20678 matches found
GHSA-QCQ2-496W-V96P vulnerabilities
Vulnerabilities for packages: jupyter-base-notebook, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...
CVE-2026-57584
Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...
GHSA-QCQ2-496W-V96P vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, jupyter-base-notebook, kubeflow-pipelines-visualization-server...
CVE-2026-49851 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, jupyter-base-notebook, kubeflow-pipelines-visualization-server...
CVE-2026-59161
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
js-yaml: js-yaml: Denial of Service via crafted YAML merge keys
A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...
decode-uri-component: decode-uri-component: Denial of Service via crafted input
A flaw was found in the decode-uri-component library. This vulnerability allows a remote attacker to trigger a Denial of Service DoS by submitting specially crafted input. The decode function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can le...
PT-2026-57332
Name of the Vulnerable Software and Affected Versions Phalcon versions prior to 5.15.0 Description In Phalcon MVC applications using a default router, the CLI router, or the /:params placeholder, a built-in route is registered with a compiled PCRE Perl Compatible Regular Expressions pattern...
Linux Distros Unpatched Vulnerability : CVE-2026-15308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontroll...
CVE-2026-33803
CVE-2026-33803 (Junos OS Evolved) : A wrong initialization allows a process that should be internal to be reachable over the network via an open port, exposing the device and increasing CPU usage from ingress processing. Affects Junos OS Evolved releases prior to the following: 23.2R2-S7-EVO, 23....
CVE-2026-12590
A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
CVE-2026-15308
The CVE-2026-15308 issue concerns Python’s incremental HTML parser (html.parser.HTMLParser) where the feed() path can cause CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. The root cause is tied to how unterminated markup declarations are...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
Regular Expression Denial of Service (ReDoS)
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by...
DEBIAN-CVE-2026-56289
GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...
PT-2026-56776
Name of the Vulnerable Software and Affected Versions GNU patch affected versions not specified Description Improper validation of hunk line offsets in unified-diff input allows a denial of service DoS. A hunk is a single block of changes within a diff file. By supplying a specially crafted patch...
Linux Distros Unpatched Vulnerability : CVE-2026-59870
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addIte...
Linux Distros Unpatched Vulnerability : CVE-2026-59928
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link...
Linux Distros Unpatched Vulnerability : CVE-2026-59922
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character...