CVE-2026-8202 Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

UBUNTU-CVE-2026-33983

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

CVE-2025-66453

CVE-2025-66453 concerns the Rhino JavaScript engine. The vulnerability occurs when an application passes an attacker-controlled float poing number into the toFixed() function, which can cause high CPU usage and potentially lead to a Denial of Service. Affected versions are prior to 1.8.1, 1.7.15....

TencentOS Server 3: python27 (TSSA-2023:0113)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0113 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Siemens SIMATIC S7-1500 Inefficient Algorithmic Complexity (CVE-2022-45061)

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

EUVD-2020-13008

Malware in sbrugna...

EUVD-2024-38073

Malicious code in bioql PyPI...

EUVD-2022-47983

Malicious code in bioql PyPI...

CVE-2025-58369 fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

Linux Distros Unpatched Vulnerability : CVE-2024-9367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an...

TencentOS Server 3: python3 (TSSA-2023:0019)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0019 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

SUSE CVE-2024-12401

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

GHSA-GHW8-3XQW-HHCJ Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4pg-vg54-wxx4. This link is maintained to preserve external references. Original Description A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the...

BIT-PYTHON-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to python ( CVE-2022-45061 )

Summary Python is used by IBM Cloud Pak for Data. CVE-2022-45061. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder. By sendi...

Fedora 40 : pypy (2023-6000e06581)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6000e06581 advisory. Automatic update for pypy-7.3.12-3.fc40. Changelog Tue Aug 29 2023 Charalampos Stratakis - 7.3.12-3 - Security fix for CVE-2022-45061 - Fixes: rhbz2144428...

Fedora 37 : pypy3.9 (2023-af5206f71d)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af5206f71d advisory. Update to 7.3.11. See https://doc.pypy.org/en/latest/release-v7.3.11.html Security fix for CVE-2022-37454, CVE-2022-45061, CVE-2022-42919. Tenable h...

Fedora 37 : python2.7 (2023-a990c93ed0)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a990c93ed0 advisory. Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder Tenable has extracted the preceding description block directly from the...