Lucene search
K

1820 matches found

EUVD
EUVD
added 2026/05/11 2:50 p.m.41 views

EUVD-2026-27867

Facebook React has a Denial of Service Vulnerability in React Server Components...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017755 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Tenable ha...

7.8CVSS6.9AI score0.53861EPSS
Exploits1References4
NVD
NVD
added 2026/05/09 6:16 a.m.17 views

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.5CVSS0.00126EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/09 6:16 a.m.8 views

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016815 advisory. The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this c...

5.3CVSS5.8AI score0.00526EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-42310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang...

5.5CVSS7AI score0.00126EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:2 a.m.8 views

CoreDNS DoH GET path missing size validation causes CPU and memory amplification

...

8.7CVSS5.8AI score0.00672EPSS
Exploits1
NVD
NVD
added 2026/05/05 8:16 p.m.9 views

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00672EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/05 7:7 p.m.7 views

EUVD-2026-27442

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00672EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/05 7:7 p.m.52 views

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00672EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.10 views

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS7.3AI score0.01125EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.11 views

RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

9.1CVSS5.8AI score0.01386EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.10 views

RHCOS 9 : OpenShift Container Platform 4.14.41 (RHSA-2024:9623)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9623 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

9.1CVSS5.8AI score0.01386EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.5 views

SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2026:1641-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1641-1 advisory. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032:...

7.5CVSS5.8AI score0.0079EPSS
Exploits5References22
RedHat Linux
RedHat Linux
added 2026/04/29 11:27 a.m.11 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS4.8AI score0.00426EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-36036

NEW THREAT INTEL: Qinglong Auth Bypass Chain to RCE - CVE-2026-3965 + CVE-2026-4047 CVSS 9.3 chained for unauth RCE on Qinglong = 2.20.1, dropping .fullgc cryptominer. 9 detections, 20 IOCs. https://t.co/dXJBNXiie3 ThreatIntel CyberSecurity RCE CVE https://t.co/PmenIBo9jX...

6.5CVSS6.8AI score0.00441EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/28 10:43 p.m.10 views

CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...

8.7CVSS5.5AI score0.00672EPSS
Exploits1References4Affected Software1
SUSE Linux
SUSE Linux
added 2026/04/28 11:53 a.m.4 views

Security update for dovecot22

This update for dovecot22 fixes the following issues: CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. CVE-2026-27855: OTP drive...

9.1CVSS5.3AI score0.0079EPSS
Exploits5References28
OSV
OSV
added 2026/04/28 11:53 a.m.10 views

SUSE-SU-2026:1641-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. - CVE-2026-27855: OTP...

7.5CVSS5.4AI score0.0079EPSS
Exploits5References15
RedHat Linux
RedHat Linux
added 2026/04/28 7:54 a.m.6 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS5.6AI score0.00426EPSS
Exploits0References6
Rows per page
Query Builder