Lucene search
K

232 matches found

Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS5.9AI score
Exploits0References7
CVE
CVE
added yesterday50 views

CVE-2026-15308

The CVE-2026-15308 issue concerns Python’s incremental HTML parser (html.parser.HTMLParser) where the feed() path can cause CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. The root cause is tied to how unterminated markup declarations are...

8.7CVSS5.9AI score
Exploits0References8
NVD
NVD
added 2 days ago9 views

CVE-2026-59880

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS0.00301EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:40 p.m.7 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/06/26 6:0 p.m.4 views

python27:2.7 security update

An update is available for python-backports-sslmatchhostname, python-ipaddress, python-markupsafe, module.python-chardet, module.python-pytest-mock, module.python-docs, python-pysocks, python-docutils, python-nose, module.python-markupsafe, module.python-dns, module.python-setuptoolsscm,...

7.5CVSS6.8AI score0.02453EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.8 views

Alibaba Cloud Linux 3 : 0155: postgresql-jdbc (ALINUX3-SA-2026:0155)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42198: pgjdbc is an open source postgresql...

7.5CVSS5.5AI score0.0077EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:19 a.m.8 views

CVE-2026-8202 Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/09 8:16 p.m.10 views

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References8
OSV
OSV
added 2026/05/05 8:9 p.m.4 views

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4
OSV
OSV
added 2026/03/30 10:16 p.m.9 views

UBUNTU-CVE-2026-33983

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

7.5CVSS5.9AI score0.00426EPSS
Exploits0References3
CVE
CVE
added 2025/12/03 7:31 p.m.96 views

CVE-2025-66453

CVE-2025-66453 — Rhino (JavaScript engine) : Multiple IBM/IBM-linked advisories confirm Rhino, used in products such as MongoDB Enterprise Advanced (IBM), FileNet Content Manager, IBM Maximo MAS, and IBM webMethods BPM, is affected. Prior to Rhino versions 1.8.1, 1.7.15.1, and 1.7.14.1, passing a...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.6 views

TencentOS Server 3: python27 (TSSA-2023:0113)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0113 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS6.9AI score0.02453EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Inefficient Algorithmic Complexity (CVE-2022-45061)

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

7.5CVSS6.9AI score0.02453EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-13008

Malware in sbrugna...

6.8CVSS6.5AI score0.02907EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-38073

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00927EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-47983

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.02453EPSS
Exploits1References38
Cvelist
Cvelist
added 2025/09/05 9:59 p.m.53 views

CVE-2025-58369 fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

5.3CVSS0.00398EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-9367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an...

4.3CVSS5.5AI score0.00475EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.14 views

TencentOS Server 3: python3 (TSSA-2023:0019)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0019 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8CVSS6.9AI score0.07017EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2024/12/20 4:18 a.m.3 views

SUSE CVE-2024-12401

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...

4.4CVSS9.1AI score0.00645EPSS
Exploits0References3
Rows per page
Query Builder