Lucene search
K

330 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-59939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References4
NVD
NVD
added last week5 views

CVE-2026-59939

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS0.00358EPSS
Exploits1References3
Cvelist
Cvelist
added last week31 views

CVE-2026-59939 httplib2: Decompression Bomb Denial of Service via Unbounded gzip/deflate Response Handling

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS0.00358EPSS
Exploits1References3
CVE
CVE
added last week9 views

CVE-2026-59939

The CVE-2026-59939 affects the Python httplib2 library prior to 0.32.0. The root cause is unbounded decompression of HTTP response bodies encoded with gzip or deflate in _decompressContent, allowing a malicious server to send a small compressed payload that expands to very large in-memory size, l...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added last week13 views

CVE-2026-59939

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS6AI score0.00358EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-56548

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.32.0 Description An issue exists where the library performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate within the decompressContent function in httplib2/init.py. ...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References10
OSV
OSV
added 2026/07/07 4:3 p.m.4 views

PYSEC-2026-1202 Authlib : JWE zip=DEF decompression bomb enables DoS

Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...

6.5CVSS6AI score0.00418EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/12 2:39 p.m.10 views

EUVD-2026-36494

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

5.3CVSS5.2AI score0.00594EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48688

Name of the Vulnerable Software and Affected Versions netty-codec-http2 versions prior to 4.1.135.Final netty-codec-http2 versions prior to 4.2.15.Final Description The DelegatingDecompressorFrameListener class manages HTTP/2 decompression by using a per-stream EmbeddedChannel to run decompressio...

7.5CVSS5.3AI score0.00594EPSS
Exploits0References62
GithubExploit
GithubExploit
added 2026/06/10 7:2 a.m.75 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

CVE-2026-28318 — SolarWinds Serv-U "Content-Encoding: deflate"...

7.5CVSS6.5AI score0.10659EPSS
Exploits2
Cvelist
Cvelist
added 2026/06/09 11:46 p.m.38 views

CVE-2026-40988 Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:46 p.m.86 views

CVE-2026-40988

CVE-2026-40988 refers to an issue in the use of the REDIRECT binding for SAML 2.0 Login/Logout with the Spring Security SAML2 Service Provider, where an unbounded writer can inflate the compressed SAML payload in memory, causing a denial of service. The vulnerability affects Spring Security versi...

7.5CVSS5.5AI score0.00331EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 11:46 p.m.9 views

CVE-2026-40988 Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS5.4AI score0.00331EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.39 views

SolarWinds Serv-U 15.5.0 < 15.5.5

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.4 HF1. It is, therefore, affected by a vulnerability as referenced in the solarwindsserv-u1554hf1 advisory. - SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without...

7.5CVSS5.9AI score0.10659EPSS
Exploits2References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.8 views

cve-2026-40988 - HIGH - Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

cve-2026-40988 - HIGH - Unbounded DEFLATE Inflation in SAML 2.0 Service Provider...

7.5CVSS6.1AI score0.00331EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/06 8:14 a.m.14 views

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

7.5CVSS5.6AI score0.10659EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.5AI score0.10659EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2026/06/05 12:0 a.m.26 views

VulnCheck KEV: CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.5AI score0.10659EPSS
In wildExploits2References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/05 12:0 a.m.16 views

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication...

7.5CVSS5.5AI score0.10659EPSS
In wildExploits2
NVD
NVD
added 2026/06/04 3:16 p.m.15 views

CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS0.10659EPSS
Exploits2References3
Rows per page
Query Builder