Lucene search
K

1230 matches found

CVE
CVE
added yesterday7 views

CVE-2026-54887

CVE-2026-54887 concerns Erlang/OTP's DTLS server in ssl, where during startup the cookie secret is initialized to an empty binary instead of a random value. This makes DTLS cookie computation deterministic for the first 0–15 seconds, allowing an observer of plaintext ClientHello to forge a valid ...

6.3CVSS5.8AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS5.8AI score
Exploits0References6Affected Software1
OSV
OSV
added yesterday2 views

SUSE-SU-2026:2673-1 Security update for bind

This update for bind fixes the following issues: Security issues: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free vulnerabilit...

9.8CVSS6.7AI score0.01844EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2 days ago11 views

PT-2026-54519

Name of the Vulnerable Software and Affected Versions buffa affected versions not specified Description The buffa protobuf decoder contains a memory-amplification issue. A malformed message can cause the library to consume up to 22 times the expected amount of RAM, leading to a denial of service...

5.7AI score
Exploits0References4
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-13523 GPAC ISOBMFF base_encoding.c data amplification

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS0.00112EPSS
Exploits0References8
CVE
CVE
added 4 days ago14 views

CVE-2026-13523

GPAC (up to 26.02.0) is affected in the ISOBMFF Parser component, specifically the file src/utils/base_encoding.c. A manipulation can lead to data amplification, with local access required. The issue has a publicly available exploit and a remediation patch has been released. Vendor-provided fix a...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52845

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description A Denial of Service DoS issue exists in the AITextSummarizerBlock component. This occurs because the system allows input amplification, where a relatively small amount of content can lead to excessi...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES16: bind / bind-doc / bind-modules-generic / bind-modules-ldap / etc (SUSE-SU-2026:22198-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22198-1 advisory. This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion durin...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

SUSE SLES15 Security Update : bind (SUSE-SU-2026:2616-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2616-1 advisory. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References10
OSV
OSV
added 2026/06/24 9:3 a.m.1 views

SUSE-SU-2026:2617-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 9:3 a.m.2 views

SUSE-SU-2026:2616-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/22 4:19 p.m.33 views

CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS0.00293EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 5:40 a.m.3 views

BIT-ENVOY-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS6AI score0.00708EPSS
Exploits0References3
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

SUSE-SU-2026:22198-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References13
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in cups-filters

CUPS versions before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting the addition of a printer. This is a different vulnerability than CVE-2024-47176. The request is intended to test the new printer, but it can also be us...

7.5CVSS7.3AI score0.00859EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 4:40 p.m.4 views

SUSE-SU-2026:2460-1 Security update for kubernetes-old

This update for kubernetes-old fixes the following issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of servic...

8.7CVSS5.8AI score0.00781EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 4:58 p.m.25 views

CVE-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS0.00708EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/17 2:6 p.m.8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the audio.py file. An attacker can cause excessive memory consumption by...

7.1CVSS5.9AI score0.00243EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/17 2:20 a.m.7 views

SUSE CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.3AI score0.00435EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/17 1:51 a.m.4 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
Rows per page
Query Builder