Lucene search
K

29 matches found

OSV
OSV
added 2026/06/11 12:37 a.m.8 views

CLEANSTART-2026-KN74022 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU

Security vulnerability affects the local-static-provisioner-fips package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

9.8CVSS5.5AI score0.0056EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the addRepeatIntervalToTime function, which used an On loop to handle repetitive tasks. This could lead to billion...

6.5CVSS5.8AI score0.00347EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.3 views

SUSE SLES12 Security Update : bind (SUSE-SU-2026:1229-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1229-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Tenable has extracted the preceding...

7.5CVSS5.9AI score0.01545EPSS
Exploits0References4
RubySec
RubySec
added 2026/03/25 12:0 a.m.6 views

Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage’s proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP12 : python-urllib3 (EulerOS-SA-2026-1409)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...

8.9CVSS6.5AI score0.02667EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/09 4:44 p.m.1 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the DWARF parsing process. An attacker can cause the application to enter an infinite output loop by providing a specially crafted binary with malformed DWARF loclists data, resulting in excessive CPU and I/O...

6.2CVSS5.8AI score0.00152EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability that stems from excessive CPU and memory consumption when processing specially crafted malicious certificates, whi...

5.3CVSS7.1AI score0.00638EPSS
Exploits1References3
OSV
OSV
added 2026/02/06 3:54 p.m.8 views

OESA-2026-1286 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

8.9CVSS7.6AI score0.00633EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 9:55 p.m.4 views

GHSA-MQ3P-RRMP-79JG go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message

Impact An attacker can cause high CPU usage by sending a specially crafted p2p message. More details to be released later. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @Yenya030...

7.1CVSS6.7AI score0.00569EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/12/15 12:0 a.m.2 views

openSUSE Security Advisory (SUSE-SU-2025:4390-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/03 7:31 p.m.1 views

CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

6.9CVSS6.3AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/03 7:31 p.m.3 views

EUVD-2025-201013

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

6.9CVSS6.1AI score0.00235EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/29 9:51 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:The Reader.ReadResponse function constructs a response string through repeated string...

6.9CVSS6.9AI score0.00526EPSS
Exploits0References3
OSV
OSV
added 2025/08/26 4:19 p.m.7 views

GHSA-8MVJ-3J78-4QMW jsPDF Denial of Service (DoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of...

8.7CVSS6.7AI score0.00653EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.2 views

PT-2025-34787 · Jspdf · Jspdf

Name of the Vulnerable Software and Affected Versions: jsPDF versions prior to 3.0.2 Description: jsPDF is a JavaScript library used to generate PDFs. Prior to version 3.0.2, user control over the first argument of the addImage method can lead to high CPU utilization and denial of service...

8.7CVSS7.1AI score0.00653EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.2 views

PowSyBl 安全漏洞

PowSyBl is an open source framework from PowSyBl, Inc. dedicated to the modeling and simulation of power systems. A security vulnerability exists in PowSyBl versions prior to 6.7.2, which stems from a regular expression denial of service vulnerability in the DataSource mechanism that could lead t...

6.3CVSS6.2AI score0.0035EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/12/02 1:31 a.m.5 views

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

7.5CVSS5.8AI score0.01051EPSS
Exploits0References7
OSV
OSV
added 2024/10/11 9:15 p.m.2 views

DEBIAN-CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process...

7.5CVSS5.3AI score0.00569EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.7 views

Nghttp2 安全漏洞

Nghttp2 is a C library for HTTP/2 implementation from the Nghttp2 community. A security vulnerability exists in Nghttp2 versions prior to 1.61.0, which stems from reading an unlimited number of HTTP/2 CONTINUATION frames may result in excessive CPU utilization...

5.3CVSS7.1AI score0.8496EPSS
Exploits1References13
Snyk
Snyk
added 2023/10/10 6:31 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a flaw in the handling of certain data inputs. An attacker can cause a denial of service by sending specially crafted data to the application. Details Denial of Service DoS describes a family of attacks, all...

6.5CVSS7AI score0.02802EPSS
Exploits0References2
Rows per page
Query Builder