Lucene search
+L

236 matches found

redhat
redhat
added yesterday4 views

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References2
redhat
redhat
added 2 days ago7 views

python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS6AI score0.00553EPSS
Exploits0References11
nessus
nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-15308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontroll...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References3
osv
osv
added last week4 views

CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References11
vulnrichment
vulnrichment
added last week7 views

CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References7
cve
cve
added last week207 views

CVE-2026-15308

The CVE-2026-15308 issue concerns Python’s incremental HTML parser (html.parser.HTMLParser) where the feed() path can cause CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. The root cause is tied to how unterminated markup declarations are...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References8Affected Software1
nvd
nvd
added 2026/07/08 4:16 p.m.10 views

CVE-2026-59880

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS0.0037EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/07/02 7:40 p.m.8 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
rocky
rocky
added 2026/06/26 6:0 p.m.5 views

python27:2.7 security update

An update is available for python-backports-sslmatchhostname, python-ipaddress, python-markupsafe, module.python-chardet, module.python-pytest-mock, module.python-docs, python-pysocks, python-docutils, python-nose, module.python-markupsafe, module.python-dns, module.python-setuptoolsscm,...

7.5CVSS6.8AI score0.02453EPSS
Exploits1
nessus
nessus
added 2026/06/16 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0155: postgresql-jdbc (ALINUX3-SA-2026:0155)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42198: pgjdbc is an open source postgresql...

7.5CVSS5.5AI score0.0077EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/13 12:19 a.m.8 views

CVE-2026-8202 Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/05/09 8:16 p.m.10 views

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References8
osv
osv
added 2026/05/05 8:9 p.m.5 views

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4
osv
osv
added 2026/03/30 10:16 p.m.11 views

UBUNTU-CVE-2026-33983

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

7.5CVSS5.9AI score0.00426EPSS
Exploits0References3
cve
cve
added 2025/12/03 7:31 p.m.101 views

CVE-2025-66453

CVE-2025-66453 — Rhino (JavaScript engine) : Multiple IBM/IBM-linked advisories confirm Rhino, used in products such as MongoDB Enterprise Advanced (IBM), FileNet Content Manager, IBM Maximo MAS, and IBM webMethods BPM, is affected. Prior to Rhino versions 1.8.1, 1.7.15.1, and 1.7.14.1, passing a...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2025/11/20 12:0 a.m.6 views

TencentOS Server 3: python27 (TSSA-2023:0113)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0113 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS6.9AI score0.02453EPSS
Exploits1References2
nessus
nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Inefficient Algorithmic Complexity (CVE-2022-45061)

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

7.5CVSS6.9AI score0.02453EPSS
Exploits1References6
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-13008

Malware in sbrugna...

6.8CVSS6.5AI score0.02907EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-38073

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00927EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-47983

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.02453EPSS
Exploits1References38
Rows per page
Query Builder