Lucene search
K

140 matches found

Vulnrichment
Vulnrichment
added 2025/12/05 4:2 p.m.2 views

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

8.9CVSS6.3AI score0.00633EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 4:2 p.m.22 views

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

8.9CVSS0.00633EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 7:15 p.m.5 views

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

6.9CVSS0.00342EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/12 5:44 p.m.2 views

Denial of Service (DoS)

Overview github.com/dvsekhvalnov/jose2go is a Pure Golang GO library for generating, decoding and encrypting JSON Web Tokens. Zero dependency, relies only on standard library. Affected versions of this package are vulnerable to Denial of Service DoS via the processing of crafted JSON Web Encrypti...

8.7CVSS6.7AI score0.00236EPSS
Exploits1References2
Veracode
Veracode
added 2025/11/10 6:49 a.m.10 views

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

7.5CVSS6.4AI score0.00535EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2025/11/04 7:51 p.m.5 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/09 6:30 p.m.5 views

EUVD-2025-33402

A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When memory utilization is high, and specific...

8.2CVSS6.4AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 4:15 p.m.7 views

CVE-2025-52960

A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When memory utilization is high, and specific...

8.2CVSS5.8AI score0.00309EPSS
Exploits0References2
CVE
CVE
added 2025/10/09 3:40 p.m.30 views

CVE-2025-52960

CVE-2025-52960 affects Juniper Networks Junos OS on SRX Series and MX Series, caused by a Buffer Copy without Checking Size in the SIP ALG (flowd/mspmand). The underlying issue occurs when memory utilization is high and specific SIP packets arrive, crashing the flowd process and causing a DoS; th...

8.2CVSS6.2AI score0.00309EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-13021

Malware in sbrugna...

6.5CVSS7.4AI score0.03099EPSS
Exploits1References13
OSV
OSV
added 2025/10/05 11:44 p.m.5 views

BIT-MONGODB-2025-6712 MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...

6.5CVSS6.9AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/28 7:36 p.m.54 views

CVE-2025-6203 Vault unauthenticated denial of service through complex json payload

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

7.5CVSS0.00697EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/24 6:48 a.m.7 views

Security Bulletin: Erlang/OTP Vulnerability in KEX Init Handling May Lead to High Memory Usage

Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters...

7.5CVSS6.9AI score0.00436EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/07/07 3:15 p.m.3 views

UBUNTU-CVE-2025-6712

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...

6.5CVSS5.7AI score0.00276EPSS
Exploits0References3
MongoDB
MongoDB
added 2025/07/07 2:45 p.m.10 views

MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...

6.5CVSS7AI score0.00276EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/05/03 2:49 a.m.3 views

SUSE CVE-2023-53144

In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted...

5.5CVSS6.6AI score0.00152EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/02 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from erofs incorrectly unmapping pages when using LZMA on the HIGHMEM platform, which could lead to a null pointe...

5.5CVSS5.1AI score0.00152EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/04/25 12:0 a.m.13 views

Erlang/OTP (Erlang OTP) DoS Vulnerability (Mar 2025) - Linux

Erlang/OTP Erlang OTP is prone to a denial of service DoS vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

7.5CVSS7.4AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/30 3:30 p.m.23 views

CVE-2025-30211

A flaw was found in Erlang/OTP. This vulnerability allows an attacker to cause high memory consumption via a maliciously crafted KEX init message that exceeds RFC-specified limits on algorithm names...

7.5CVSS7.2AI score0.00436EPSS
Exploits0References4
OSV
OSV
added 2025/03/28 2:55 p.m.24 views

CVE-2025-30211 KEX init error results with excessive memory usage

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters provided in K...

7.5CVSS7.4AI score0.00436EPSS
Exploits0References4
Rows per page
Query Builder