CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•2 views

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS

RedhatCVE•added yesterday•4 views

CVE-2026-43973

A flaw was found in gun. A malicious server can exploit this uncontrolled resource consumption vulnerability by sending a partial HTTP/1.1 response that never completes. This causes the client's memory buffer to grow without bounds, leading to unbounded heap growth and potentially exhausting all...

8.7CVSS5.7AI score

Exploits0References2

ATTACKERKB•added yesterday•2 views

CVE-2026-11611

EUVD•added yesterday•3 views

EUVD-2026-35129

CVE•added yesterday•8 views

CVE-2026-11611

CVE-2026-11611 concerns the Content Synchronization persistent search plugin in 389 Directory Server. The flaw enables denial of service via unbounded memory growth when an authenticated client stops reading sync responses, and there are additional race conditions in the plugin thread lifecycle t...

Cvelist•added yesterday•13 views

CVE-2026-11611 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

6.5CVSS

Positive Technologies•added yesterday•0 views

PT-2026-47625

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "r " to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

7.5CVSS

Exploits0References5

Positive Technologies•added yesterday•4 views

PT-2026-47339

Positive Technologies•added yesterday•1 views

PT-2026-47611

7.5CVSS

Exploits0References5

RedhatCVE•added 4 days ago•6 views

CVE-2026-39827

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

6.5CVSS5.5AI score0.00023EPSS

RedhatCVE•added 4 days ago•7 views

CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...

8.6CVSS5.6AI score0.00062EPSS

RedhatCVE•added 4 days ago•5 views

CVE-2026-35457

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...

8.2CVSS5.5AI score0.00077EPSS

Exploits1References1

RedhatCVE•added last week•7 views

CVE-2026-45292

A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high...

7.5CVSS5.8AI score0.00059EPSS

Exploits0References7

Tenable Nessus•added 2026/06/02 12:0 a.m.•5 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39827)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39827 advisory. - An authenticated SSH client that repeatedly opened channels which were rejected by the server...

6.5CVSS5.6AI score0.00023EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-45025

Impact DNSIncoming. log exception debug and the four QuietLogger exception-dedup methods stored an unbounded seen logs dict keyed by strsys.exc info1. The seven IncomingDecodeError messages raised from read name / decode labels at offset RFC 6762 §18 name-decoding error paths all embed self.sourc...

6.5CVSS5.8AI score

Exploits0References5

NVD•added 2026/05/28 9:16 p.m.•8 views

CVE-2026-42399

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

6.5CVSS0.00047EPSS

EUVD•added 2026/05/28 7:44 p.m.•5 views

EUVD-2026-33031

6.5CVSS5.8AI score0.00047EPSS

CNNVD•added 2026/05/28 12:0 a.m.•6 views

OpenTelemetry 安全漏洞

OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry prior to 1.62.0 contained a security vulnerability. This vulnerability stemmed from the parsing of excessively large baggage, leading to unlimited memory...

5.3CVSS5.8AI score0.00059EPSS

Tenable Nessus•added 2026/05/25 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-39827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server...

6.5CVSS5.8AI score0.00023EPSS