Lucene search
K

1820 matches found

Github Security Blog
Github Security Blog
added 2026/03/20 8:43 p.m.11 views

Vikunja Affected by DoS via Image Preview Generation

Summary - Vulnerability: Unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. - Affected code: - Decoding without bounds: taskattachment.go:GetPreview - Resizing path: resizeImage -...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/19 7:16 p.m.4 views

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/17 8:58 p.m.5 views

GO-2026-4526 Infinite loop in github.com/antchfx/xpath

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

7.5CVSS5.8AI score0.00519EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP12 : golang (EulerOS-SA-2026-1363)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

7.5CVSS5.9AI score0.00626EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.3 views

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2026-1591)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...

8.9CVSS6.5AI score0.00622EPSS
Exploits0References3
OSV
OSV
added 2026/03/06 6:16 p.m.5 views

CVE-2025-69646

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debugrnglists data. A logic error in the handling of the debugrnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an...

5.5CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

SUSE SLES12 Security Update : python (SUSE-SU-2026:0802-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0802-1 advisory. - CVE-2024-7592: excess CPU resource consumption in http.cookies module bsc1229596 Tenable has extracted the preceding description block directly from...

7.5CVSS5.8AI score0.02303EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/03/05 9:44 a.m.6 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/03/05 8:23 a.m.4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: resource-agents (UTSA-2026-005593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005593 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded...

8.9CVSS6AI score0.00622EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/03 1:18 p.m.5 views

Security update for python

This update for python fixes the following issue: CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies module bsc1229596. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

2.6CVSS5.9AI score0.02303EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/02/25 11:30 a.m.9 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

10CVSS6.7AI score0.01945EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2026/02/24 6:36 a.m.5 views

CVE-2026-26283

A flaw was found in ImageMagick. An attacker can exploit this vulnerability by providing a specially crafted image. This crafted image can trigger an infinite loop within the JPEG encoder, causing the software to consume 100% of the CPU and become unresponsive. This leads to a Denial of Service...

7.5CVSS5.4AI score0.00327EPSS
Exploits0References4
OSV
OSV
added 2026/02/18 4:16 a.m.4 views

AZL-78024 CVE-2026-27171 affecting package openjpeg2 2.3.1-12

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...

5.5CVSS5.7AI score0.00204EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/02/16 9:33 p.m.3 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/16 11:40 a.m.11 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/16 11:34 a.m.9 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/16 10:32 a.m.4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References8
OSV
OSV
added 2026/02/13 1:15 p.m.6 views

OESA-2026-1347 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/12 10:16 p.m.6 views

CVE-2026-26076

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

7.5CVSS5.9AI score0.00349EPSS
Exploits0References4
Rows per page
Query Builder