Lucene search
K

827 matches found

EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-40421

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...

8.7CVSS5.9AI score
Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-50254

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...

8.7CVSS5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:2647-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2647-1 advisory. This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on...

9.8CVSS7.5AI score0.0156EPSS
Exploits3References58
OSV
OSV
added 5 days ago3 views

SUSE-SU-2026:2647-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS6.6AI score0.0156EPSS
Exploits3References39
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-31392

golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References6
OSV
OSV
added 6 days ago2 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.0156EPSS
Exploits3References43
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Node.js Module Undici 8.1.x < 8.5.0 DoS (CVE-2026-9675)

The nodejs module Undici detected on the host is version 8.1.x prior to 8.5.0. It is, therefore, affected by a denial of service vulnerability: - The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious...

7.5CVSS6.4AI score0.00426EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.17 views

Node.js Module Undici 6.17.x < 6.27.0 / 7.x < 7.28.0 / 8.x < 8.5.0 DoS (CVE-2026-12151)

The nodejs module Undici detected on the host is version 6.17.x prior to 6.27.0, 7.x prior to 7.28.0, or 8.x prior to 8.5.0. It is, therefore, affected by a denial of service vulnerability: - The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a messag...

7.5CVSS7.1AI score0.0057EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.7 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.5 views

httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS5.9AI score0.11471EPSS
Exploits7References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libsoup2.4

GNOME libsoup before version 3.6.1 has an infinite loop and consumes a large amount of memory during the reading of certain patterns of WebSocket data from clients...

7.5CVSS7.1AI score0.00933EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in golang-golang-x-net

An attacker can cause excessive memory usage in a Go server that accepts HTTP/2 requests. HTTP/2 server connections include a cache of HTTP header keys sent by the client. Although the total number of entries in this cache is limited, an attacker who sends very large keys can cause the server to...

5.3CVSS7.2AI score0.05623EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 3:49 p.m.17 views

CVE-2026-55205 Hermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenticated OAuth Flow Endpoint

Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and...

6.9CVSS0.00301EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/17 6:22 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and...

8.7CVSS5.9AI score0.0057EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of fragmented WebSocket messages. An attacker can cause unbounded memory growth and...

8.7CVSS6.5AI score0.00426EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.7 views

CVE-2026-46340

A flaw was found in netty-transport-sctp. A remote attacker can exploit this vulnerability by sending specially crafted, non-complete Stream Control Transmission Protocol SCTP message fragments. This can lead to unbounded memory growth within the application, causing a Denial of Service DoS...

7.5CVSS5.1AI score0.00371EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:2 a.m.5 views

Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

...

7.5CVSS5.8AI score0.00511EPSS
Exploits0
OSV
OSV
added 2026/06/13 12:5 a.m.10 views

RLSA-2026:25237 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...

9.1CVSS5.8AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/13 12:3 a.m.20 views

RLSA-2026:25239 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...

9.1CVSS5.8AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/12 3:16 p.m.3 views

UBUNTU-CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References5
Rows per page
Query Builder