Lucene search
K

7016 matches found

RedHat Linux
RedHat Linux
added 10 hours ago5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 17 hours ago4 views

CVE-2026-14650

A flaw was found in Grass. A local attacker could exploit a vulnerability in the UTF-8 Character Handler, specifically within the grasscompiler::rawtoparseerror function, by executing a manipulation. This could lead to a denial of service, making the system or application unavailable to legitimat...

4.8CVSS5.8AI score0.00116EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 18 hours ago5 views

ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...

8.1CVSS6.9AI score0.00453EPSS
Exploits1References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-41694

A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grasscompiler::rawtoparseerror of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publishe...

4.8CVSS5.5AI score0.00116EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-14650

Technical details about CVE-2026-14650 are not publicly available in the provided documents. Monitor for updates.

4.8CVSS5.5AI score0.00116EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago26 views

CVE-2026-14650 connorskees grass UTF-8 Character raw_to_parse_error denial of service

A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grasscompiler::rawtoparseerror of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publishe...

4.8CVSS0.00116EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-55729

Name of the Vulnerable Software and Affected Versions connorskees grass versions prior to 0.13.5 Description A flaw in the UTF-8 Character Handler component allows local execution of a manipulation that can lead to a denial of service. The issue resides in the grass compiler::raw to parse error...

4.8CVSS6AI score0.00116EPSS
Exploits0References10
CVE
CVE
added 4 days ago8 views

CVE-2026-38970

The provided data confirms a concrete vulnerability in pdfcpu

7.5CVSS5.8AI score0.00173EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS0.00663EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled...

5.3CVSS6AI score0.0018EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 7:11 p.m.3 views

EEF-CVE-2026-53426 Atom-table exhaustion denial-of-service via JSON parse_document in MDEx

Summary Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parse\document/2 accepts a :json, json source. In lib/mdex.ex, the private json\to\node/1 function passes the attacker-controlled node\type value to Module.concat/1, whic...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/29 2:23 p.m.6 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-353 H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS8AI score0.00629EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-473 PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...

9.8CVSS6.7AI score0.00824EPSS
Exploits2References7
NVD
NVD
added 2026/06/28 12:17 p.m.8 views

CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/28 10:45 a.m.9 views

EUVD-2026-39989

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/28 10:45 a.m.8 views

CVE-2026-13489

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/28 10:45 a.m.31 views

CVE-2026-13489 78 xiaozhi-esp32 MCP Response mcp_server.cc ParseMessage improper synchronization

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcpserver.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack's...

3.1CVSS0.00228EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 1:32 a.m.36 views

CVE-2026-58051

CVE-2026-58051 affects libssh2 up to version 1.11.1. The vulnerability arises because libssh2 grows its publickey list using SSH2_REALLOC but does not zero-initialize the newly allocated entries before parsing populates them. If parsing fails and the code path cleans up, libssh2_publickey_list_fr...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder