42 matches found
CVE-2026-33481
Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...
CVE-2026-33481
Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...
CVE-2026-33481 Syft improper temporary file cleanup
Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...
CVE-2026-33481 Syft improper temporary file cleanup
Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...
CVE-2026-33481
Syft contains a vulnerability (affecting versions before v1.42.3) where temporary storage is not properly cleaned up when an error occurs during scanning. If scanning archives leads to exhausted temporary storage (e.g., large artifacts or zipbombs), Syft may exit without removing temporary files,...
Syft improper temporary file cleanup
Impact Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the...
EUVD-2025-206333
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint...
GHSA-5F7Q-JPQC-WP7H Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
PT-2026-4817
Name of the Vulnerable Software and Affected Versions Next.js versions with experimental.ppr: true or cacheComponents: true configured along with the NEXT PRIVATE MINIMAL MODE=1 environment variable Description A denial of service issue exists in Next.js when Partial Prerendering PPR is enabled i...
EUVD-2022-35115
Malicious code in bioql PyPI...
EUVD-2022-51389
Malicious code in bioql PyPI...
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service...
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service...
SUSE-SU-2025:20025-1 Security update for python311, python-rpm-macros
This update for python311, python-rpm-macros fixes the following issues: python311: - CVE-2024-0450: Fixed zipfile module vulnerability with "quoted-overlap" zipbomb bsc1221854 - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges bsc1226448 - CVE-2024-0397: Fixed memory race condition in...
CVE-2024-54682 Zipbomb DoS via Missing Slack Import Validation
Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...
SUSE-SU-2024:2479-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number bsc1219559. - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb bsc1221854. - CVE-2024-4032: Rearranging definition of...