UBUNTU-CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

EUVD-2025-201421

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function

When an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo DToA.JSdtostr DToA.JSdtoa DToA.pow5mult where pow5mult attempts to...

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2024-28182)

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

Denial of Service (DoS)

Overview github.com/dvsekhvalnov/jose2go is a Pure Golang GO library for generating, decoding and encrypting JSON Web Tokens. Zero dependency, relies only on standard library. Affected versions of this package are vulnerable to Denial of Service DoS via the processing of crafted JSON Web Encrypti...

Bugsink 安全漏洞

Bugsink is a self-hosted bug tracking software from Bugsink Open Source. A security vulnerability exists in Bugsink versions prior to 2.0.6, which stems from a specially crafted Brotli compressed envelope that may lead to excessive CPU time consumption, possibly resulting in a denial of service...

OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

BIT-GOLANG-2025-61725 Excessive CPU consumption in ParseAddress in net/mail

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

EUVD-2019-10275

Malware in sbrugna...

EUVD-2018-0885

Malware in sbrugna...

EUVD-2019-0808

Malware in sbrugna...

EUVD-2021-26263

Malware in sbrugna...

EUVD-2019-10514

Malware in sbrugna...

EUVD-2017-5842

Malware in sbrugna...

EUVD-2021-18717

Malware in sbrugna...

EUVD-2020-24446

Malware in sbrugna...

EUVD-2017-12050

Malware in sbrugna...