urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-66471)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-66471 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior t...

MiracleLinux 9 : dnsmasq-2.85-14.el9_3.1 (AXSA:2024-7618:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7618:01 advisory. dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can...

MiracleLinux 8 : dotnet5.0-5.0.214-1.el8.ML.1 (AXSA:2022-3728:11)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3728:11 advisory. dotnet: excess memory allocation via HttpClient causes DoS CVE-2022-23267 dotnet: malicious content causes high CPU and memory usage CVE-2022-29117...

MiracleLinux 8 : dotnet3.1-3.1.419-1.el8.ML.1 (AXSA:2022-3727:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3727:07 advisory. dotnet: excess memory allocation via HttpClient causes DoS CVE-2022-23267 dotnet: malicious content causes high CPU and memory usage CVE-2022-29117...

MiracleLinux 9 : dotnet6.0-6.0.105-1.el9.ML.1 (AXSA:2022-3976:14)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3976:14 advisory. dotnet: excess memory allocation via HttpClient causes DoS CVE-2022-23267 dotnet: malicious content causes high CPU and memory usage CVE-2022-29117...

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon l2cpd of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces LSI to stop while...

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon l2cpd of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces LSI to stop while...

Juniper Junos OS Evolved security vulnerabilities

Juniper Junos OS Evolved is a network operating system developed by the Juniper company. Vulnerabilities exist in versions of Juniper Junos OS Evolved prior to 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, and 23.4R2-EVO. These vulnerabilities stem from...

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

EUVD-2026-2010

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8...

PT-2025-52725

Name of the Vulnerable Software and Affected Versions Marshmallow versions 3.0.0rc1 through 3.26.1 Marshmallow versions 4.0.0 through 4.1.1 Description Marshmallow, a library for converting complex objects to and from simple Python datatypes, contains a flaw in the Schema.loaddata, many=True...

resolv: Denial of Service in resolv gem

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

Linux Distros Unpatched Vulnerability : CVE-2025-68211

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksm: use range-walk function to jump over holes in scangetnextrmapitem Currently, scangetnextrmapitem walks every page address in a VMA to locate mergeable...

Denial Of Service

rhino is vulnerable to a Denial of Service. The vulnerability is due to improper handling of attacker-controlled floating-point values in the toFixed function, where small or specially crafted numbers trigger an expensive call chain that attempts to raise 5 to an extremely large power, and...

rexml: REXML denial of service

A denial of service flaw has been discovered in the rubygem REXML. Certain input can cause excess cpu usage and given sufficiently large input this can affect program performance...

CVE-2025-42873

SAPUI5 (and OpenUI5) packages include the markdown-it component with outdated third‑party libraries, enabling an infinite loop on specially malformed input. This DoS causes high CPU use and unresponsiveness by blocking the processing thread, with no confidentiality or integrity impact reported. N...

SUSE CVE-2025-66453

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

AZL-71849 CVE-2025-66471 affecting package python-urllib3 1.26.19-3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

ALPINE-CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...