Lucene search
K

130 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.6 views

SUSE SLED15: libpython3_11-1_0 / libpython3_11-1_0-32bit / python311 / etc (SUSE-SU-2026:0314-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0314-1 advisory. - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. -...

7.5CVSS7AI score0.01525EPSS
Exploits0References10
OSV
OSV
added 2026/01/26 4:39 p.m.4 views

SUSE-SU-2026:0299-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. - CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length bsc1254400...

7.5CVSS5.9AI score0.01525EPSS
Exploits0References7
OSV
OSV
added 2026/01/23 9:40 a.m.5 views

SUSE-SU-2026:0268-1 Security update for python

This update for python fixes the following issues: - CVE-2025-13836: Fixed reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length bsc1254400 - CVE-2025-12084: Fixed Denial of Service due to quadratic algorithm in xml.dom.minidom...

7.5CVSS5.8AI score0.01525EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/20 6:19 p.m.10 views

CVE-2025-52659

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure...

7.5CVSS5.4AI score0.00156EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : ruby:3.1 (AXSA:2024-7662:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7662:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

8.8CVSS7.4AI score0.02637EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/19 5:54 p.m.20 views

EUVD-2026-3209

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure...

2.8CVSS5.4AI score0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/01/19 5:54 p.m.21 views

CVE-2025-52659

CVE-2025-52659 affects HCL AION version 2, a AI lifecycle management platform. The vulnerability is a Cacheable HTTP Response issue that can cause unintended storage of sensitive or dynamic content, potentially enabling unauthorized access or information disclosure. The CVSS v3.1 base score is 7....

7.5CVSS5.4AI score0.00156EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/16 11:57 a.m.8 views

OESA-2026-1055 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

7.5CVSS6.5AI score0.01525EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/10 12:22 a.m.27 views

CVE-2026-22026 CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...

8.2CVSS0.00539EPSS
Exploits1References3
NVD
NVD
added 2026/01/07 6:15 p.m.7 views

CVE-2025-66560

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...

7.5CVSS0.00349EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/07 5:47 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the indefinite wait state in the HTTP response handling process. An attacker can cause worker threads to become permanently blocked by repeatedly closing HTTP connections while...

8.2CVSS5.6AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications open-sourced by Quarkus. A security vulnerability exists in Quarkus versions prior to 3.31.0, prior to 3.27.2, and prior to 3.20.5, which stems from improper handling of HTTP tier responses and could lead to...

7.5CVSS6.4AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2026/01/05 12:11 p.m.4 views

SUSE-SU-2026:0025-1 Security update for python312

This update for python312 fixes the following issues: - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. - CVE-2025-13836: use of...

7.5CVSS5.8AI score0.01525EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.13 views

PT-2026-25938

CVE-2026-4359 A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver. https://t.co/CeMfkBeSoo...

2CVSS5.8AI score0.00187EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/12/03 12:25 a.m.2 views

SUSE CVE-2025-13836

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS...

6.5CVSS6.9AI score0.01525EPSS
Exploits0References46
EUVD
EUVD
added 2025/12/01 6:30 p.m.3 views

EUVD-2025-200070

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS...

6.3CVSS6.3AI score0.01525EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/12/01 6:2 p.m.9 views

CVE-2025-13836

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS...

7.5CVSS5.9AI score0.01525EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2025/11/26 7:46 p.m.10 views

CVE-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

6.5CVSS0.00362EPSS
Exploits0References3
CVE
CVE
added 2025/11/20 9:15 p.m.14 views

CVE-2025-36160

IBM Concert Software version 1.0.0–2.0.0 discloses sensitive server information via HTTP response headers, enabling potential follow-on attacks. This is corroborated by CNVD/CNVD-2026-07114, RH/CVE-2025-36160, EUVD, NVD, OSV and other sources. remediation per IBM bulletin: upgrade to IBM Concert ...

7.5CVSS5.2AI score0.00227EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/05 3:7 p.m.6 views

CVE-2025-64458 Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

6.5AI score0.0193EPSS
Exploits1References3
Rows per page
Query Builder