Lucene search
+L

63 matches found

euvd
euvd
added 6 days ago7 views

EUVD-2026-42904

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
osv
osv
added 6 days ago3 views

CVE-2026-61455 Grav before 2.0.1 Decompression Bomb via ZipArchiver

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References4
snyk
snyk
added 2026/07/02 10:17 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the ParseObjectContext and parseArray functions due to recursive parsing of nested PDF objects without enforcing a maximum nesting depth. An attacker can cause resource exhaustion and application unavailability...

8.7CVSS6AI score0.00451EPSS
Exploits0References2
cve
cve
added 2026/07/02 12:0 a.m.14 views

CVE-2026-38970

The provided data confirms a concrete vulnerability in pdfcpu

7.5CVSS5.8AI score0.00451EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/02 12:0 a.m.5 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

5.8AI score0.00451EPSS
Exploits0References4
osv
osv
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

7.5CVSS5.9AI score0.00451EPSS
Exploits0References5
euvd
euvd
added 2026/06/17 6:12 p.m.52 views

EUVD-2026-36726

Multer vulnerable to Denial of Service via deeply nested field names...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References3
nvd
nvd
added 2026/06/15 6:16 p.m.17 views

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

7.8CVSS0.00139EPSS
Exploits0References6
euvd
euvd
added 2026/06/15 4:23 p.m.11 views

EUVD-2026-36739

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 4:23 p.m.10 views

CVE-2026-8357 Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References1
cve
cve
added 2026/06/15 4:23 p.m.30 views

CVE-2026-8357

CVE-2026-8357 affects LibreOffice Calc. A heap buffer overflow occurs when compiling very long formulas with many opening tokens: the nesting-depth tracking array was allocated too small for the worst case, causing writes past the end. In fixed versions the array is sized to hold the largest poss...

7.8CVSS5.6AI score0.00139EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/15 4:23 p.m.43 views

CVE-2026-8357 Heap buffer overflow in Calc formula compilation

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS0.00139EPSS
Exploits0References1
nvd
nvd
added 2026/06/15 2:16 p.m.13 views

CVE-2026-5079

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS0.00278EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/15 1:56 p.m.43 views

CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS0.00278EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.27 views

PT-2026-49233

Name of the Vulnerable Software and Affected Versions multer versions 1.0.0 through 2.1.1 multer version 3.0.0-alpha.1 Description A Denial of Service issue exists due to the way the append-field dependency parses bracket notation in field names within multipart form data. Because there is no lim...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References9
nessus
nessus
added 2026/06/15 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-8357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening...

7.8CVSS7.1AI score0.00139EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.11 views

PT-2026-49267

Name of the Vulnerable Software and Affected Versions LibreOffice Calc affected versions not specified Description A heap buffer overflow occurs during the compilation of cell formulas when opening a spreadsheet. This issue is triggered by very long formulas containing numerous opening tokens. Th...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References30
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in expat

In Expat also known as libexpat, before version 2.4.5, an attacker could trigger stack exhaustion in buildmodel by using a very deep nesting level within the DTD element...

6.5CVSS6.7AI score0.03268EPSS
Exploits0References2
osv
osv
added 2026/04/06 11:8 p.m.2 views

GHSA-378J-3JFJ-8R9F go-ipld-prime: DAG-CBOR decoder unbounded memory allocation from CBOR headers

The DAG-CBOR decoder uses collection sizes declared in CBOR headers as Go preallocation hints for maps and lists. The decoder does not cap these size hints or account for their cost in its allocation budget, allowing small payloads to cause excessive memory allocation. A CBOR map or list header c...

6.2CVSS6.1AI score0.00156EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/03/18 9:50 p.m.3 views

CVE-2026-32944 Parse Server crash via deeply nested query condition operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References3
Rows per page
Query Builder