Lucene search
K

1923 matches found

OSV
OSV
added 2026/05/08 11:1 a.m.7 views

CLSA-2026-1778238067 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: fix excessive memory usage from many '' in IMAP commands...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:2 a.m.8 views

CoreDNS DoH GET path missing size validation causes CPU and memory amplification

...

8.7CVSS5.8AI score0.00672EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38441

Name of the Vulnerable Software and Affected Versions ericmj decimal versions 0.1.0 through 2.x Description Uncontrolled Resource Consumption allows unauthenticated remote Denial of Service. The library does not bound the exponent on parsed input, meaning a decimal with an excessively large...

6.9CVSS5.8AI score0.00321EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016489 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 8:58 p.m.18 views

CVE-2026-41483

OpenTelemetry.Resources.Azure (Azure VM resource detector) suffers from unbounded HTTP response body reads in AzureVmMetaDataRequestor when contacting the Azure VM metadata endpoint, causing unbounded memory usage and potential DoS. The issue affects versions 1.15.0-beta.1 and earlier; it is fixe...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/06 8:3 a.m.8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview exifreader is a Library that parses Exif metadata in images. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 7:7 p.m.58 views

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00672EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 10:25 a.m.7 views

CLSA-2026-1777976700 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: limit the number of open IMAP parser lists in imap-login to prevent excessive memory usage from deeply nested parentheses e.g. NOOP...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

CoreDNS 安全漏洞

CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from the DNS-over-QUIC server, where remote clients opened numerous QUIC streams and sent only 1 byte of data. This could lead to unlimited...

8.7CVSS5.8AI score0.00469EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:37 p.m.12 views

Security Bulletin:urllib3 Unbounded Decompression Chain Enables Denial of Service

Summary urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massiv...

8.9CVSS6.9AI score0.00633EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.5 views

SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2026:1641-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1641-1 advisory. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032:...

7.5CVSS5.8AI score0.0079EPSS
Exploits5References22
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.3 views

Wireshark 2.4.x < 2.4.7 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.7. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.7 advisory. - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was...

7.5CVSS7.5AI score0.03509EPSS
Exploits0References19
Github Security Blog
Github Security Blog
added 2026/04/29 6:30 p.m.28 views

OpenTelemetry.Resources.Azure has an unbounded HTTP response body read

Summary OpenTelemetry.Resources.Azure reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory. This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle MitM to cause excessive memory allocation and possible process...

5.9CVSS5.5AI score0.00323EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/29 1:26 p.m.8 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2026/04/29 12:0 a.m.10 views

Prosody XMPP server advisory 2026-04-29

The Prosody team reports: Traffic patterns were discovered which can cause Prosody to consume excessive amounts of memory with much smaller amounts of incoming traffic. This traffic can be sent by unauthenticated connections. It was discovered that modproxy65’s access control was broken and...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/04/28 10:43 p.m.6 views

GHSA-63CW-R7XF-JMWR CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...

8.7CVSS5.6AI score0.00672EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/28 10:43 p.m.10 views

CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...

8.7CVSS5.5AI score0.00672EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/28 11:53 a.m.11 views

SUSE-SU-2026:1641-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. - CVE-2026-27855: OTP...

7.5CVSS5.4AI score0.0079EPSS
Exploits5References15
Fedora
Fedora
added 2026/04/25 1:52 a.m.10 views

[SECURITY] Fedora 44 Update: nginx-1.28.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

8.8CVSS8.6AI score0.21621EPSS
Exploits0
NVD
NVD
added 2026/04/24 3:16 a.m.8 views

CVE-2026-41309

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

8.2CVSS0.00369EPSS
Exploits0References3
Rows per page
Query Builder