CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

293 matches found

RedhatCVE•added 2026/06/11 2:59 p.m.•9 views

CVE-2026-41726

A flaw was found in spring-kafka. When an application uses the DelegatingDeserializer, a malicious producer can exploit this vulnerability by sending records with unique, random spring.kafka.serialization.selector header values. This can cause the consumer's memory heap to grow without limits,...

6.5CVSS5.1AI score0.00289EPSS

Exploits0References4

Positive Technologies•added 2026/05/28 12:0 a.m.•12 views

PT-2026-44194

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw allows a remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker who has compromis...

4.9CVSS5.8AI score0.00442EPSS

Exploits0References7

Vulnrichment•added 2026/05/04 4:40 p.m.•4 views

CVE-2026-42440 Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...

5.8AI score0.00478EPSS

Exploits0References1

ATTACKERKB•added 2026/05/04 4:40 p.m.•1 views

CVE-2026-42440

5.9AI score0.00478EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/04 12:0 a.m.•6 views

Apache OpenNLP 安全漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. There is a security vulnerability in Apache OpenNLP, which stems from AbstractModelReader not verifying whether the counts in array assignments are non-negative or within a reasonable range. This could lea...

7.5CVSS5.8AI score0.00478EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•8 views

Astra Linux – Vulnerability in Tomcat9

The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, and from 9.0.13 through 9.0.89. The following versions were already reached their...

8.6CVSS7.9AI score0.01702EPSS

Exploits0References2

Veracode•added 2026/02/16 9:24 a.m.•7 views

Denial Of Service (DoS)

Undertow is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of large HTTP parameter names in HttpServletRequestImpl.getParameterNames, where excessively large parameter names supplied by a client can cause unbounded memory allocation during request parsing,...

7.5CVSS5.6AI score0.0043EPSS

Exploits0References5Affected Software1

UbuntuCve•added 2026/01/30 3:16 p.m.•4 views

CVE-2024-4027

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

7.5CVSS5.9AI score0.0043EPSS

Exploits0References3

Tenable Nessus•added 2025/11/20 12:0 a.m.•3 views

TencentOS Server 4: tomcat (TSSA-2024:0569)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0569 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.6CVSS7.8AI score0.01702EPSS

Exploits0References2