Lucene search
K

480 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

cpp-httplib 安全漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.43.4 contained security vulnerabilities. These vulnerabilities stemmed from negative chunk sizes in chunked transmission encoding, leading to unbounded...

7.5CVSS5.8AI score0.00327EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 5:16 p.m.17 views

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

7.5CVSS0.00686EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/27 5:33 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the date filter in filters/date.ts and the strftime formatter in...

8.7CVSS5.9AI score0.00385EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-28376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/20 11:57 a.m.16 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/19 2:35 p.m.17 views

Allocation of Resources Without Limits or Throttling

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...

9.2CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/15 8:42 a.m.7 views

BIT-GRAFANA-2026-28383 Grafana plugin resources can lead to unbounded memory allocation

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 4:36 p.m.8 views

GHSA-RCGG-9C38-7XPX OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

5.3CVSS5.9AI score0.00686EPSS
Exploits0References6
NVD
NVD
added 2026/05/14 11:16 a.m.18 views

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS0.0062EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/13 9:32 p.m.18 views

EUVD-2026-30138

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 7:28 p.m.27 views

CVE-2026-28383

CVE-2026-28383 describes a memory‑consumption vulnerability in the Grafana environment where a request to the Grafana plugin resources endpoint can read the entire request body into memory, leading to unbounded memory usage. An authenticated user can exploit this to trigger an out‑of‑memory condi...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:28 p.m.8 views

CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 7:28 p.m.27 views

CVE-2026-28376

CVE-2026-28376 affects the Grafana Live push endpoint. An authenticated user with access to the Grafana Live API can trigger unbounded memory allocation by sending a large or streaming request body, potentially causing out-of-memory conditions. The available documents describe the vulnerable comp...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017795 advisory. The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large...

7.5CVSS6.9AI score0.09438EPSS
Exploits0References4
OSV
OSV
added 2026/05/09 12:33 p.m.7 views

OESA-2026-2248 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a...

9.8CVSS6.6AI score0.00658EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.9 views

CVE-2026-43287

In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocatin...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References10
OSV
OSV
added 2026/05/07 1:54 a.m.7 views

GHSA-FPF5-4JW8-67X8 rust-zserio has Unbounded Memory Allocation

Impact When deserializing arrays, strings or bytes blob types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allocate...

7.5CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 1:54 a.m.13 views

rust-zserio has Unbounded Memory Allocation

Impact When deserializing arrays, strings or bytes blob types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allocate...

5.8AI score
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/06 8:58 p.m.17 views

CVE-2026-41483

OpenTelemetry.Resources.Azure (Azure VM resource detector) suffers from unbounded HTTP response body reads in AzureVmMetaDataRequestor when contacting the Azure VM metadata endpoint, causing unbounded memory usage and potential DoS. The issue affects versions 1.15.0-beta.1 and earlier; it is fixe...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/03 11:55 p.m.20 views

CVE-2026-6948

CVE-2026-6948 affects Velociraptor servers prior to version 0.76.4, where the VQLResponse Result-Set Writer can allocate memory unboundedly in the agent control channel. A compromised Velociraptor client can trigger an Out-Of-Memory (OOM) condition, crashing the server by sending crafted messages...

4.9CVSS5.8AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder