Lucene search
K

5668 matches found

Snyk
Snyk
added 2026/03/26 10:9 p.m.5 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.6CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/26 10:9 p.m.5 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.6CVSS5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.9 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.5 views

SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-2026:0972-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0972-1 advisory. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption...

9.9CVSS7.1AI score0.16496EPSS
Exploits0References16
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 7:50 p.m.4 views

Security Bulletin: Vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...

5.3CVSS6.7AI score0.00533EPSS
Exploits0Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.12 views

Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/20 9:9 a.m.5 views

CVE-2026-33123 pypdf has inefficient decoding of array-based streams

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

5.1CVSS5.8AI score0.00349EPSS
Exploits0References5
OSV
OSV
added 2026/03/19 12:44 p.m.2 views

GHSA-PP9R-XG4C-8J4X Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing

Summary Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely large payloads, leading to service crashes and...

8.7CVSS5.7AI score0.00437EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: grafana-pcp (UTSA-2026-006197)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006197 advisory. The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the...

7.5CVSS7.1AI score0.01945EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/12 8:13 p.m.28 views

CVE-2026-2581 undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

5.9CVSS0.00566EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/12 8:13 p.m.4 views

CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

5.9CVSS7AI score0.00566EPSS
Exploits0
CVE
CVE
added 2026/03/12 8:13 p.m.38 views

CVE-2026-2581

Undici (deduplication interceptor) is affected by CVE-2026-2581: when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers, especially with large or chunked responses and concurrent identical requests, causing high m...

5.9CVSS5.7AI score0.00566EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2026/03/09 12:0 a.m.1 views

SUSE: Security Advisory (SUSE-SU-2026:20578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.8AI score0.00533EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 11:36 a.m.2 views

SUSE-SU-2026:0840-1 Security update for grpc

This update for grpc fixes the following issue: - CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS bsc1214148...

7.5CVSS5.8AI score0.00412EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

NewStart CGSL MAIN 6.06 (SP) : chrony Multiple Vulnerabilities (NS-SA-2026-0009)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has chrony packages installed that are affected by multiple vulnerabilities: - chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers t...

8.1CVSS6.3AI score0.32288EPSS
Exploits4References21
RedHat Linux
RedHat Linux
added 2026/03/05 8:23 a.m.4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/03/04 3:52 p.m.6 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:8 p.m.16 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

8.4CVSS7.1AI score0.01418EPSS
Exploits6
OSV
OSV
added 2026/03/04 6:50 a.m.4 views

SUSE-SU-2026:20651-1 Security update for docker

This update for docker fixes the following issues: - CVE-2025-58181: an invalid number of mechanisms may cause unbounded memory consumption bcs1253904...

5.3CVSS6.6AI score0.00533EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.2 views

SUSE SLED15: docker / docker-bash-completion / docker-buildx / etc (SUSE-SU-2026:0666-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0666-1 advisory. - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded...

5.3CVSS6.7AI score0.00533EPSS
Exploits0References4
Rows per page
Query Builder