Lucene search
K

8538 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42943

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-33939

mint: Unbounded streams map growth via PUSHPROMISE without follow-up HEADERS...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-45409

A flaw was found in the idna library, which handles Internationalized Domain Names in Python applications. A remote attacker could exploit this vulnerability by sending specially crafted, excessively long inputs to the library's encoding function. This could cause the system to consume significan...

6.9CVSS6.4AI score0.00408EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago6 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7AI score0.00615EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42503

In OpENer 2.3.0 commit 76b95cf, a resource exhaustion Denial of Service vulnerability exists in its network processing loop...

7.5CVSS5.9AI score0.00488EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-51535

In OpENer 2.3.0 commit 76b95cf, a resource exhaustion Denial of Service vulnerability exists in its network processing loop...

7.5CVSS0.00488EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-55195

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS0.00321EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago4 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS6.6AI score0.04409EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59922 Mistune plugins/formatting: quadratic-time parsing on long runs of `~~x~~`, `==x==`, and `^^x^^` markers (strikethrough / mark / insert)

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...

7.5CVSS0.00366EPSS
Exploits1References3
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-42313

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS6AI score0.00354EPSS
Exploits0References3
Debian CVE
Debian CVE
added 5 days ago6 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1
CVE
CVE
added 5 days ago17 views

CVE-2026-51535

CVE-2026-51535 affects OpENer 2.3.0 (commit 76b95cf). A resource exhaustion (Denial of Service) condition exists in the network processing loop. The vulnerability is described consistently across multiple sources (NVD, EUVD, CVE lists, and third-party feeds) as a DoS in the networking stack, but ...

7.5CVSS5.9AI score0.00488EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-51535

In OpENer 2.3.0 commit 76b95cf, a resource exhaustion Denial of Service vulnerability exists in its network processing loop...

0.00488EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56622

Name of the Vulnerable Software and Affected Versions OpENer version 2.3.0 Description A resource exhaustion issue exists in the network processing loop, which can lead to a Denial of Service DoS condition. Denial of Service is a state where a system becomes unavailable to its intended users...

7.5CVSS6.1AI score0.00488EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56493

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.19 Description Insufficient enforcement of hard upper bounds on total decompressed data, entry counts, or decompression ratio within extraction and parsing paths, such as src/extract.ts, allows a crafted gzip bom...

9.2CVSS6.1AI score0.00358EPSS
Exploits1References7
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS0.0042EPSS
Exploits0References7
OSV
OSV
added 6 days ago3 views

PYSEC-2026-1860 Werkzeug possible resource exhaustion when parsing file data in forms

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting. The Request.maxcontentlength setting, as well as resource limits provided by deployment software and platforms,...

7.5CVSS6.7AI score0.01102EPSS
Exploits0References11
EUVD
EUVD
added last week8 views

EUVD-2026-25012

mv: symlinks expanded during cross-device move resource exhaustion / data duplication...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 1:3 p.m.6 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2026/07/06 9:3 a.m.6 views

CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References4
Rows per page
Query Builder