Lucene search
K

264 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0035EPSS
Exploits1References5
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0035EPSS
Exploits1References5
CVE
CVE
added 6 days ago10 views

CVE-2026-59869

js-yaml (JavaScript YAML parser) is affected by a resource-consumption issue in merge-key chains that can cause quadratic CPU time as documents grow linearly. Affected versions are 3.0.0–3.14.x and 4.0.0–4.2.x; the issue is fixed in 3.15.0 and 4.3.0. Impact is described as high availability (A:H)...

7.5CVSS6AI score0.0035EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/24 1:12 p.m.5 views

OESA-2026-2722 dovecot security update

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. Security Fixes: Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRA...

7.5CVSS5.8AI score0.00454EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/06/09 12:52 p.m.9 views

Security update for 389-ds

This update for 389-ds fixes the following issue CVE-2026-9064: unbounded LDAP controls count in getldapmessagecontrolsext can lead to amplified CPU time and heap allocation and a denial of service bsc1265898. Changes for 389-ds: Update to version 2.0.20git90.9f70d434e. Patch Instructions: To...

8.7CVSS5.4AI score0.00815EPSS
Exploits0References4
NVD
NVD
added 2026/06/03 4:16 p.m.21 views

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS0.00492EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/25 7:33 a.m.15 views

CVE-2026-40016

A flaw was found in Dovecot. A remote or local attacker could upload a malicious Sieve script through the ManageSieve service, or locally, to bypass configured CPU time limits for Sieve scripts. This allows the attacker to consume excessive server resources, leading to a degradation of server...

6.5CVSS5.8AI score0.00338EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-40016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configure...

6.5CVSS5.9AI score0.00338EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.17 views

SUSE CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 3:31 p.m.36 views

EUVD-2026-29470

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 1:28 p.m.10 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:28 p.m.6 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 1:28 p.m.24 views

CVE-2026-40016

CVE-2026-40016: An attacker can upload a malicious Sieve script via ManageSieve (or local access) to bypass CPU time limits, potentially increasing allowed run time up to 130× the configured limit and degrading server performance. Affected component is the Sieve execution/ManageSieve handling; ro...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/05/12 1:28 p.m.33 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS0.00338EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.16 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001216)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001216 advisory. The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or...

7.8CVSS7.1AI score0.00402EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003357)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003357 advisory. The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or...

7.8CVSS7.1AI score0.00402EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/01/05 11:13 p.m.9 views

AIOHTTP vulnerable to DoS through chunked messages

Summary Handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. Impact If an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU...

8.7CVSS6.7AI score0.00338EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1284

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01212EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-44082

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00333EPSS
Exploits0References11
Rows per page
Query Builder