Lucene search
K

20678 matches found

Wolfi
Wolfi
added 3 days ago12 views

GHSA-QCQ2-496W-V96P vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...

6.1AI score
Exploits0
NVD
NVD
added 4 days ago6 views

CVE-2026-57584

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...

8.7CVSS0.00419EPSS
Exploits0References4
Chainguard
Chainguard
added 4 days ago7 views

GHSA-QCQ2-496W-V96P vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, jupyter-base-notebook, kubeflow-pipelines-visualization-server...

6.1AI score
Exploits0
Chainguard
Chainguard
added 4 days ago10 views

CVE-2026-49851 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, jupyter-base-notebook, kubeflow-pipelines-visualization-server...

8.7CVSS7AI score0.0035EPSS
Exploits0
NVD
NVD
added 4 days ago9 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00524EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago3 views

js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS6.6AI score0.00259EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

decode-uri-component: decode-uri-component: Denial of Service via crafted input

A flaw was found in the decode-uri-component library. This vulnerability allows a remote attacker to trigger a Denial of Service DoS by submitting specially crafted input. The decode function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can le...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57332

Name of the Vulnerable Software and Affected Versions Phalcon versions prior to 5.15.0 Description In Phalcon MVC applications using a default router, the CLI router, or the /:params placeholder, a built-in route is registered with a compiled PCRE Perl Compatible Regular Expressions pattern...

8.7CVSS6.1AI score0.00419EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-15308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontroll...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References3
CVE
CVE
added 5 days ago17 views

CVE-2026-33803

CVE-2026-33803 (Junos OS Evolved) : A wrong initialization allows a process that should be internal to be reachable over the network via an open port, exposing the device and increasing CPU usage from ingress processing. Affects Junos OS Evolved releases prior to the following: 23.2R2-S7-EVO, 23....

6.9CVSS5.9AI score0.00354EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-12590

A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...

5.9CVSS5.9AI score0.0025EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 5 days ago7 views

CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References7
CVE
CVE
added 5 days ago162 views

CVE-2026-15308

The CVE-2026-15308 issue concerns Python’s incremental HTML parser (html.parser.HTMLParser) where the feed() path can cause CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. The root cause is tied to how unterminated markup declarations are...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 5 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Regular Expression Denial of Service (ReDoS)

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by...

8.7CVSS6AI score
Exploits0References2
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

5.5CVSS6AI score0.00125EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56776

Name of the Vulnerable Software and Affected Versions GNU patch affected versions not specified Description Improper validation of hunk line offsets in unified-diff input allows a denial of service DoS. A hunk is a single block of changes within a diff file. By supplying a specially crafted patch...

5.5CVSS6AI score0.00125EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-59870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addIte...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
Rows per page
Query Builder