Lucene search
K

5668 matches found

OSV
OSV
added 2026/04/18 8:46 a.m.7 views

BIT-PILLOW-2026-40192 Pillow is vulnerable to a FITS GZIP decompression bomb

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

8.7CVSS5.7AI score0.00671EPSS
Exploits0References30
NVD
NVD
added 2026/04/15 11:16 p.m.8 views

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

8.7CVSS0.00671EPSS
Exploits0References30
Debian CVE
Debian CVE
added 2026/04/15 10:53 p.m.11 views

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

8.7CVSS5.3AI score0.00671EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.6 views

RHEL 10 : nodejs24 (RHSA-2026:7675)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an...

9.8CVSS6.7AI score0.26356EPSS
Exploits1References38
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 5:45 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.3.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-66019 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which...

8.7CVSS6.9AI score0.00313EPSS
Exploits0Affected Software1
SUSE Linux
SUSE Linux
added 2026/04/10 11:36 a.m.4 views

Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References8
OSV
OSV
added 2026/04/10 1:3 a.m.7 views

CLEANSTART-2026-KL76732 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the gpu-operator package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

9.8CVSS6.7AI score0.00804EPSS
Exploits0References5
OSV
OSV
added 2026/04/10 12:51 a.m.8 views

CLEANSTART-2026-AR20742 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the prometheus-mysqld-exporter package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00804EPSS
Exploits1References11
OSV
OSV
added 2026/04/09 12:0 a.m.10 views

ALSA-2026:7350 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion...

9.8CVSS5.8AI score0.26356EPSS
Exploits1References38
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.8 views

RHEL 9 : nodejs:24 (RHSA-2026:7350)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7350 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS7.3AI score0.26356EPSS
Exploits1References38
OSV
OSV
added 2026/04/07 2:58 p.m.8 views

GO-2026-4910 Maliciously crafted idx file can cause asymmetric memory consumption in github.com/go-git/go-git

Maliciously crafted idx file can cause asymmetric memory consumption in github.com/go-git/go-git...

5CVSS7.3AI score0.00147EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/07 1:8 p.m.9 views

XML Entity Expansion

fast-xml-parser is vulnerable to XML Entity Expansion. The vulnerability is due to missing enforcement of entity expansion limits for numeric and standard XML entities, which allows an attacker to supply crafted XML with excessive entity references to trigger high memory and CPU consumption leadi...

7.5CVSS5.9AI score0.00576EPSS
Exploits1References5Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/03 12:0 a.m.4 views

Security update for keybase-client (important)

openSUSE Security Update: Security update for keybase-client Announcement ID: openSUSE-SU-2026:0117-1 Rating: important References: 1253563 1253864 1254023 Cross-References: CVE-2025-47913 CVE-2025-47914 CVE-2025-58181 CVSS scores: CVE-2025-47913 SUSE: 8.7...

8.7CVSS6.8AI score0.00591EPSS
Exploits1References3
OSV
OSV
added 2026/04/01 9:16 p.m.2 views

DEBIAN-CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.2AI score0.0044EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

TencentOS Server 3: osbuild-composer (TSSA-2026:0204)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0204 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

10CVSS6.9AI score0.01945EPSS
Exploits1References3
OSV
OSV
added 2026/03/30 5:17 p.m.13 views

GHSA-JHF3-XXHW-2WPP go-git: Maliciously crafted idx file can cause asymmetric memory consumption

Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...

5CVSS5.8AI score0.00147EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/29 3:30 p.m.3 views

EUVD-2026-17020

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket...

8.7CVSS5.9AI score0.00531EPSS
Exploits0References4
OSV
OSV
added 2026/03/29 3:30 p.m.4 views

GHSA-C447-W54G-F55J Duplicate Advisory: OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jq3f-vjww-8rq7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the...

8.7CVSS5.8AI score0.00531EPSS
Exploits0References4
CVE
CVE
added 2026/03/29 12:44 p.m.20 views

CVE-2026-32980

OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies prior to validating the x-telegram-bot-api-secret-token header, enabling unauthenticated attackers to exhaust server resources. Attack vectors involve POST requests to the webhook endpoint that can trigger memory consumpt...

8.7CVSS5.9AI score0.00531EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/27 12:26 p.m.5 views

SUSE-SU-2026:1118-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904...

9.9CVSS7AI score0.16496EPSS
Exploits0References9
Rows per page
Query Builder