CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 3 days ago•4 views

CVE-2026-54285

5.3CVSS5.9AI score0.00238EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/11 7:11 p.m.•7 views

EUVD-2026-36307

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS5.5AI score0.00329EPSS

Exploits0References4

Vulnrichment•added 2026/06/11 7:11 p.m.•9 views

CVE-2026-53781 Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

5.3CVSS5.3AI score0.00329EPSS

Exploits0References4

NVD•added 2026/06/11 5:16 p.m.•11 views

CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS0.00344EPSS

OSV•added 2026/06/11 5:16 p.m.•3 views

DEBIAN-CVE-2026-44488

7.5CVSS5.4AI score0.00344EPSS

OSV•added 2026/06/11 5:16 p.m.•3 views

UBUNTU-CVE-2026-44488

7.5CVSS5.4AI score0.00344EPSS

Exploits1References3

EUVD•added 2026/06/11 3:37 p.m.•7 views

EUVD-2026-36261

Vulnrichment•added 2026/06/11 3:37 p.m.•15 views

CVE-2026-44488 Axios: Allocation of Resources Without Limits or Throttling in axios

CVE•added 2026/06/11 3:37 p.m.•56 views

CVE-2026-44488

Axios 1.7.0–1.15.x did not enforce maxContentLength/maxBodyLength when using the fetch adapter, enabling oversized response or request bodies and causing resource exhaustion in server-side usage. Affected: Axios (fetch adapter context). Root cause: missing enforcement of configured size limits fo...

Exploits1References1Affected Software1

Amazon•added 2026/06/08 12:0 a.m.•11 views

Important: containerd

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS5.7AI score0.00466EPSS

Exploits0

Tenable Nessus•added 2026/06/08 12:0 a.m.•7 views

Amazon Linux 2023 : docker (ALAS2023-2026-1783)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1783 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU...

10CVSS6.8AI score0.03092EPSS

Exploits2References16

Tenable Nessus•added 2026/06/08 12:0 a.m.•6 views

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-128 (ALASDOCKER-2026-128)

The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-128 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounde...

10CVSS5.8AI score0.00466EPSS

Exploits0References28

Amazon•added 2026/06/08 12:0 a.m.•13 views

Important: nerdctl

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

10CVSS6.1AI score0.00466EPSS

Exploits0

Tenable Nessus•added 2026/06/08 12:0 a.m.•9 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1809)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1809 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected...

10CVSS5.8AI score0.00466EPSS

Exploits0References28

RedhatCVE•added 2026/06/05 7:35 p.m.•9 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.5AI score0.00254EPSS

OSV•added 2026/06/04 2:21 p.m.•6 views

GHSA-777C-7FJR-54VF Allocation of Resources Without Limits or Throttling in Axios

Summary Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies large...

7.5CVSS5.8AI score0.00344EPSS

Exploits1References6

Positive Technologies•added 2026/06/04 12:0 a.m.•12 views

PT-2026-46302

Name of the Vulnerable Software and Affected Versions Axios versions 1.7.0 through 1.15.x Description Axios fails to enforce configured request and response size limits when using the fetch adapter. This occurs when applications explicitly set adapter: 'fetch', use a configuration where fetch is...

OSV•added 2026/05/26 12:12 p.m.•7 views

Exploits1References9

CLSA-2026-1779797547 Fix CVE(s): CVE-2026-29168

SECURITY UPDATE: fix denial of service in modmd OCSP response handling by enforcing size limit and timeouts - debian/patches/CVE-2026-29168.patch: fix denial of service in modmd OCSP response handling by enforcing size limit and timeouts - CVE-2026-29168...

7.3CVSS5.8AI score0.00628EPSS

Cvelist•added 2026/05/22 10:20 a.m.•23 views

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

4.9CVSS0.00254EPSS