Lucene search
K

509 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-361 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

9.2CVSS6AI score0.00329EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/06/29 9:47 a.m.10 views

CVE-2026-54285

A flaw was found in the @opentelemetry/core component of the OpenTelemetry JavaScript Client. This vulnerability allows a remote attacker to trigger uncontrolled memory allocation by sending oversized baggage HTTP headers. The system's inability to enforce size limits during inbound baggage parsi...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 8:19 p.m.4 views

GHSA-JQC5-2P7Q-FQFC Hysteria: http large header with sniff cause server DoS

Summary Sending an excessively large header by an attacker could lead to a server-side DoS attack. Details The current sniff implementation does not explicitly specify the upper limit for HTTP headers. Attackers can continuously send excessively large headers without including \r\n\r\n, leading t...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5298 Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() in github.com/google/go-attestation

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList in github.com/google/go-attestation...

5.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field ...

7.5CVSS6.2AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 8:16 a.m.9 views

CVE-2026-52940

In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...

0.00154EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52940

In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...

5.7AI score0.00154EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51733

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the tun put user function declares a virtio net hdr v1 hash tunnel structure on the stack without initializing it to zero. For non-tunnel socket buffers skb, the...

6AI score0.00154EPSS
Exploits0References17
NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS0.00107EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Issues in mpi3mrgetalltgtinfo have been fixed. The function mpi3mrgetalltgtinfo has four issues: 1. It calculates the valid entry length in alltgtinfo assuming that the header part of the struct mpi3mrdevicemapin...

7.8CVSS6AI score0.00141EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 6:29 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an out-of-memory condition in spdystream Go [CVE-2026-35469]

Summary IBM Watson Speech Services Cartridge is vulnerable to an out-of-memory condition in spdystream Go, caused by a flaw in SPDY/3 frame parser that does not validate attacker-controlled counts and lengths before allocating memory CVE-2026-35469. Spdystream Go is used in our speech utilities...

8.7CVSS5.2AI score0.00656EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 6:18 p.m.20 views

CVE-2026-47774

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS0.00815EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/06/17 4:58 p.m.29 views

CVE-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS0.00815EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/17 4:58 p.m.8 views

CVE-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS5.8AI score0.00815EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.7 views

netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

A flaw was found in Netty, a network application framework. A remote attacker can exploit a vulnerability in the HTTP/2 Hypertext Transfer Protocol version 2 maximum header size handling. By sending a specific SETTINGSMAXHEADERLISTSIZE setting, an attacker can cause Netty to produce an exception...

6.9CVSS5.4AI score0.00302EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.7 views

netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

A flaw was found in Netty, a network application framework. A remote attacker can exploit a vulnerability in the HTTP/2 Hypertext Transfer Protocol version 2 maximum header size handling. By sending a specific SETTINGSMAXHEADERLISTSIZE setting, an attacker can cause Netty to produce an exception...

6.9CVSS5.4AI score0.00302EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/17 1:25 p.m.28 views

CVE-2026-54417 Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 8:46 p.m.9 views

EUVD-2026-36471

Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature...

6.9CVSS5.2AI score0.00302EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/15 5:19 p.m.6 views

Interpretation Conflict

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results...

6.9CVSS5.3AI score0.00107EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.11 views

CVE-2026-50560

A flaw was found in Netty, a network application framework. A remote attacker can exploit a vulnerability in the HTTP/2 Hypertext Transfer Protocol version 2 maximum header size handling. By sending a specific SETTINGSMAXHEADERLISTSIZE setting, an attacker can cause Netty to produce an exception...

6.9CVSS5AI score0.00302EPSS
Exploits0References7
Rows per page
Query Builder