Lucene search
K

1913 matches found

OSV
OSV
added 2026/06/18 2:28 p.m.6 views

GHSA-JM82-FX9C-MX94 pypdf: Missing stream length values ignore defined limits

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. Patches This has been fixed in pypdf==6.13.3. Workarounds If you cannot upgrade yet,...

6.9CVSS5.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/16 1:47 p.m.8 views

pypdf: Possible large memory usage for form XObjects during text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/16 1:45 p.m.13 views

EUVD-2026-32912

pypdf: Manipulated XMP metadata streams can exhaust RAM...

6.9CVSS5.1AI score0.0013EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-49730

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that causes excessive memory consumption. This occurs when extracting text from a page containing a form XObject a reusable PDF...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/06/15 8:19 p.m.7 views

GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

7.5CVSS5.4AI score0.00052EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:13 p.m.3 views

GHSA-94RC-8X27-4472 protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49588

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the asynchronous HTTP client/server framework where an attacker can send large incomplete websocket frame payloads. This allows the attacker to bypass standard memory use size...

8.7CVSS5.9AI score0.00305EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/06/12 9:51 p.m.14 views

File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

6.5CVSS5.3AI score0.00484EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/06/12 6:29 p.m.11 views

EUVD-2026-32914

pypdf: Possible large memory usage for large offsets for layout mode text...

5.5CVSS5.1AI score0.00127EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/12 6:29 p.m.12 views

pypdf: Possible large memory usage for large offsets for layout mode text

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to immediately upgrade, they should...

5.5CVSS5.1AI score0.00127EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/12 6:29 p.m.37 views

GHSA-CJ93-CHG6-VGV8 pypdf: Possible large memory usage for large offsets for layout mode text

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to immediately upgrade, they should...

4.8CVSS5.2AI score0.00127EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.10 views

CVE-2026-42570

A flaw was found in devalue, a JavaScript library used for serializing values. Due to quirks in some JavaScript engines, the devalue.parse function could be exploited by a remote attacker when deserializing specially crafted sparse arrays. This could lead to excessive memory consumption, resultin...

7.5CVSS5.4AI score0.00384EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/11 1:40 p.m.9 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS7AI score0.00643EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/09 4:12 p.m.12 views

EUVD-2026-35500

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

7.5CVSS5.3AI score0.00384EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 4:12 p.m.9 views

CVE-2026-42570 Svelte devalue: DoS via sparse array deserialization

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

7.5CVSS5.3AI score0.00384EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

devalue 安全漏洞

devalue is an enhanced JavaScript object serialization library developed by Svelte. Versions of devalue from 5.6.3 to 5.8.1 contained a security vulnerability. This vulnerability stemmed from excessive memory allocation during the deserialization of sparse arrays, which could lead to excessive...

7.5CVSS5.4AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.5AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.10 views

PT-2026-46098

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

8.1CVSS5.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

Fedora 43 : dovecot (2026-693373747f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-693373747f advisory. CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA--PLUS channel binding could be faked...

9.1CVSS5.8AI score0.00667EPSS
Exploits1References7
OSV
OSV
added 2026/06/02 12:0 a.m.8 views

ALSA-2026:22528 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References4
Rows per page
Query Builder