CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3643 matches found

Debian CVE•added 2026/03/31 11:31 a.m.•2 views

CVE-2024-14030

Sereal::Decoder versions from 4.000 through 4.009002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prio...

8.1CVSS8AI score0.0006EPSS

Exploits0

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29223

Name of the Vulnerable Software and Affected Versions Sereal::Encoder versions 4.000 through 4.009 002 Description Sereal::Encoder for Perl includes a vulnerable version of the Zstandard zstd library. A race condition exists in the one-pass compression functions of Zstandard versions prior to...

8.1CVSS7.2AI score0.00618EPSS

Exploits0References6

Fedora•added 2026/03/29 1:8 a.m.•5 views

[SECURITY] Fedora 42 Update: rust-tar-0.4.45-1.fc42

A Rust implementation of a TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once...

6.5CVSS5.8AI score0.00019EPSS

Exploits1

Fedora•added 2026/03/29 1:8 a.m.•3 views

[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.6.0-1.fc42

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

6.5CVSS5.8AI score0.00019EPSS

Exploits1

Fedora•added 2026/03/28 12:46 a.m.•7 views

[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43

BCFtools is a set of utilities that manipulate genomic variant calls in the Variant Call Format VCF and its binary counterpart BCF. All commands work transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed. This BCFtools includes the polysomy subcommand, which is implemented...

8.8CVSS5.9AI score0.0007EPSS

Exploits0

Fedora•added 2026/03/28 12:46 a.m.•3 views

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.0-1.fc43

6.5CVSS5.8AI score0.00019EPSS

Exploits1

Fedora•added 2026/03/28 12:46 a.m.•6 views

[SECURITY] Fedora 43 Update: rust-tar-0.4.45-1.fc43

6.5CVSS5.8AI score0.00019EPSS

Exploits1

Fedora•added 2026/03/28 12:46 a.m.•5 views

[SECURITY] Fedora 43 Update: python-fastar-0.9.0-2.fc43

The fastar library wraps the Rust tar, flate2, and zstd crates, providing a high-performance way to work with compressed and uncompressed tar archives in Python...

6.5CVSS5.9AI score0.00019EPSS

Exploits1

Fedora•added 2026/03/28 12:19 a.m.•4 views

[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.0-1.fc44

6.5CVSS5.8AI score0.00019EPSS

Exploits1

Fedora•added 2026/03/28 12:19 a.m.•5 views

[SECURITY] Fedora 44 Update: rust-tar-0.4.45-1.fc44

6.5CVSS5.8AI score0.00019EPSS

Exploits1

OSV•added 2026/03/27 5:45 p.m.•1 views

BIT-NATS-2026-29785 NATS Server panic via malicious compression on leafnode port

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS5.9AI score0.0014EPSS

Exploits0References4

SUSE CVE•added 2026/03/27 12:25 a.m.•1 views

SUSE CVE-2026-29785

7.5CVSS5.9AI score0.0014EPSS

Exploits0References4

OSV•added 2026/03/26 8:33 p.m.•1 views

GO-2026-4829 NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server

NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server...

7.5CVSS5.9AI score0.0014EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:11 p.m.•2 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00065EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 2:59 p.m.•3 views

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS5.9AI score0.00253EPSS

Exploits0References1

Tenable Nessus•added 2026/03/26 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-29785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the...

7.5CVSS6.4AI score0.0014EPSS

Exploits0References3

RedhatCVE•added 2026/03/25 9:16 p.m.•2 views

CVE-2026-29785

A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the 'leafnode' configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of...

7.5CVSS5.6AI score0.0014EPSS

Exploits0References6