Lucene search
K

1910 matches found

NVD
NVD
added 2026/05/19 7:16 a.m.35 views

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

6.9CVSS0.00464EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:32 p.m.13 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27024 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to ...

6.9CVSS5.8AI score0.00168EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2026/05/16 5:25 a.m.15 views

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of excessively long passwords during authentication, which allows an attacker to consume excessive CPU and memory resources by submitting login attempts with multi-megabyte passwords...

7.5CVSS5.2AI score0.00263EPSS
Exploits0References3Affected Software2
Fedora
Fedora
added 2026/05/15 10:45 p.m.16 views

[SECURITY] Fedora 42 Update: nginx-1.30.1-1.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS6AI score0.61469EPSS
Exploits41
Fedora
Fedora
added 2026/05/15 9:9 p.m.17 views

[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS6AI score0.61469EPSS
Exploits41
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.13 views

SUSE CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

5.3CVSS5.9AI score0.00455EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41161

Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...

7.5CVSS5.8AI score0.00686EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during...

8.9CVSS5.5AI score0.0068EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 8:16 p.m.8 views

UBUNTU-CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.12 views

CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 5:16 p.m.13 views

CVE-2026-44577

Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...

7.5CVSS0.00657EPSS
Exploits1References5
PyPA
PyPA
added 2026/05/13 4:16 p.m.19 views

PYSEC-2026-142

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/13 4:16 p.m.8 views

CVE-2026-41227

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00263EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/13 1:20 p.m.13 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.9AI score0.00643EPSS
Exploits1References8
OSV
OSV
added 2026/05/13 8:59 a.m.9 views

CLSA-2026-1778250399 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References1
CloudLinux
CloudLinux
added 2026/05/13 8:59 a.m.9 views

dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

7.5CVSS5.8AI score0.00667EPSS
Exploits1
OSV
OSV
added 2026/05/13 4:17 a.m.4 views

UBUNTU-CVE-2026-8199

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...

7.1CVSS5.8AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.9 views

Denial of Service (DoS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Denial of Service DoS through the handling of resource requests. An attacker can cause the application to become unresponsive by sending specially crafted requests that...

8.7CVSS5.8AI score0.15933EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 2:17 p.m.13 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

7.5CVSS0.00454EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/12 2:17 p.m.12 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References2
Rows per page
Query Builder