Lucene search
+L

1839 matches found

vulnrichment
vulnrichment
added 2026/05/19 10:52 a.m.10 views

CVE-2026-7307 Keycloak: keycloak: denial of service via specially crafted saml input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

7.5CVSS5.8AI score0.00743EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/19 10:52 a.m.44 views

CVE-2026-7307 Keycloak: keycloak: denial of service via specially crafted saml input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

7.5CVSS0.00743EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.11 views

PT-2026-42045

Name of the Vulnerable Software and Affected Versions dasel versions 3.0.0 through 3.3.1 Description The selector lexer contains a flaw that leads to a non-terminating loop when tokenizing an unterminated regex pattern, such as r/. This occurs because the matchRegexPattern closure within the...

7.5CVSS5.8AI score0.0005EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/18 12:0 a.m.22 views

PT-2026-41785

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description OpenTelemetry eBPF Instrumentation OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can...

7.5CVSS5.8AI score0.00319EPSS
Exploits1References6
susecve
susecve
added 2026/05/15 1:58 a.m.14 views

SUSE CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

5.3CVSS5.9AI score0.00455EPSS
Exploits0References4
nessus
nessus
added 2026/05/14 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-8202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References2
nessus
nessus
added 2026/05/14 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during...

8.9CVSS6.4AI score0.0068EPSS
Exploits0References2
pypa
pypa
added 2026/05/13 4:16 p.m.19 views

PYSEC-2026-142

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References1Affected Software1
ubuntucve
ubuntucve
added 2026/05/13 4:16 p.m.13 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/13 3:17 p.m.13 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References2Affected Software1
susecve
susecve
added 2026/05/13 2:22 p.m.9 views

SUSE CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

7.5CVSS5.7AI score0.00126EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/05/12 2:10 p.m.20 views

CVE-2026-42310

A flaw was found in Pillow, a Python imaging library. A remote attacker could supply a specially crafted malicious PDF file, causing the application to hang indefinitely and consume 100% CPU. This vulnerability leads to a Denial of Service DoS, making the application unresponsive...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References7
osv
osv
added 2026/05/11 2:51 p.m.4 views

GHSA-MF9V-MFXR-J63J urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References4
euvd
euvd
added 2026/05/11 2:50 p.m.45 views

EUVD-2026-27867

Facebook React has a Denial of Service Vulnerability in React Server Components...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References4
nessus
nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017755 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Tenable ha...

7.8CVSS6.9AI score0.53861EPSS
Exploits1References4
redhat
redhat
added 2026/05/09 3:24 p.m.2 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS6.3AI score0.0068EPSS
Exploits0References5
nvd
nvd
added 2026/05/09 6:16 a.m.25 views

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.5CVSS0.00126EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/05/09 6:16 a.m.11 views

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References5
osv
osv
added 2026/05/09 4:10 a.m.1 views

CVE-2026-42310 Pillow: PDF Parsing Trailer Infinite Loop (DoS)

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.1CVSS7AI score0.00126EPSS
Exploits0References6
nessus
nessus
added 2026/05/09 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016815 advisory. The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this c...

5.3CVSS5.8AI score0.00526EPSS
Exploits0References4
Rows per page
Query Builder