Lucene search
K

1820 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.9 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

7.5CVSS5.7AI score0.00319EPSS
Exploits1References1
OSV
OSV
added 2026/06/02 11:16 p.m.6 views

DEBIAN-CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:1 p.m.8 views

CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

5.8AI score0.0056EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/02 10:1 p.m.81 views

CVE-2026-42504

CVE-2026-42504 affects the WordDecoder.DecodeHeader function in the mime package, where decoding a malicious MIME header with many invalid encoded-words leads to quadratic time complexity and potential high CPU usage. Public descriptions identify the root cause as quadratic complexity in that dec...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/02 10:1 p.m.9 views

CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.8AI score0.0056EPSS
Exploits0
Snyk
Snyk
added 2026/06/02 9:39 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview std/mime is a Go standard library package std/mime Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

8.7CVSS5.4AI score0.0056EPSS
Exploits0References3
NVD
NVD
added 2026/06/02 4:16 p.m.12 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

7.5CVSS0.00319EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:24 p.m.9 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/02 3:24 p.m.16 views

CVE-2026-45680

CVE-2026-45680 affects OpenTelemetry eBPF Instrumentation (OBI) prior to version 0.9.0. The root cause is an unbounded delta in calculateStats(), where bp.runCount − bp.prevRunCount is used without a cap, causing the exporter to loop over probe hits for large run-count deltas. This can lead to hi...

7.5CVSS5.8AI score0.00319EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/02 1:42 a.m.16 views

SUSE CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

7.5CVSS5.9AI score0.00248EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/05/29 8:2 p.m.22 views

Nerdbank.MessagePack has Inefficient CPU Computation

Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...

5.8AI score
Exploits0References3Affected Software1
Rockylinux
Rockylinux
added 2026/05/29 6:0 p.m.14 views

stunnel bug fix update

An update is available for stunnel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Stunnel is a wrapper for network connections. It can be used to tunnel an...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/29 12:22 p.m.14 views

CVE-2026-32936

A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS DoH GET requests. The GET path, unlike the POST path, lacks size validation before processing large dns= query parameter...

8.7CVSS5.6AI score0.00672EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/28 7:42 p.m.32 views

CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS0.00296EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 6:24 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the W3CBaggagePropagator function. An attacker can cause excessive memory allocation and CPU consumption by sending oversized baggage data, which is automatically re-injected into...

8.7CVSS5.3AI score0.00686EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 5:16 p.m.17 views

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

7.5CVSS0.00686EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:37 p.m.11 views

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS5.8AI score0.00686EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2026/05/26 7:16 a.m.6 views

DEBIAN-CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 5:0 a.m.13 views

EUVD-2026-31793

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 5:0 a.m.75 views

CVE-2026-9496

CVE-2026-9496 affects the npm package pacote

8.7CVSS7.1AI score0.00346EPSS
Exploits0References4
Rows per page
Query Builder