast context address compression

...

5.5CVSS5.8AI score0.00119EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 1:12 a.m.4 views

[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-11.fc44

NGINX module for Brotli compression...

9.2CVSS7AI score0.03225EPSS
Exploits4
Fedora
Fedora
added 2026/06/27 12:56 a.m.5 views

[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-11.fc43

NGINX module for Brotli compression...

9.2CVSS7AI score0.03225EPSS
Exploits4
Rows per page
Query Builder