Lucene search
+L

1839 matches found

RedHat Linux
RedHat Linux
added 2026/04/21 5:31 p.m.2 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6.5AI score0.00358EPSS
Exploits1References7
OSV
OSV
added 2026/04/21 5:8 p.m.18 views

CLSA-2026-1776791328 nginx: Fix of 5 CVEs

CVE-2017-7529: fix integer overflow in range filter - CVE-2018-16843: fix excessive memory consumption in HTTP/2 - CVE-2018-16844: fix excessive CPU usage in HTTP/2 - CVE-2019-9511: fix excessive memory growth via HTTP/2 DATA frame manipulation - CVE-2019-9513: fix excessive CPU usage via HTTP/2...

7.8CVSS7.3AI score0.82017EPSS
Exploits6References1
NVD
NVD
added 2026/04/17 10:16 p.m.7 views

CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

7.5CVSS0.00485EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/17 8:17 a.m.10 views

Regular Expression Denial Of Service

fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...

6.5CVSS5.7AI score0.00262EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 11:41 p.m.7 views

Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem

Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a parse error. Because iodine vendors the same parser code, the issue also affects iodine when it parses...

8.7CVSS5.9AI score0.00294EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/14 2:56 p.m.7 views

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

7.5CVSS7.4AI score0.01545EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 12:51 p.m.3 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
Veracode
Veracode
added 2026/04/13 12:10 p.m.7 views

Denial Of Service

React Server Components is vulnerable to Denial of Service. The vulnerability is due to specially crafted HTTP requests to Server Function endpoints, where the payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable...

7.5CVSS7.2AI score0.01551EPSS
Exploits4References8Affected Software4
NVD
NVD
added 2026/04/10 5:17 p.m.6 views

CVE-2026-35599

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...

6.5CVSS0.00347EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2026/04/10 11:36 a.m.4 views

Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References8
SUSE Linux
SUSE Linux
added 2026/04/09 8:58 a.m.9 views

Security update for bind

This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.7CVSS7.3AI score0.01545EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 7:11 p.m.21 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS0.01551EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2026/04/08 7:11 p.m.6 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS5.9AI score0.01551EPSS
Exploits4References1
CVE
CVE
added 2026/04/08 7:11 p.m.192 views

CVE-2026-23869

The CVE-2026-23869 entry describes a Denial-of-Service vulnerability in React Server Components affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specially crafted HTTP request to Server Function endpoints can cause the server to experience excessive C...

7.5CVSS5.9AI score0.01551EPSS
Exploits4References4
OSV
OSV
added 2026/04/08 2:49 a.m.5 views

MGASA-2026-0090 Updated python-pygments packages fix security vulnerability

A security flaw in Pygments function AdlLexer in archetype.py stems from a regular expression having an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. CVE-2026-4539...

4.8CVSS5.7AI score0.00156EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 10:16 p.m.19 views

UBUNTU-CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

7.5CVSS5.8AI score0.00383EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/07 9:32 p.m.5 views

CVE-2026-35406 Aardvark-dns has incorrect error handling for malformed tcp packets

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

6.2CVSS5.9AI score0.00383EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 9:17 p.m.1 views

DEBIAN-CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.8AI score0.00435EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/04/06 7:24 a.m.22 views

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.8AI score0.00638EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/02 8:30 p.m.9 views

Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters

Summary Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticat...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder