Lucene search
+L

444 matches found

Cvelist
Cvelist
added 2026/07/08 8:30 p.m.36 views

CVE-2026-55195 py7zr: Decompression bomb (zip bomb) denial of service via unchecked extraction size

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS0.00321EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 6:27 a.m.8 views

OESA-2026-2839 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.CVE-2026-54273 If an attacker sends...

8.7CVSS6AI score0.00322EPSS
Exploits0References9
OSV
OSV
added 2026/07/06 6:27 a.m.6 views

OESA-2026-2838 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.CVE-2026-54273 If an attacker sends...

8.7CVSS6AI score0.00322EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/22 8:11 p.m.28 views

CVE-2026-39904 Gophish 0.12.1 Denial of Service via Office Document Upload

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 8:11 p.m.9 views

EUVD-2026-38351

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 8:11 p.m.5 views

CVE-2026-39904 Gophish 0.12.1 Denial of Service via Office Document Upload

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 8:11 p.m.3 views

CVE-2026-39904 Gophish 0.12.1 Denial of Service via Office Document Upload

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 6:16 p.m.12 views

CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

8.7CVSS0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:38 p.m.4 views

CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 4:38 p.m.36 views

CVE-2026-54278

CVE-2026-54278 affects the AIOHTTP framework for Python. Prior to 3.14.1, during cleanup a compressed request body could be decompressed in memory in one chunk, potentially enabling a DoS via a zip-bomb scenario. Impact is described as high for availability and no confidentiality/integrity impact...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 4:38 p.m.3 views

CVE-2026-54278 AIOHTTP: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49592

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description During cleanup, a compressed request body can be decompressed into memory in a single chunk. An attacker may send a compressed payload in specific situations that could be decompressed into memory,...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References12
NVD
NVD
added 2026/04/10 7:16 p.m.6 views

CVE-2026-27460

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/10 7:9 p.m.5 views

EUVD-2026-21549

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/10 7:9 p.m.21 views

CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS0.00298EPSS
Exploits1References1
CVE
CVE
added 2026/04/10 7:9 p.m.12 views

CVE-2026-27460

The vulnerability (CVE-2026-27460) affects Tandoor Recipes prior to version 2.6.5, in the recipe import functionality. An authenticated user can trigger a Denial of Service by uploading a large ZIP file (ZIP bomb), causing server crash or significant performance degradation. Impact is availabilit...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-32018

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.5 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to version 2.6.5, a Denial of Service DoS issue exists in the recipe import...

6.5CVSS5.8AI score0.00298EPSS
Exploits1References4
OSV
OSV
added 2026/04/08 12:16 a.m.3 views

GHSA-FJRM-76X2-C4Q4 JWCrypto: JWE ZIP decompression bomb

Summary The fix for GHSA-j857-7rvv-vj97 in v1.5.6 is weak in that it does not allow to fully control the amount of plaintext the receiver is willing to deal with and provides just a weak upper bound. The patch limits input token size to 250KB but does not validate the decompressed output size. An...

5.3CVSS5.9AI score0.00294EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.6 views

SUSE CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS5.8AI score0.00408EPSS
Exploits0References4
NVD
NVD
added 2026/03/26 6:16 p.m.19 views

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS0.00408EPSS
Exploits0References4
Rows per page
Query Builder