CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

Snyk•added 2026/06/15 8:9 p.m.•5 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification during cleanup. An attacker can exhaust system memory by sending a specially crafted compressed payload that is decompressed into memory in a single chunk. Remediation Upgra...

8.7CVSS5.3AI score0.00263EPSS

Exploits0References2

OSV•added 2026/06/15 8:9 p.m.•3 views

GHSA-G3CQ-J2XW-WF74 aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS a zip bomb edge case. Workaround...

8.7CVSS5.3AI score0.00263EPSS

Exploits0References2

CNNVD•added 2026/05/27 12:0 a.m.•8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect conversion of physical addresses during the putfolios cleanup process in memfdluo,...

5.8AI score0.00107EPSS

Exploits0References2

RedHat Linux•added 2026/05/13 1:5 a.m.•8 views

freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This double free vulnerability occurs during the cleanup process when a remote desktop session disconnects. Specifically, if a title allocation fails, a pointer to an application window is freed but not removed fro...

7.5CVSS5.8AI score0.00476EPSS

Exploits1References12

CVE•added 2026/04/24 2:42 p.m.•9 views

CVE-2026-31621

The CVE-2026-31621 issue affects the Linux kernel bnge driver: on failure of auxiliary_device_add(), the error path calls auxiliary_device_uninit() but does not return, causing a null dereference when cleanup runs bnge_aux_dev_release() (bd->auxr_dev is freed and then dereferenced). Red Hat re...

5.5CVSS5.4AI score0.00121EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/04/22 7:17 p.m.•5 views

CVE-2026-31492

A flaw was found in the Linux kernel's RDMA Remote Direct Memory Access irdma driver. This vulnerability occurs when the freeqp completion is not properly initialized before being used during the cleanup process in irdmadestroyqp, specifically if the ibcopytoudata function fails. An attacker coul...

5.5CVSS5.4AI score0.00123EPSS

Exploits0References4

OSV•added 2026/03/13 7:32 p.m.•4 views

CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

9.1CVSS6AI score0.00421EPSS

Exploits1References4

Positive Technologies•added 2026/03/06 12:0 a.m.•6 views

PT-2026-23748

Name of the Vulnerable Software and Affected Versions QuickJS versions 2025-09-13 through 2025-12-11 Description A specially crafted JavaScript input, when executed with the qjs interpreter using the -m option and a limited memory allocation, can lead to an out-of-memory condition. This is follow...

7.5CVSS5.8AI score0.00284EPSS

Exploits1References8

EUVD•added 2025/12/24 3:30 p.m.•3 views

EUVD-2023-60342

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to uncanceled work In mtkjpegprobe, &jpeg-jobtimeoutwork is bound with mtkjpegjobtimeoutwork. Then mtkjpegdecdevicerun and mtkjpegencdevicerun may be called to start the work. If we...

6AI score0.00032EPSS

Exploits0References7

RedHat Linux•added 2025/11/11 8:21 a.m.•4 views

kernel: workqueue: Put the pwq after detaching the rescuer from the pool

A vulnerability was found in the Linux kernel's work queue subsystem, which manages background task execution. The issue stems from improper handling of the "rescuer" thread during the cleanup of unbound work queues...

7.8CVSS7.2AI score0.00214EPSS

Exploits0References5

RedhatCVE•added 2025/10/16 2:52 p.m.•2 views

CVE-2025-54805

When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel TMM memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluat...

6.5CVSS6.9AI score0.00279EPSS

Exploits0References1

NVD•added 2025/10/15 2:15 p.m.•4 views

CVE-2025-54805

6.5CVSS0.00279EPSS

Exploits0References1

OSV•added 2025/10/15 2:15 p.m.•3 views

CVE-2025-54805

6CVSS5.8AI score

Exploits0References1

CVE•added 2025/10/15 1:55 p.m.•10 views

CVE-2025-54805

CVE-2025-54805 describes a memory resource management vulnerability in F5 BIG-IP Next TMM. When an iRule is configured on a virtual server via the declarative API, cleanup on re-instantiation can increase TMM memory utilization, potentially degrading system performance and enabling a DoS-like imp...

6.5CVSS6.5AI score0.00279EPSS

Exploits0References1Affected Software3