Lucene search
+L

488 matches found

RedHat Linux
RedHat Linux
added 2026/02/02 1:17 a.m.10 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/30 5:16 p.m.10 views

CVE-2025-61728

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

7.5CVSS7.9AI score0.00643EPSS
Exploits1References7
OSV
OSV
added 2026/01/30 12:27 p.m.6 views

OESA-2026-1250 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

8.9CVSS6AI score0.00633EPSS
Exploits0References2
OSV
OSV
added 2026/01/30 12:27 p.m.8 views

OESA-2026-1249 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

8.9CVSS6AI score0.00633EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/29 9:8 a.m.4 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/26 8:52 p.m.10 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/26 6:1 p.m.3 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/01/22 4:8 p.m.5 views

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses bsc1256331 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate o...

4.3CVSS5.5AI score0.02667EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/22 1:51 a.m.12 views

CVE-2026-23962

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

7.5CVSS5.6AI score0.00487EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : dotnet6.0-6.0.105-1.el8.ML.1 (AXSA:2022-3729:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3729:08 advisory. dotnet: excess memory allocation via HttpClient causes DoS CVE-2022-23267 dotnet: malicious content causes high CPU and memory usage CVE-2022-29117...

7.5CVSS7.5AI score0.05041EPSS
Exploits0References4
NVD
NVD
added 2026/01/17 5:15 p.m.12 views

CVE-2025-15532

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks...

7.5CVSS0.0098EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2026/01/17 4:32 p.m.4 views

CVE-2025-15532

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks...

7.5CVSS4.8AI score0.0098EPSS
Exploits1References8
CVE
CVE
added 2026/01/17 4:32 p.m.24 views

CVE-2025-15532

Open5GS up to 2.7.5 is affected by a Timer Handler processing issue that leads to resource consumption. The vulnerability can be exploited remotely, and there are public exploits and a patch identified as c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. Remediation guidance present in sources calls for ...

7.5CVSS6.3AI score0.0098EPSS
Exploits1References12Affected Software1
UbuntuCve
UbuntuCve
added 2026/01/14 7:16 p.m.6 views

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS6.7AI score0.00433EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.7 views

CVE-2023-50304

IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335...

8.2CVSS6.9AI score0.00614EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.4 views

Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2025-1322)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1322 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

7.5CVSS7.7AI score0.00459EPSS
Exploits2References6
Amazon
Amazon
added 2026/01/07 12:0 a.m.10 views

Medium: containerd

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.8AI score0.00459EPSS
Exploits2
SUSE Linux
SUSE Linux
added 2026/01/05 12:6 p.m.2 views

Security update for erlang26

This update for erlang26 fixes the following issues: CVE-2025-48040: Excessive resource consumption bsc1249472 CVE-2025-48039: Excessive use of system resources bsc1249469 CVE-2025-48038: Excessive use of system resources bsc1249470 Patch Instructions: To install this SUSE update use the SUSE...

6.9CVSS6.7AI score0.00402EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-7113

Name of the Vulnerable Software and Affected Versions Recursor affected versions not specified Description Improperly crafted zones may cause increased resource consumption. Additionally, crafted CNAME chains can lead to cache poisoning within the Recursor. Recommendations At the moment, there is...

5.3CVSS5.4AI score0.00407EPSS
Exploits0References13
NVD
NVD
added 2025/12/30 5:15 p.m.9 views

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

6.5CVSS0.00214EPSS
Exploits0References1
Rows per page
Query Builder