Lucene search
K

1912 matches found

CVE
CVE
added 2026/05/28 2:49 p.m.38 views

CVE-2026-48735

The CVE affects the Python PDF library pypdf prior to version 6.12.1, where parsing large XMP metadata can cause excessive memory usage. Root cause is processing crafted or verbose XMP metadata that expands memory footprint. Impact stated: high impact on availability due to memory exhaustion; con...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/28 2:49 p.m.40 views

CVE-2026-48735 pypdf: Manipulated XMP metadata streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:49 p.m.12 views

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 2:49 p.m.10 views

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44392

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF file that causes excessive memory consumption. This occurs when extracting text in layout mode using large character offsets...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44399

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.1 Description An attacker can craft a PDF file that causes excessive memory consumption during the parsing of large XMP metadata, which may contain numerous unnecessary elements. Recommendations Update to version...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

pypdf 资源管理错误漏洞

pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.12.0, pypdf had a resource management vulnerability caused by the use of large character offsets when extracting text in layout...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/05/27 2:20 p.m.10 views

Security update for yq

This update for yq fixes the following issues CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML...

7.5CVSS6.8AI score0.00781EPSS
Exploits1References16
Vulnrichment
Vulnrichment
added 2026/05/25 2:0 p.m.9 views

CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS5.9AI score0.00703EPSS
Exploits1References4
OSV
OSV
added 2026/05/22 5:27 p.m.5 views

GHSA-7M8F-HGJQ-8GC9 aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler

Vulnerability Description In aiosend/webhook/base.py, the WebhookHandler.feedupdate method performs full deserialization of the incoming JSON via Pydantic before verifying the HMAC signature. Anyone can send a request with an arbitrary body — the server will parse it, spend CPU and memory, and on...

7.5CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/22 5:27 p.m.15 views

aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler

Vulnerability Description In aiosend/webhook/base.py, the WebhookHandler.feedupdate method performs full deserialization of the incoming JSON via Pydantic before verifying the HMAC signature. Anyone can send a request with an arbitrary body — the server will parse it, spend CPU and memory, and on...

6AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/21 9:23 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the IntlExtension process. An attacker can cause excessive memory consumption by supplying a large number of unique arguments to the formatdatetime, formatdate, formattime,...

6.9CVSS5.8AI score0.00056EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 1:36 p.m.12 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.9AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/20 11:27 a.m.11 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS7.7AI score0.00579EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in pillow

In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for an ICNS container. As a result, a memory allocation attempt can be quite large...

7.5CVSS6.8AI score0.04851EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net:mctp: Fix for device leak on probe failure The driver core holds a reference to the USB interface and its parent USB device while the interface is bound to the driver. There is no need to hold additional references unless tho...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Netty

The Snappy frame decoder function does not limit the chunk length, which can lead to excessive memory usage. In addition, it may also buffer reserved skipable chunks until the entire chunk is received, which can also result in excessive memory usage. This vulnerability can be exploited by providi...

7.5CVSS6.9AI score0.0628EPSS
Exploits0References1
Redos
Redos
added 2026/05/20 12:0 a.m.14 views

ROS-20260520-73-0036

A vulnerability in the Dawn component of Google Chrome browser is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the sandbox protection mechanism using a specially crafted HTML page...

8.8CVSS5.8AI score0.00359EPSS
Exploits0
Redos
Redos
added 2026/05/20 12:0 a.m.10 views

ROS-20260520-73-0056

Vulnerability in chromium related to memory usage after its release. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

9.6CVSS6.2AI score0.00248EPSS
Exploits0
Redos
Redos
added 2026/05/20 12:0 a.m.12 views

ROS-20260520-73-0038

A vulnerability in the WebGPU component of the Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

8.8CVSS6.2AI score0.00397EPSS
Exploits0
Rows per page
Query Builder