Lucene search
K

211 matches found

CVE
CVE
added yesterday14 views

CVE-2026-45756

Summary (CVE-2026-45756) : The Symfony JsonPath component allows attacker-controlled regular expressions in the match() and search() filters to be compiled directly into PCRE without length or backtracking limits, enabling catastrophic backtracking (ReDoS) and denial of service. Affected are Symf...

8.2CVSS6.1AI score0.00082EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1860 Werkzeug possible resource exhaustion when parsing file data in forms

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting. The Request.maxcontentlength setting, as well as resource limits provided by deployment software and platforms,...

7.5CVSS6.7AI score0.01102EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:37 p.m.6 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52890

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description An issue exists in the UDP DNS filter when configured with local or remote resolution for names exactly 25...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References19
NVD
NVD
added 2026/06/17 10:16 p.m.12 views

CVE-2026-48990

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS0.00163EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 3:37 p.m.22 views

Security Bulletin: Vulnarability in jackson-core library (WS-2026-0003) affects Power HMC.

Summary The jackson-core library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined i...

5.5AI score
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/10 2:33 a.m.13 views

SUSE CVE-2026-9698

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a...

7.8CVSS5.9AI score0.00393EPSS
Exploits0References8
NVD
NVD
added 2026/06/05 11:16 p.m.12 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
PyPA
PyPA
added 2026/06/05 11:16 p.m.8 views

PYSEC-0000-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.2AI score0.00408EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/05 11:16 p.m.13 views

PYSEC-2026-215

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.1AI score0.00408EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 11:16 p.m.9 views

UBUNTU-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.4AI score0.00408EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 10:6 p.m.35 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 10:6 p.m.11 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.4AI score0.00408EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 10:6 p.m.46 views

CVE-2026-45409

CVE-2026-45409 affects Python’s IDNA handling (idna.encode) in Python-idna. A specially crafted input could cause heavy resource consumption and potential DoS. The issue mirrors CVE-2024-3651; fixes were extended in 3.14–3.15 to reject long inputs earlier and more broadly (per-label conversions a...

6.9CVSS6.3AI score0.00408EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/05 10:6 p.m.12 views

EUVD-2026-34921

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

7.5CVSS5.4AI score0.01386EPSS
Exploits1References1
OSV
OSV
added 2026/06/04 2:21 p.m.7 views

GHSA-777C-7FJR-54VF Allocation of Resources Without Limits or Throttling in Axios

Summary Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies large...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/06/01 5:5 p.m.12 views

CVE-2026-45545 Nextcloud: SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries,...

8.2CVSS6AI score0.00318EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 5:5 p.m.36 views

CVE-2026-45545

Summary of CVE-2026-45545 (Nextcloud Tables SQL Injection) : An authenticated attacker with access to the Nextcloud Tables app could trigger a stored SQL injection that accepts arbitrary inputs up to 20 bytes and can break out of the length limit. This allows extraction or modification of databas...

8.2CVSS6AI score0.00318EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Added a length limitation for the ivrsacpihid command-line parameter. The acpiid buffer in the parseivrsacpihid function may overflow, because the string specifier in the fscan function lacks a width limitation. Found ...

5.8AI score0.00206EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in many qmi element information structures accounts for null-terminated strings with a length of MAXLEN + 1. If a string actually has a length o...

5.3AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder