Lucene search
K

20561 matches found

CVE
CVE
added 2026/04/08 7:11 p.m.156 views

CVE-2026-23869

The CVE-2026-23869 entry describes a Denial-of-Service vulnerability in React Server Components affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specially crafted HTTP request to Server Function endpoints can cause the server to experience excessive C...

7.5CVSS5.9AI score0.01551EPSS
Exploits3References4
Cvelist
Cvelist
added 2026/04/08 7:11 p.m.18 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS0.01551EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/04/08 7:11 p.m.6 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS5.9AI score0.01551EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2026/04/08 1:58 p.m.4 views

brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion

A flaw was found in the brace-expansion component. This denial of service DoS vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory...

9.2CVSS5.9AI score0.00481EPSS
Exploits0References5
OSV
OSV
added 2026/04/08 7:12 a.m.2 views

SUSE-SU-2026:1209-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805...

7.5CVSS5.8AI score0.01545EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 2:49 a.m.3 views

MGASA-2026-0090 Updated python-pygments packages fix security vulnerability

A security flaw in Pygments function AdlLexer in archetype.py stems from a regular expression having an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. CVE-2026-4539...

4.8CVSS5.7AI score0.00156EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-35406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes...

7.5CVSS5.5AI score0.00383EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006597)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006597 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was...

7.8CVSS6.4AI score0.00144EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006809)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006809 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change whe...

5.5CVSS6.6AI score0.00271EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 10:16 p.m.6 views

DEBIAN-CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

7.5CVSS5.3AI score0.00383EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 10:16 p.m.5 views

UBUNTU-CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

7.5CVSS5.8AI score0.00383EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/07 10:12 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 9:32 p.m.4 views

CVE-2026-35406 Aardvark-dns has incorrect error handling for malformed tcp packets

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

6.2CVSS5.9AI score0.00383EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 9:32 p.m.16 views

CVE-2026-35406 Aardvark-dns has incorrect error handling for malformed tcp packets

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

6.2CVSS0.00383EPSS
Exploits0References3
CVE
CVE
added 2026/04/07 9:32 p.m.20 views

CVE-2026-35406

Affected software: aardvark-dns (authoritative DNS server for A/AAAA container records). Vulnerable versions: 1.16.0 through 1.17.0. Root cause: a truncated TCP DNS query followed by a connection reset can cause the process to enter an unrecoverable infinite error loop, consuming 100% CPU. Impact...

7.5CVSS5.9AI score0.00383EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/07 9:17 p.m.1 views

DEBIAN-CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.8AI score0.00435EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 9:17 p.m.8 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS0.00435EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/04/07 8:29 p.m.8 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.2AI score0.00435EPSS
Exploits1
CVE
CVE
added 2026/04/07 8:29 p.m.43 views

CVE-2026-29181

OpenTelemetry-Go (Go implementation) has a vulnerability in multi-value baggage header extraction: from versions 1.36.0 through 1.40.0, parsing each header field-value independently causes aggregation of members across values, enabling an attacker to trigger excessive CPU and memory allocations a...

7.5CVSS5.9AI score0.00435EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 8:29 p.m.4 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.9AI score0.00435EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder