Lucene search
K

425 matches found

OSV
OSV
added 4 days ago3 views

DEBIAN-CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

6.5CVSS6.1AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-61465 ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

4.8CVSS0.00173EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 8:16 p.m.8 views

CVE-2026-55575

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 7:32 p.m.33 views

CVE-2026-55575 LiquidJS: `pop` filter bypasses `memoryLimit` accounting that its array-filter siblings enforce

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS0.00384EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 7:32 p.m.8 views

CVE-2026-55575

LiquidJS (template engine for Shopify/GitHub Pages) has a vulnerability in the pop array filter prior to 10.27.1: the code path allocates a full clone of the input array with [...toArray(v)] without invoking this.context.memoryLimit.use(...), allowing a template render like {{ huge_array | pop }}...

8.2CVSS6AI score0.00384EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 7:32 p.m.4 views

CVE-2026-55575 LiquidJS: `pop` filter bypasses `memoryLimit` accounting that its array-filter siblings enforce

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS6.1AI score0.00384EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1860 Werkzeug possible resource exhaustion when parsing file data in forms

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting. The Request.maxcontentlength setting, as well as resource limits provided by deployment software and platforms,...

7.5CVSS6.7AI score0.01102EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38865

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

5.7AI score0.00173EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52997

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

5.5CVSS0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 4:29 p.m.2 views

CVE-2026-52997 net/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change()

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

5.5CVSS5.8AI score0.00173EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 4:29 p.m.9 views

CVE-2026-52997

The CVE-2026-52997 issue affects the Linux kernel’s net/sched sch_dualpi2 qdisc. The root cause was that dualpi2_change() could attempt to dequeue from the C-queue even when it was empty while packets resided in the L-queue, leading to a NULL skb dereference during limit/memlimit enforcement. The...

5.5CVSS5.7AI score0.00173EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.14 views

EUVD-2026-38726

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

5.7AI score0.00127EPSS
Exploits0References8
NVD
NVD
added 2026/06/17 11:17 p.m.14 views

CVE-2026-45357

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...

7.5CVSS0.00385EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 10:32 p.m.3 views

CVE-2026-45357 LiquidJS: Memory and render limit bypass via unbounded width padding in `date` filter (strftime)

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...

7.5CVSS5.9AI score0.00385EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/08 11:43 p.m.7 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the ReceivePackHandler via addthinpack/applydelta flows when handling crafted thin packs with attacker-controlled delta headers. An attacker can cause excessive memory allocation by...

6.8CVSS5.4AI score0.00188EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 11:43 p.m.17 views

Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack / applydelta, it would...

5.7CVSS5.5AI score0.00188EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.18 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.4AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-41309

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

8.2CVSS5.4AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 5:33 p.m.10 views

GHSA-HH27-HF48-9F5Q LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/27 5:33 p.m.15 views

LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder