Lucene search
+L

235 matches found

Snyk
Snyk
added 2026/03/10 9:4 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the t.String process when handling URL formats. An attacker can cause significant performance degradation and service unavailability by submitting...

8.7CVSS5.8AI score0.00494EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.14 views

QuickJS 安全漏洞

QuickJS is a small and embeddable JavaScript engine developed by the QuickJS open-source project. The QuickJS 2025-09-13 version contains a security vulnerability. This vulnerability stems from a garbage collection internal assertion failure when processing specially crafted JavaScript inputs,...

6.5CVSS5.8AI score0.00215EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.6 views

CVE-2026-27691

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...

6.2CVSS5.4AI score0.0016EPSS
Exploits1References1
NVD
NVD
added 2026/02/25 3:20 p.m.11 views

CVE-2026-27691

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...

6.2CVSS0.0016EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/25 6:17 a.m.2 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the vipsforeignloadmatrixheader function. An attacker can cause memory corruption by providing specially crafted input files to the affected process. Remediation A fix was pushed into the master branch but not yet...

7.8CVSS6.1AI score0.00184EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.12 views

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability. This vulnerability stems from a type validation flaw in the flow.dstack component, which may allow for denial-of-service attacks through specially crafted inputs...

7.5CVSS5.8AI score0.00371EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.3 views

Astra Linux – Vulnerability in Python 3.11

The html.parser.HTMLParser class has worst-case quadratic complexity when processing certain malformed inputs, which could potentially lead to a heightened denial-of-service attack...

4.3CVSS6.4AI score0.00473EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/21 2:19 p.m.4 views

CVE-2025-14027

Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...

8.7CVSS5.5AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 2:16 p.m.7 views

CVE-2025-14027

Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...

8.7CVSS0.00352EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 1:56 p.m.2 views

CVE-2025-14027

Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...

8.7CVSS5.4AI score0.00352EPSS
Exploits0References2
CVE
CVE
added 2026/01/20 1:56 p.m.20 views

CVE-2025-14027

CVE-2025-14027 affects Rockwell Automation 1756-RM2 and 1756-RM2XT firmware in ControlLogix Redundancy Enhanced Modules. The issue is described as multiple denial-of-service vulnerabilities triggered by crafted inputs (including malformed Class 3 messages, memory leak conditions, and other resour...

8.7CVSS5.4AI score0.00352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.11 views

PT-2026-3560

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description Multiple denial-of-service issues exist that can be triggered through crafted inputs, including malformed Class 3 messages, memory leak conditions, and resource exhaustion scenarios. Exploitation may cause the...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.10 views

Rockwell Automation ControlLogix Redundancy Enhanced Module security vulnerabilities

Rockwell Automation ControlLogix Redundancy Enhanced Module is a core hardware component of Rockwell Automation. There is a security vulnerability present in the Rockwell Automation ControlLogix Redundancy Enhanced Module, which stems from processing specially crafted inputs. This vulnerability m...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/19 7:53 a.m.9 views

poppler: Out-of-Bounds Read in Poppler

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...

7.1CVSS5.7AI score0.00234EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/01/19 7:53 a.m.9 views

poppler: Out-of-Bounds Read in Poppler

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...

7.1CVSS5.7AI score0.00234EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-1644

Veeam Backup & Replication and Affected Versions Veeam Backup & Replication versions 13.0.1.180 and earlier Description A critical remote code execution RCE vulnerability exists in Veeam Backup & Replication software. This flaw, tracked as CVE-2025-59470, has a CVSS score of 9.0 and allows a user...

9CVSS8.6AI score0.01487EPSS
Exploits2References34
Veracode
Veracode
added 2025/12/17 6:49 a.m.6 views

Improper Input Validation

sha.js is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to influence how data is processed...

9.1CVSS6.5AI score0.00651EPSS
Exploits2References7Affected Software1
Veracode
Veracode
added 2025/12/17 5:11 a.m.7 views

Improper Input Validation

cipher-base is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to alter processing behavior...

9.1CVSS5.5AI score0.0047EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-201886

Robocode vulnerable to Directory Traversal in recursivelyDelete Method...

10CVSS6.4AI score0.00932EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 4:17 p.m.7 views

UBUNTU-CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

10CVSS6.3AI score0.005EPSS
Exploits0References4
Rows per page
Query Builder