Lucene search
K

1263 matches found

CVE
CVE
added 2026/05/25 2:0 p.m.32 views

CVE-2026-47067

Affected software: hackney (Erlang HTTP client). Vulnerability description: The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM atom via binary_to_atom/2. BEAM atoms are never garbage-collected, and the atom table maxes out at 1,048,576 entries. An att...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/25 2:0 p.m.7 views

EEF-CVE-2026-47067 Atom table exhaustion via unrecognized URL schemes in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackneyurl.erl converts every unrecognized URL scheme to a permanent BEAM atom via binarytoatom/2. BEAM atoms are never garbage-collected and the atom table default...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43065

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description An issue in the URL parser within src/hackney url.erl allows for resource exhaustion. The parser uses the binary to atom/2 function to convert unrecognized URL schemes into permanent BEAM atoms...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions prior to 2.0.0 to 4.0.1 that stems from the URL parser converting unrecognized URL schemes into permanent BEAM atoms, which could lead to atom table exhaustion and BEAM VM crashes...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/21 7:57 p.m.6 views

CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS5.8AI score0.00537EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 2:17 p.m.17 views

CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS0.00537EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:35 p.m.12 views

CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS5.8AI score0.00537EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 1:35 p.m.7 views

CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS5.8AI score0.00537EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 1:35 p.m.42 views

CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS0.00537EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 1:35 p.m.6 views

EEF-CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Summary Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 witho...

8.2CVSS5.8AI score0.00537EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42180

Name of the Vulnerable Software and Affected Versions phenixdigital phoenix storybook versions 0.2.0 through 1.0.x Description An unauthenticated denial-of-service can occur via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms usi...

8.2CVSS5.5AI score0.00537EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

PhoenixStorybook 安全漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.2.0 to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the unauthorized conversion of user-provided string parameter...

8.2CVSS5.8AI score0.00537EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 6:16 p.m.13 views

CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

9.1CVSS0.00208EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 6:16 p.m.10 views

UBUNTU-CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

9.1CVSS5.8AI score0.00208EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/14 5:40 p.m.6 views

CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

4CVSS5.8AI score0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 5:40 p.m.36 views

CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

4CVSS0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 5:38 p.m.24 views

CVE-2026-46469

GStreamer gst-plugins-good prior to 1.28.2 contains a vulnerability in the isomp4 plugin (qtdemux_parse_trak) where insufficient validation of MP4 atom data allows integer division by zero, causing denial of service. The issue is fixed in 1.28.2 (see MR 11243; security advisory SA-2026-0018). No ...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 5:38 p.m.12 views

EUVD-2026-30347

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

4CVSS5.8AI score0.00101EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 1:8 p.m.4 views

GHSA-QF4G-9FQQ-MMM7 Absinthe: Unbounded atom creation from parsed directive name

Summary When Absinthe parses a GraphQL SDL document, every directive @ definition is converted into a freshly created atom without any allow-list or length cap. Because atoms are never garbage-collected and the BEAM has a hard 1,048,576 atom-table limit, any application that feeds...

8.2CVSS6AI score0.00613EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/14 1:8 p.m.19 views

EUVD-2026-28798

Absinthe: Unbounded atom creation from parsed directive name...

8.2CVSS5.8AI score0.00613EPSS
Exploits1References5
Rows per page
Query Builder