CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

EUVD-2026-36128

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS5.5AI score

Exploits0References5

NVD•added yesterday•4 views

CVE-2026-10143

8.7CVSS

Exploits0References4

CVE•added yesterday•4 views

CVE-2026-10143

CVE-2026-10143 affects kafka-python prior to 2.3.2. The denial‑of‑service arises from ScramClient.process_server_first_message() passing the broker‑provided SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation in scram.py. This can freeze the client event loop, blocking prod...

8.7CVSS5.5AI score

Exploits0References4

Cvelist•added yesterday•13 views

CVE-2026-10143 kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py

8.7CVSS

Exploits0References4

Debian CVE•added yesterday•3 views

CVE-2026-10143

8.7CVSS5.5AI score

Exploits0

Positive Technologies•added yesterday•3 views

PT-2026-48531

8.7CVSS5.5AI score

Exploits0References5

EUVD•added 2 days ago•4 views

EUVD-2026-35422

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00073EPSS

Exploits0References3

Tenable Nessus•added 2 days ago•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-11790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored...

4.9CVSS5.5AI score0.00073EPSS

Exploits0References3

OSV•added 2026/05/22 1:22 p.m.•2 views

OESA-2026-2446 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is an open...

7.5CVSS5.7AI score0.00043EPSS

Exploits0References2

RedhatCVE•added 2026/05/15 4:8 p.m.•21 views

CVE-2026-42256

A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol IMAP client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256 authentication by...

6.5CVSS5.7AI score0.0005EPSS

Exploits0References10

NVD•added 2026/05/09 8:16 p.m.•7 views

CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS0.0005EPSS

Exploits0References7

UbuntuCve•added 2026/05/09 8:16 p.m.•6 views

CVE-2026-42256

6.5CVSS5.7AI score0.0005EPSS

Exploits0References8

CVE•added 2026/05/09 7:38 p.m.•9 views

CVE-2026-42256

Net::IMAP (Ruby) is affected by a Denial of Service when authenticating with SCRAM-SHA1/SCRAM-SHA256 if a hostile server sends a very high iteration count. Affected versions: 0.4.0–0.4.23, 0.5.0–0.5.13, 0.6.0–0.0.6. Wait that seems wrong: fix lists are 0.4.24, 0.5.14, 0.6.4. Corrected: Affected r...

6.5CVSS5.7AI score0.0005EPSS

Exploits0References7Affected Software1

EUVD•added 2026/05/09 7:38 p.m.•5 views

EUVD-2026-28925

6CVSS5.7AI score0.0005EPSS

Exploits0References7

Vulnrichment•added 2026/05/09 7:38 p.m.•7 views

CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

6CVSS5.7AI score0.0005EPSS

Exploits0References7

ATTACKERKB•added 2026/05/09 7:38 p.m.•6 views

CVE-2026-42256

6CVSS5.7AI score0.0005EPSS

Exploits0References8Affected Software1

Cvelist•added 2026/05/09 7:38 p.m.•28 views

CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication

6CVSS0.0005EPSS

Exploits0References7

EUVD•added 2026/05/05 8:9 p.m.•1 views

EUVD-2026-26247

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS...

7.5CVSS5.8AI score0.00043EPSS

Exploits0References3

OSV•added 2026/04/29 8:51 a.m.•3 views

CLSA-2026-1777452704 bind: Fix of CVE-2026-1519

CVE-2026-1519: limit NSEC3 iteration count when proving an insecure delegation so a maliciously crafted DNSSEC zone with a high-iteration NSEC3 record cannot exhaust resolver CPU; treat the answer as insecure above the 150-iteration limit. Backport of bind-9.11.36-16.el810.7 RHSA-2026:8352...

7.5CVSS6AI score0.00061EPSS

Exploits0References1

Packet Storm•added 2026/03/06 12:0 a.m.•153 views

📄 joserfc JWE PBES2 1.6.2 Denial of Service

A denial of service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm...

7.5CVSS5.8AI score0.00048EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by