Lucene search
K

2231 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47601

Name of the Vulnerable Software and Affected Versions netty-codec-redis versions prior to 4.1.135.Final netty-codec-redis versions prior to 4.2.15.Final Description A denial of service can occur when an attacker sends a crafted Redis payload containing deeply nested arrays. The...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.31 views

Amazon Linux 2023 : jq, jq-devel (ALAS2023-2026-1815)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1815 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating string...

8.2CVSS6AI score0.00559EPSS
Exploits7References18
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.10.0 : protobuf (EulerOS-SA-2026-2059)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.6 views

EulerOS Virtualization 2.13.0 : protobuf (EulerOS-SA-2026-2182)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.5 views

EulerOS Virtualization 2.10.0 : libxml2 (EulerOS-SA-2026-2055)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not...

6.2CVSS5.8AI score0.00755EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44844

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...

6.3CVSS5.5AI score0.00395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41673

A flaw was found in the xmldom library, a JavaScript module for parsing XML documents. An attacker could exploit this vulnerability by providing a specially crafted, deeply nested XML document. This could lead to a Denial of Service DoS by causing the application to crash due to excessive...

8.7CVSS5.1AI score0.00643EPSS
Exploits0References15
OSV
OSV
added 2026/06/05 5:40 a.m.6 views

BIT-AIRFLOW-2026-42358 Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References3
Wordfence Blog
Wordfence Blog
added 2026/06/04 9:5 p.m.43 views

Quarterly WordPress Threat Intelligence Report – Q1 2026

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/04 3:16 p.m.11 views

CVE-2026-47706

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS0.00296EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 2:38 p.m.8 views

Uncontrolled Recursion

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Uncontrolled Recursion in the determinedepth function when processing GraphQL queries containing circular fragment references. An attacker can exhaust server CPU resources and...

6.9CVSS5.5AI score0.00296EPSS
Exploits1References2
OSV
OSV
added 2026/06/04 2:38 p.m.6 views

GHSA-QFWV-87QJ-98XQ Strawberry GraphQL has a Circular Fragment Reference DOS

Summary The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth function enters an infinite recursion, leading to a RecursionError and crashing the...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/06/04 2:38 p.m.17 views

Strawberry GraphQL has a Circular Fragment Reference DOS

Summary The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth function enters an infinite recursion, leading to a RecursionError and crashing the...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/06/04 2:25 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the GraphQL API Endpoint that lacks depth limiting and complexity analysis for SQL queries. An attacker can cause excessive resource consumption by sending specially crafted reques...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:6 p.m.6 views

CVE-2026-47706

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 2:6 p.m.9 views

CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/04 2:6 p.m.36 views

CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS0.00296EPSS
Exploits1References2
CVE
CVE
added 2026/06/04 2:6 p.m.21 views

CVE-2026-47706

The CVE affects Strawberry GraphQL versions 0.71.0–0.315.6, where the QueryDepthLimiter lacks cycle detection in fragment spreads, causing infinite recursion and an application-level DOS (RecursionError) during validation. The issue is fixed in 0.315.7. Remediation: upgrade to 0.315.7 or later. T...

5.3CVSS5.8AI score0.00296EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/04 6:16 a.m.11 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 6:16 a.m.4 views

ALPINE-CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References1
Rows per page
Query Builder