Lucene search
K

102 matches found

OSV
OSV
added 2026/05/03 9:58 a.m.7 views

OESA-2026-2193 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

9.1CVSS5.7AI score0.00461EPSS
Exploits0References10
OSV
OSV
added 2026/05/03 9:57 a.m.9 views

OESA-2026-2192 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

9.1CVSS5.7AI score0.00461EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 10:46 a.m.10 views

Security Bulletin: Vulnerabilities in python affects IBM Netezza Appliance

Summary The python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-12084, CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-12084 DESCRIPTION: When building nested elements using xml.dom.minidom methods such as appendChild that have a...

7.5CVSS5.8AI score0.01525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 11:54 a.m.7 views

Security Bulletin: Vulnerability in platform-python affects IBM Netezza Appliance

Summary The platform-python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-13836 DESCRIPTION: When reading an HTTP response from a server, if no read amount is specified, the default behavior wi...

7.5CVSS5.8AI score0.01525EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:21 p.m.25 views

CVE-2026-35405 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts...

7.5CVSS0.00395EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/01 9:47 p.m.6 views

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

Summary For some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. Impact If an application uses Request.post an attacker can send a specially crafted multipart request to force significant temporary memory allocation even when the request is ultimate...

6.9CVSS5.9AI score0.00384EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:35 p.m.13 views

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.7AI score0.00449EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:34 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754

Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...

7.5CVSS7.4AI score0.01099EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/03/18 4:17 a.m.5 views

CVE-2026-29112

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

7.5CVSS0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/04 6:35 p.m.33 views

CVE-2026-20021

A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service DoS condition. Thi...

4.3CVSS0.00213EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/24 4:4 p.m.10 views

nats-server websockets are vulnerable to pre-auth memory DoS

Impact The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. The implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which migh...

7.5CVSS5.6AI score0.00478EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2026/02/11 10:29 a.m.6 views

USN-8023-1 libxmltok vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. CVE-2026-24515 It was discovered that Expat, contained within the xmltok library,...

7.8CVSS6.9AI score0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 9:21 p.m.3 views

CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...

3.7CVSS5.3AI score0.00488EPSS
Exploits0References3
Amazon
Amazon
added 2026/01/07 12:0 a.m.6 views

Medium: python3.12

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When reading an HTTP response from a server, i...

7.5CVSS6.9AI score0.01525EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: activemq (UTSA-2025-993345)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993345 advisory. Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly...

7.5CVSS6.8AI score0.08453EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 9:53 p.m.3 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Axios (CVE-2025-58754)

Summary A vulnerability in Axios that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...

7.5CVSS6.4AI score0.01099EPSS
Exploits1Affected Software1
CVE
CVE
added 2025/10/10 7:22 p.m.46 views

CVE-2025-61919

CVE-2025-61919 : Rack’s Rack::Request#POST reads the entire body into memory for application/x-www-form-urlencoded and can cause DoS via memory exhaustion in affected versions prior to 2.2.20, 3.1.18, and 3.2.3. The fix enforces form parameter limits (query_parser.bytesize_limit) and prevents unb...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:58 p.m.12 views

Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

7.5CVSS6.7AI score0.64718EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7348

Malware in sbrugna...

6.5CVSS7.3AI score0.00399EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0902

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.0077EPSS
Exploits0References3
Rows per page
Query Builder