Lucene search
K

185 matches found

OSV
OSV
added 2025/10/06 8:15 a.m.4 views

DEBIAN-CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

5.7CVSS7AI score0.00146EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/10/06 8:8 a.m.8 views

CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

5.7CVSS5.6AI score0.00146EPSS
Exploits0
OSV
OSV
added 2025/10/04 12:11 a.m.4 views

RLSA-2025:9106 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

5.4CVSS7.5AI score0.00724EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-3877

Malicious code in bioql PyPI...

7.5CVSS7.8AI score0.02813EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29022

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00424EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-30836

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00159EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1755

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00822EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/22 6:2 p.m.2 views

CVE-2025-59418 BunnyPad Vulnerable to Buffer Overflow When Opening Files of Size 20MB or Greater

BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from opening files larger than 10MB...

5.5CVSS6.9AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2025/09/22 6:2 p.m.5 views

CVE-2025-59418 BunnyPad Vulnerable to Buffer Overflow When Opening Files of Size 20MB or Greater

BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from opening files larger than 10MB...

5.5CVSS7.3AI score0.00159EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.2 views

BunnyPad 安全漏洞

BunnyPad is a notepad software open source by GSYT Productions. A security vulnerability exists in BunnyPad versions prior to 11.0.27000.0915, which originates from a buffer overflow that occurs when opening a file greater than or equal to 20MB...

5.5CVSS7.1AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.4 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

6.5CVSS6.3AI score0.00424EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-8782

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is...

6.5CVSS6.7AI score0.0146EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/28 7:21 a.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.2 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versio...

8.2CVSS8.4AI score0.00846EPSS
Exploits3Affected Software2
Packet Storm
Packet Storm
added 2025/08/19 12:0 a.m.116 views

📄 nopCommerce 4.10 / 4.80.3 Resource Exhaustion

nopCommerce versions 4.10 and 4.80.3 are vulnerable to resource exhaustion vulnerabilities. nopCommerce is vulnerable to Insufficient Resource Allocation Limits when handling large Excel file imports. Although the application provides a warning message recommending that users avoid importing more...

7.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.3 views

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

5.5CVSS7.3AI score0.00408EPSS
Exploits1References6
OSV
OSV
added 2025/07/21 8:15 p.m.2 views

DEBIAN-CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

5.3CVSS5.6AI score0.00526EPSS
Exploits0References1
OSV
OSV
added 2025/07/21 8:15 p.m.2 views

UBUNTU-CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

5.3CVSS5.8AI score0.00526EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/21 8:6 p.m.10 views

CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

5.3CVSS0.00526EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/07/21 7:34 p.m.10 views

Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

5.3CVSS7.2AI score0.00526EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/07/21 7:34 p.m.8 views

GHSA-2C2J-9GV5-CJ73 Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

5.3CVSS6.8AI score0.00526EPSS
Exploits0References6
Rows per page
Query Builder