Lucene search
K

25 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-49337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 9:17 p.m.10 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 9:17 p.m.12 views

DEBIAN-CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:53 p.m.8 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/19 7:53 p.m.6 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51027

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.20 Description An issue in the h.265 video codec implementation allows a crafted sequence of H.265 NAL units to cause the decoder context::read slice NAL function to attach slice headers to a finished picture...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-41726

A flaw was found in spring-kafka. When an application uses the DelegatingDeserializer, a malicious producer can exploit this vulnerability by sending records with unique, random spring.kafka.serialization.selector header values. This can cause the consumer's memory heap to grow without limits,...

6.5CVSS5.1AI score0.00289EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:31 a.m.14 views

EUVD-2026-35903

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS5.5AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 12:31 a.m.5 views

GHSA-XVFQ-4Q6Q-GXX7 In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS5.3AI score0.00289EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 12:16 a.m.11 views

CVE-2026-41726

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

VMware Spring for Apache Kafka 安全漏洞

VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Vulnerabilities exist in versions 4.0.0 and earlier, as well as versions 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier of VMware Spring for Apache Kafka. The...

6.5CVSS5.3AI score0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48322

Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...

6.5CVSS5.7AI score0.00289EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45682

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...

5.5CVSS5.3AI score0.00161EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

OpenTelemetry 安全漏洞

OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry 1.15.0-beta.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the AzureVmMetaDataRequestor class, which reads response bodies...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 4:43 a.m.5 views

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

7.5CVSS5.7AI score0.00561EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 4:43 a.m.5 views

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Micronaut Framework 安全漏洞

Micronaut Framework is a modern full-stack Java framework based on the JVM, developed by the Micronaut Foundation. Versions 4.7.0 to 4.10.16 of the Micronaut Framework contain security vulnerabilities. These vulnerabilities stem from the use of the DefaultHtmlErrorResponseBodyProvider class, whic...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/17 6:39 p.m.10 views

Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

DefaultHtmlErrorResponseBodyProvider in io.micronaut:micronaut-http-server since 4.7.0 and until 4.10.7 used an unbounded ConcurrentHashMap cache with no eviction policy. If the application throws an exception whose message may be influenced by an attacker, for example, including request query...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/03 7:32 p.m.5 views

EUVD-2025-206668

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory OOM denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. B...

6.3CVSS5.5AI score0.0054EPSS
Exploits0References4
OSV
OSV
added 2026/01/20 4:16 p.m.4 views

CVE-2025-56353

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...

7.5CVSS5.8AI score0.00287EPSS
Exploits1References1
Rows per page
Query Builder