491 matches found
CVE-2026-39197
A flaw was found in Vector. A remote attacker could send a specially crafted compressed request to Vector's HTTP ingest sources, causing unbounded memory allocation during decompression and leading to a Denial of Service DoS. Mitigation Restrict network access to Vector's HTTP and gRPC ingest...
CVE-2026-55079 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...
CVE-2026-56810
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...
CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...
Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...
CVE-2026-56149
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...
CVE-2026-53917
CVE-2026-53917 describes an unbounded memory allocation vulnerability in OpenWire property unmarshalling in Apache ActiveMQ and related builds. An authenticated user can send a crafted OpenWire Message with a very large encoded size value for a message property map, causing OpenWire maps to be un...
Linux Distros Unpatched Vulnerability : CVE-2026-56018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup free...
CVE-2026-53429
Affected software: mdex (0.11.0–0.12.3) and mdex_native (0.1.0–0.2.3). Root cause: native rendering path leaks memory by Box::leak of literal strings for each MDEx.EscapedTag node, with no cap on literal size or node count, causing unbounded memory growth per render and across renders. Trigger: r...
CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex
Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...
Linux Distros Unpatched Vulnerability : CVE-2026-46602
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause...
Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation
...
CVE-2026-13322
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...
CVE-2026-46602
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
DEBIAN-CVE-2026-46602
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
CVE-2026-46602
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
CVE-2026-56770
Libais 0.15 is affected by an out-of-bounds vector access in VdmStream::AddLine caused by an unchecked sentinel value used as a vector index when handling AIS sentences with empty or out-of-range sequential IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM senten...
WS Auto-PONG memory exhaustion
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...
CVE-2026-3196 Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation
An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...
CVE-2026-3196
An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...