CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 hours ago•3 views

CVE-2026-11611

CVE-2026-11611 concerns the Content Synchronization persistent search plugin in 389 Directory Server. The flaw enables denial of service via unbounded memory growth when an authenticated client stops reading sync responses, and there are additional race conditions in the plugin thread lifecycle t...

RedhatCVE•added 3 hours ago•3 views

CVE-2026-43973

A flaw was found in gun. A malicious server can exploit this uncontrolled resource consumption vulnerability by sending a partial HTTP/1.1 response that never completes. This causes the client's memory buffer to grow without bounds, leading to unbounded heap growth and potentially exhausting all...

8.7CVSS5.7AI score

Exploits0References2

ATTACKERKB•added 3 hours ago•2 views

CVE-2026-11611

EUVD•added 3 hours ago•2 views

EUVD-2026-35129

Positive Technologies•added 20 hours ago•3 views

PT-2026-47339

RedhatCVE•added 3 days ago•6 views

CVE-2026-39827

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

6.5CVSS5.5AI score0.00023EPSS

RedhatCVE•added 3 days ago•7 views

CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...

8.6CVSS5.6AI score0.00062EPSS

RedhatCVE•added 3 days ago•5 views

CVE-2026-35457

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...

8.2CVSS5.5AI score0.00077EPSS

Exploits1References1

RedhatCVE•added 6 days ago•7 views

CVE-2026-45292

A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high...

7.5CVSS5.8AI score0.00059EPSS

Exploits0References7

Tenable Nessus•added 6 days ago•5 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39827)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39827 advisory. - An authenticated SSH client that repeatedly opened channels which were rejected by the server...

6.5CVSS5.6AI score0.00023EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-45025

Impact DNSIncoming. log exception debug and the four QuietLogger exception-dedup methods stored an unbounded seen logs dict keyed by strsys.exc info1. The seven IncomingDecodeError messages raised from read name / decode labels at offset RFC 6762 §18 name-decoding error paths all embed self.sourc...

6.5CVSS5.8AI score

Exploits0References5

NVD•added 2026/05/28 9:16 p.m.•8 views

CVE-2026-42399

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

6.5CVSS0.00047EPSS

EUVD•added 2026/05/28 7:44 p.m.•5 views

EUVD-2026-33031

6.5CVSS5.8AI score0.00047EPSS

CNNVD•added 2026/05/28 12:0 a.m.•6 views

OpenTelemetry 安全漏洞

OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry prior to 1.62.0 contained a security vulnerability. This vulnerability stemmed from the parsing of excessively large baggage, leading to unlimited memory...

5.3CVSS5.8AI score0.00059EPSS

Tenable Nessus•added 2026/05/25 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-39827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server...

6.5CVSS5.8AI score0.00023EPSS

SUSE CVE•added 2026/05/23 1:29 a.m.•11 views

SUSE CVE-2026-39827

6.5CVSS5.8AI score0.00023EPSS

Snyk•added 2026/05/22 5:32 a.m.•8 views

Missing Release of Resource after Effective Lifetime

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attack...

7.1CVSS5.8AI score0.00023EPSS

Exploits0References2

Snyk•added 2026/05/22 5:32 a.m.•5 views

Missing Release of Resource after Effective Lifetime

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attacker ca...

7.1CVSS5.8AI score0.00023EPSS

Exploits0References2

NVD•added 2026/05/22 4:16 a.m.•9 views

CVE-2026-39827

6.5CVSS0.00023EPSS