Lucene search
K

483 matches found

Snyk
Snyk
added 2026/05/04 9:28 p.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the remote read endpoint when processing snappy-compressed request bodies. An attacker can cause excessive memory allocation and crash the process by sending specially crafted payloads...

8.7CVSS5.8AI score0.00761EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 7:16 p.m.29 views

CVE-2026-42154

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS0.00761EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:13 p.m.8 views

CVE-2026-42154

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/04 6:13 p.m.59 views

CVE-2026-42154

Prometheus (open-source monitoring/time-series database) is affected by CVE-2026-42154. Before versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker c...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References15Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 6:13 p.m.6 views

CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/04 6:13 p.m.8 views

CVE-2026-42154

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/04 6:13 p.m.7 views

CVE-2026-42154

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0
OSV
OSV
added 2026/05/04 12:34 p.m.7 views

SUSE-SU-2026:21543-1 Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.3+9 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...

7.5CVSS5.9AI score0.00702EPSS
Exploits0References19
Vulnrichment
Vulnrichment
added 2026/05/04 5:45 a.m.5 views

CVE-2026-7737 osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

6.9CVSS5.7AI score0.00631EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/28 1:34 a.m.7 views

SUSE CVE-2026-41476

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of...

8.8CVSS5.7AI score0.00344EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-41476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connect...

8.8CVSS5.9AI score0.00344EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.10 views

PT-2026-37189

Name of the Vulnerable Software and Affected Versions zrok versions prior to 2.0.2 Description The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but fails to prevent symlink following. If a symbolic link within the shared DriveRoot points to a...

8.7CVSS5.8AI score0.0033EPSS
Exploits0References10
NVD
NVD
added 2026/04/24 8:16 p.m.7 views

CVE-2026-41475

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

9.1CVSS0.00482EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/21 8:35 p.m.4 views

CVE-2026-22015

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4.3CVSS7.1AI score0.00243EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/14 3:38 p.m.35 views

CVE-2024-23104

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at...

5.4CVSS0.00255EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/09 11:29 p.m.3 views

SUSE CVE-2026-5907

Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. Chromium security severity: Low...

8.1CVSS7.3AI score0.00189EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/02 8:42 a.m.6 views

SUSE CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00336EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/01 4:41 a.m.3 views

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

6AI score0.00336EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 4:41 a.m.29 views

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

0.00336EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 4:41 a.m.9 views

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00336EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder