Lucene search
+L

112 matches found

cvelist
cvelist
added 2026/07/03 8:19 p.m.35 views

CVE-2026-26307 Gitea git grep search lacks a timeout

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

0.00466EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/10 9:30 p.m.40 views

CVE-2026-45664 ImageMagick: Policy Bypass in MNG coder could

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...

5.3CVSS0.00441EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2026/06/08 12:0 a.m.4 views

The vulnerabilities of the functions ParseAddress(), ParseAddressList(), and ParseDate() in the Go programming language allow a hacker to cause a service failure.

The vulnerability of the ParseAddress, ParseAddressList, and ParseDate functions in the Go programming language is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS5.8AI score0.00784EPSS
Exploits0References6Affected Software2
nessus
nessus
added 2026/06/08 12:0 a.m.28 views

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3346 (ALAS-2026-3346)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3346 advisory. When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per...

7.5CVSS6AI score0.01849EPSS
Exploits4References32
euvd
euvd
added 2026/06/01 4:4 p.m.11 views

EUVD-2026-33663

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

6.5CVSS5.7AI score0.00295EPSS
Exploits0References3
ibm
ibm
added 2026/05/29 4:59 p.m.14 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.4 Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...

7.5CVSS5.9AI score0.00808EPSS
Exploits8Affected Software1
attackerkb
attackerkb
added 2026/05/29 4:0 p.m.7 views

CVE-2026-10069

A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be launched remotely. This project is superseded by FreshTomato. This vulnerability only affects produc...

8.7CVSS6.7AI score0.00438EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/05/27 2:17 p.m.3 views

CVE-2026-7528

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

7.5CVSS6AI score
Exploits0References1
redos
redos
added 2026/05/24 12:0 a.m.27 views

ROS-20260524-73-0013

A vulnerability in the Libraries component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

3.7CVSS7.2AI score0.00269EPSS
Exploits0
attackerkb
attackerkb
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

5.8AI score0.00415EPSS
Exploits0References6
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Zabbix

JavaScript preprocessing, webhooks, and global scripts can lead to uncontrolled utilization of CPU, memory, and disk I/O resources. The ability to preprocess/webhook/configure and test global scripts is only available to Administrative roles Admin and Superadmin. Administrative privileges should...

5.9CVSS5.3AI score0.01156EPSS
Exploits0References2
github
github
added 2026/05/18 8:33 p.m.29 views

ImageMagick: Policy Bypass in MNG coder could

Because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3Affected Software18
osv
osv
added 2026/05/13 4:16 p.m.4 views

DEBIAN-CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

7.5CVSS5.8AI score0.0068EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.14 views

PT-2026-40715

Name of the Vulnerable Software and Affected Versions go-billy versions prior to v5 Description Multiple components improperly handle crafted or malformed input, which can lead to panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues result from...

9.8CVSS7AI score0.00561EPSS
Exploits0References436
snyk
snyk
added 2026/05/08 7:52 p.m.11 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the generatecompletion, embed, embeddings, and showmodelinfo functions. An attacker can access restricted model information and consume compute resources by sending crafted API reques...

5.4CVSS5.8AI score0.00238EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/05/07 12:0 a.m.12 views

PT-2026-38481

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

7.3CVSS5.8AI score0.00394EPSS
Exploits0References4
snyk
snyk
added 2026/05/06 7:32 p.m.18 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

8.7CVSS5.8AI score0.01533EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/04/20 11:8 p.m.4 views

CVE-2026-41331

OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by...

6.9CVSS5.8AI score0.00297EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/04/20 5:0 a.m.7 views

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.2AI score0.00623EPSS
Exploits0References8Affected Software1
suse
suse
added 2026/04/09 10:47 a.m.4 views

Security update for cockpit

This update for cockpit fixes the following issues: CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References8
Rows per page
Query Builder