Lucene search
+L

4141 matches found

osv
osv
added 2026/07/08 4:16 p.m.3 views

UBUNTU-CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References3
cvelist
cvelist
added 2026/07/08 3:18 p.m.35 views

CVE-2026-59868 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS0.00358EPSS
Exploits1References3
osv
osv
added 2026/07/08 3:18 p.m.3 views

CVE-2026-59868 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS6.6AI score0.00358EPSS
Exploits1References5
debiancve
debiancve
added 2026/07/08 3:18 p.m.6 views

CVE-2026-59868

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6.5AI score0.00358EPSS
Exploits1
cve
cve
added 2026/07/08 3:18 p.m.8 views

CVE-2026-59868

The CVE-2026-59868 Issue: js-yaml (JavaScript YAML parser/dumper) is vulnerable when merge keys are enabled. From versions 5.0.0 up to 5.2.0, a chain of mappings using merge keys can cause quadratic CPU time on documents that grow linearly, leading to DoS under some inputs. A fix was released in ...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2026/07/08 3:15 p.m.36 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0037EPSS
Exploits1References5
osv
osv
added 2026/07/08 3:15 p.m.3 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS7AI score0.0037EPSS
Exploits1References7
debiancve
debiancve
added 2026/07/08 3:15 p.m.6 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6AI score0.0037EPSS
Exploits1
cve
cve
added 2026/07/08 3:15 p.m.25 views

CVE-2026-59869

js-yaml (JavaScript YAML parser) is affected by a resource-consumption issue in merge-key chains that can cause quadratic CPU time as documents grow linearly. Affected versions are 3.0.0–3.14.x and 4.0.0–4.2.x; the issue is fixed in 3.15.0 and 4.3.0. Impact is described as high availability (A:H)...

7.5CVSS6AI score0.0037EPSS
Exploits1References5Affected Software1
euvd
euvd
added 2026/07/08 3:13 p.m.6 views

EUVD-2026-42300

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

5.3CVSS6AI score0.00358EPSS
Exploits1References3
cve
cve
added 2026/07/08 3:13 p.m.9 views

CVE-2026-59870

CVE-2026-59870 affects js-yaml prior to 5.2.1. The YAML11_SCHEMA’s handling of the !!omap tag in omap.ts performs a linear duplicate-key scan on each insertion, causing O(n^2) CPU usage when yaml.load() parses crafted ordered-map documents. Red Hat and NVD entries confirm this results in CPU-inte...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.8 views

PT-2026-56490

Name of the Vulnerable Software and Affected Versions js-yaml versions 3.0.0 through 3.14.x js-yaml versions 4.0.0 through 4.2.x Description js-yaml can consume quadratic CPU time when parsing a document that grows linearly in size. This occurs when a chain of mappings utilizes merge keys, where...

7.5CVSS6AI score0.0037EPSS
Exploits1References13
osv
osv
added 2026/07/07 5:0 p.m.1 views

OPENSUSE-SU-2026:21251-1 Security update for alloy

This update for alloy fixes the following issues: Update to version 1.17.0. Security issues fixed: - CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service bsc1267185. - CVE-2026-25681: golang.org/x/net/html: parsing...

10CVSS6.6AI score0.00533EPSS
Exploits5References36
osv
osv
added 2026/07/07 4:3 p.m.7 views

PYSEC-2026-1313 docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage

Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...

8.1CVSS7.5AI score0.01376EPSS
Exploits1References9
osv
osv
added 2026/07/07 3:26 p.m.6 views

GO-2026-5873 Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml in github.com/rancher/fleet

Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml in github.com/rancher/fleet...

5CVSS5.9AI score0.00386EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 5:16 a.m.11 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/07 3:29 a.m.6 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/07/07 3:29 a.m.5 views

EUVD-2026-41999

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
cve
cve
added 2026/07/06 9:30 a.m.21 views

CVE-2026-44936

CVE-2026-44936 describes an SSRF risk in SUSE Rancher Fleet’s bundle reader when the helmRepoURLRegex field is not set on a GitRepo. The vulnerability allows forwarding Helm authentication credentials (BasicAuth) to any URL specified in the fleet.yaml helm.repo field, potentially leaking admin cr...

5CVSS6AI score0.00386EPSS
Exploits0References1Affected Software1
redhat
redhat
added 2026/07/03 5:27 a.m.2 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6.4AI score0.00358EPSS
Exploits1References7
Rows per page
Query Builder