Lucene search
+L

1675 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-48069

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in...

7.5CVSS0.00625EPSS
Exploits0References13
CVE
CVE
added 3 days ago141 views

CVE-2026-48069

@grpc/grpc-js (pure JavaScript implementation) is affected by a crash when processing an invalid incoming compressed message. Affected versions: prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Remediation: upgrade to the ...

7.5CVSS6.1AI score0.00625EPSS
Exploits0References13
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-48069 @grpc/grps-js: An incoming malformed compressed message can cause a client or server crash

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in...

7.5CVSS0.00625EPSS
Exploits0References13
NVD
NVD
added 3 days ago6 views

CVE-2026-62641

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size...

4.3CVSS0.00234EPSS
Exploits0References5
OSV
OSV
added 3 days ago3 views

CVE-2026-62641

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size...

4.3CVSS6.1AI score0.00234EPSS
Exploits0References7
CVE
CVE
added 3 days ago8 views

CVE-2026-62641

CVE-2026-62641 affects Roundcube Webmail, where the TNEF decoder is vulnerable to denial of service when handling a crafted compressed-RTF size. The issue exists in Roundcube Webmail before 1.6.17 and in 1.7.x before 1.7.2. According to the sources, upgrading to Roundcube Webmail 1.6.17 or 1.7.2 ...

4.3CVSS6.1AI score0.00234EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago5 views

OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

9.1CVSS6.1AI score0.00465EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-14683

A flaw was found in HdrHistogram. A local attacker can exploit a vulnerability in the decodeFromCompressedByteBuffer function by manipulating the lengthOfCompressedContents argument. This manipulation leads to uncontrolled memory allocation, which can result in a Denial of Service DoS condition,...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/07/09 9:14 p.m.8 views

CVE-2026-39197

A flaw was found in Vector. A remote attacker could send a specially crafted compressed request to Vector's HTTP ingest sources, causing unbounded memory allocation during decompression and leading to a Denial of Service DoS. Mitigation Restrict network access to Vector's HTTP and gRPC ingest...

7.5CVSS6AI score0.00289EPSS
Exploits0References4
Mageia
Mageia
added 2026/07/09 4:46 p.m.4 views

Updated 7zip packages fix a security vulnerability

7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation. CVE-2026-48095...

8.8CVSS6.2AI score0.00938EPSS
Exploits1References5
NVD
NVD
added 2026/07/08 10:17 p.m.10 views

CVE-2026-44160

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's inhttp and inforward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as bodysizelimit and...

7.5CVSS0.0062EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56068

Name of the Vulnerable Software and Affected Versions Coder versions 2.17.0 through 2.29.6 Coder versions 2.32.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The POST /api/v2/files endpoint converts zip uploads to tar in memory using the...

6.5CVSS6.4AI score0.00602EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/07/04 11:0 p.m.52 views

CVE-2026-14683 HdrHistogram AbstractHistogram.java memory allocation

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results...

4.8CVSS0.00118EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 11:0 p.m.44 views

CVE-2026-14683

CVE-2026-14683 affects HdrHistogram up to 2.2.2. The vulnerability is in org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer, where manipulating lengthOfCompressedContents can trigger uncontrolled memory allocation. Exploitation is local, and a public exploit exists. The issue was r...

4.8CVSS5.7AI score0.00118EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/07/04 11:0 p.m.5 views

CVE-2026-14683 HdrHistogram AbstractHistogram.java memory allocation

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results...

4.8CVSS5.7AI score0.00118EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/04 11:0 p.m.9 views

CVE-2026-14683

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results...

4.8CVSS5.7AI score0.00118EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 3:2 p.m.9 views

USN-8488-2 linux-raspi vulnerabilities

It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information. CVE-2025-54505 Several security issues were discovered in the Linux kernel. An attacker could...

9.8CVSS6.8AI score0.00675EPSS
Exploits29References237
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory up to 32 MB per block before...

7.5CVSS5.9AI score0.00429EPSS
Exploits1References5
OSV
OSV
added 2026/07/02 12:0 a.m.5 views

MAL-2026-6771 Malicious code in @marketfront/commonecommerce (npm)

The @marketfront/commonecommerce package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.7 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References8
Rows per page
Query Builder