Lucene search
+L

35 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS6.8AI score0.01125EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 6:55 p.m.3 views

js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU ti...

7.5CVSS6.5AI score0.00358EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/07 8:29 p.m.26 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.2AI score0.00435EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.14 views

SUSE CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

5.3CVSS5.9AI score0.00374EPSS
Exploits1References5
OSV
OSV
added 2026/03/27 8:10 a.m.2 views

CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

5.3CVSS5.9AI score0.00374EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/26 9:3 p.m.6 views

CVE-2026-33658

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

6.5CVSS5.3AI score0.00434EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/03/26 8:16 p.m.9 views

CVE-2026-32287

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

7.5CVSS6.3AI score0.00519EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-1519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers...

7.5CVSS7.5AI score0.01545EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:21 p.m.4 views

CVE-2026-33508

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...

8.2CVSS5.7AI score0.00345EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.3 views

SUSE CVE-2026-33036

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references &NNN;, &xHH; and standard XML entities completely evade the entity expansion limits e.g.,...

7.5CVSS5.8AI score0.00576EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 8:23 p.m.3 views

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon l2cpd of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces LSI to stop while...

7.1CVSS5.5AI score0.00225EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/15 8:23 p.m.27 views

CVE-2026-21911 Junos OS Evolved: Flapping management interface causes MAC learning on label-switched interfaces to stop

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon l2cpd of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces LSI to stop while...

7.1CVSS0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.7 views

undici 安全漏洞

undici is an open source HTTP/1.1 client for Node.js. A security vulnerability exists in undici versions prior to 7.18.0 and prior to 6.23.0, which stems from an unlimited number of links in an unzip chain, and could lead to high CPU usage and memory over-allocation...

7.5CVSS6.4AI score0.00433EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-27770

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.46 BIND versions 9.20.0 through 9.20.20 BIND versions 9.21.0 through 9.21.19 BIND versions 9.11.3-S1 through 9.16.50-S1 BIND versions 9.18.11-S1 through 9.18.46-S1 BIND...

7.8CVSS5.8AI score0.01545EPSS
Exploits0References124
Snyk
Snyk
added 2025/10/29 9:48 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:The ParseAddress function constructs domain-literal address components through repeated string...

8.7CVSS6.9AI score0.00613EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-7126

Malware in sbrugna...

7.5CVSS7.5AI score0.03172EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/19 9:44 a.m.4 views

CVE-2025-10630 Regex DoS in Grafana Zabbix Plugin

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

4.3CVSS6.3AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.8 views

PT-2025-31160 · Npm · @Eslint/Plugin-Kit

Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...

2.3CVSS7.1AI score
Exploits0References4
Amazon
Amazon
added 2024/10/16 12:0 a.m.5 views

Medium: unbound

Issue Overview: NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying...

5.3CVSS6.7AI score0.00801EPSS
Exploits0
Rows per page
Query Builder