Lucene search
K

323 matches found

Cvelist
Cvelist
added 2026/06/04 2:5 p.m.41 views

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS0.10659EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.5 views

SolarWinds Serv-U 资源管理错误漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software developed by the American company SolarWinds. SolarWinds Serv-U has a resource management vulnerability that stems from unvalidated POST requests using the Content-Encoding: deflate header, which can lead to service crashes...

7.5CVSS5.8AI score0.10659EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46239

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.5.4 Hotfix 1 Description SolarWinds Serv-U is susceptible to uncontrolled resource consumption when processing compressed HTTP request bodies. An unauthenticated remote attacker can trigger a...

7.8CVSS6.1AI score0.10659EPSS
Exploits2References78
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.11 views

CVE-2026-39804

A flaw was found in bandit. An unauthenticated attacker who can open a WebSocket connection can exploit a vulnerability when WebSocket permessage-deflate compression is enabled. This flaw allows for memory exhaustion by sending a highly compressed frame that, when decompressed, forces large memor...

8.2CVSS5.7AI score0.00625EPSS
Exploits0References7
OSV
OSV
added 2026/05/07 3:36 a.m.3 views

GHSA-FRH3-6PV6-RC8J Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame

Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate compress: true, an unauthenticated client can OOM the BEAM with a single 6 MiB WebSocket frame. Bandit's inflate step has no output-size cap, so a small high-ratio compressed frame e.g. zeros, 1024:1 ratio...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/07 3:36 a.m.5 views

EUVD-2026-26711

Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame...

8.2CVSS5.8AI score0.00625EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/07 3:36 a.m.13 views

Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame

Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate compress: true, an unauthenticated client can OOM the BEAM with a single 6 MiB WebSocket frame. Bandit's inflate step has no output-size cap, so a small high-ratio compressed frame e.g. zeros, 1024:1 ratio...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References6Affected Software1
GithubExploit
GithubExploit
added 2026/05/06 2:59 p.m.93 views

avro-oom-compression-poc

Avro Decompression Bomb PoC CWE-409 Proof of concept demons...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 11:30 a.m.19 views

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2581. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION:...

9.8CVSS7AI score0.0115EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/01 9:16 p.m.9 views

CVE-2026-39804

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...

8.2CVSS0.00625EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/01 8:34 p.m.28 views

CVE-2026-39804 WebSocket permessage-deflate inflate has no output-size cap in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...

8.2CVSS0.00625EPSS
Exploits0References4
CVE
CVE
added 2026/05/01 8:34 p.m.14 views

CVE-2026-39804

The vulnerability CVE-2026-39804 affects Bandit (Elixir) WebSocket permessage-deflate handling. The function Elixir.Bandit.WebSocket.PerMessageDeflate.inflate/2 calls :zlib.inflate/2 without an output size cap and materializes the full decompressed payload into a single binary, while max_frame_si...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References4
OSV
OSV
added 2026/05/01 8:34 p.m.5 views

EEF-CVE-2026-39804 WebSocket permessage-deflate inflate has no output-size cap in bandit

Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:34 p.m.3 views

CVE-2026-39804

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. 'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.5 views

PT-2026-36540

Name of the Vulnerable Software and Affected Versions bandit versions 0.5.9 through 1.10.x Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled. The issue occurs because the inflate/2 function i...

8.2CVSS5.8AI score0.00625EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...

8.2CVSS5.8AI score0.00625EPSS
Exploits0References1
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: LibRaw

Issue Overview: An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. CVE-2026-20884 A heap-based buffer overflow...

9.8CVSS5.9AI score0.00564EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

Amazon Linux 2 : LibRaw, --advisory ALAS2-2026-3258 (ALAS-2026-3258)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3258 advisory. An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw. A specially crafted malicious...

9.8CVSS6.2AI score0.00564EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.4 views

SUSE SLES15 Security Update : libraw (SUSE-SU-2026:1556-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1556-1 advisory. - CVE-2026-5342: out-of-bounds read via LibRaw::nikonloadpaddedpackedraw bsc1261499. - CVE-2026-20884: integer overflow and heap...

9.8CVSS6.3AI score0.00746EPSS
Exploits6References19
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.76 views

Node.js Module Undici < 6.24.0 / 7.x < 7.24.0 Multiple Vulnerabilities

The nodejs module Undici detected on the host is prior to version 6.24.0 or version 7.x prior to 7.24.0. It is, therefore, affected by multiple vulnerabilities : - A flaw exists due to allowing duplicate HTTP Content-Length headers when provided in an array with case-variant names. An...

9.8CVSS7.8AI score0.0115EPSS
Exploits0References6
Rows per page
Query Builder