Lucene search
K

13431 matches found

OSV
OSV
added 2026/06/02 11:16 p.m.7 views

DEBIAN-CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:1 p.m.9 views

CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

5.8AI score0.0056EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2026/06/02 10:1 p.m.10 views

CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.8AI score0.0056EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/02 10:1 p.m.6 views

CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.8AI score0.0056EPSS
Exploits0
CVE
CVE
added 2026/06/02 10:1 p.m.96 views

CVE-2026-42504

CVE-2026-42504 affects the WordDecoder.DecodeHeader function in the mime package, where decoding a malicious MIME header with many invalid encoded-words leads to quadratic time complexity and potential high CPU usage. Public descriptions identify the root cause as quadratic complexity in that dec...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/02 9:39 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview std/mime is a Go standard library package std/mime Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

8.7CVSS5.4AI score0.0056EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/02 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/02 4:16 p.m.13 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

7.5CVSS0.00319EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:24 p.m.10 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/02 3:24 p.m.16 views

CVE-2026-45680

CVE-2026-45680 affects OpenTelemetry eBPF Instrumentation (OBI) prior to version 0.9.0. The root cause is an unbounded delta in calculateStats(), where bp.runCount − bp.prevRunCount is used without a cap, causing the exporter to loop over probe hits for large run-count deltas. This can lead to hi...

7.5CVSS5.8AI score0.00319EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/02 3:24 p.m.14 views

EUVD-2026-33954

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References2
OSV
OSV
added 2026/06/02 12:0 p.m.25 views

RUSTSEC-2026-0155 `exploration` was removed from crates.io for malicious code

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

5.9AI score
Exploits0References2
RustSec
RustSec
added 2026/06/02 12:0 p.m.13 views

`exploration` was removed from crates.io for malicious code

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

5.9AI score
Exploits0
OSV
OSV
added 2026/06/02 9:18 a.m.8 views

OPENSUSE-SU-2026:20878-1 Security update for sdbootutil

This update for sdbootutil fixes the following issues Security issue: - CVE-2026-25701: use of fixed directory /tmp/pcrlock.d.back in sdbootutil-update-predictions.service bsc1258241. Non security issues: Update to version 1+git20260506.25d47bf: - TPM based system does not auto-unlock encryption...

7CVSS5.8AI score0.00108EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/06/02 1:42 a.m.17 views

SUSE CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

7.5CVSS5.9AI score0.00248EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-48942

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

5.6AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.8 views

WebADM LDAP Environment Audit / Data Extraction Engine

This is an authenticated assessment and auditing utility designed to collect and process directory information from a WebADM deployment using available application functionality, rather than a vulnerability proof-of-concept...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.16 views

Fedora 44 : dovecot (2026-96eeb03b88)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-96eeb03b88 advisory. CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA--PLUS channel binding could be faked...

9.1CVSS5.8AI score0.00667EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from decoding maliciously constructed MIME headers containing numerous invalid encoding...

7.5CVSS5.3AI score0.0056EPSS
Exploits0References4
Rows per page
Query Builder