urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

ROS-20260617-73-0048

The vulnerability in ImageMagick is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Inefficient Algorithmic Complexity

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the FlateDecode PNG predictor streams. An attacker can cause excessive resource consumption...

Security Bulletin: MongoDB Enterprised Advanced affected by: Uncontrolled Resource Consumption (CVE-2026-22740)

Summary There are vulnerabilities in spring-web-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22740. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22740 DESCRIPTION: A WebFlux server application that processes multipart requests create...

EUVD-2026-35549

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability...

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Uncontrolled Resource Consumption.

Summary brace-expansion-2.0.2.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33750. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Resource Consumption.

Summary netty-codec-4.1.127.Final.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42583. Vulnerability Details CVEID:CVE-2026-42583 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocate...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-2200...

UBUNTU-CVE-2026-7790

Uncontrolled Resource Consumption vulnerability in ninenines cowlib c...

RockyLinux 8 : .NET 8.0 (RLSA-2026:25110)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25110 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

CVE-2026-1500 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing ...

CVE-2026-47902

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

CVE-2026-34713

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...

Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.118 and .NET Runtime...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...