Lucene search
K

20577 matches found

Veracode
Veracode
added 2026/04/13 12:10 p.m.6 views

Denial Of Service

React Server Components is vulnerable to Denial of Service. The vulnerability is due to specially crafted HTTP requests to Server Function endpoints, where the payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable...

7.5CVSS7.2AI score0.01551EPSS
Exploits4References8Affected Software4
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.8 views

FreeBSD : Python -- configparser vulnerable to excessive CPU use (5ec4dcf6-3588-11f1-b51c-6dd25bec137b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5ec4dcf6-3588-11f1-b51c-6dd25bec137b advisory. Stan Ulbrych reports: configparser.RawConfigParser.OPTCRE,OPTCRENV regexes are vulnerable to quadratic...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32565

Name of the Vulnerable Software and Affected Versions jq versions prior to commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784 Description The software used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations. This allows an attacker to precompute...

7.8CVSS5.1AI score0.00366EPSS
Exploits1References95
The Hacker News
The Hacker News
added 2026/04/12 5:54 a.m.8 views

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Unknown threat actors compromised CPUID "cpuid.com", a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/11 5:0 a.m.282 views

Exploit for CVE-2026-23869

⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...

7.5CVSS5.9AI score0.01551EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/04/10 7:56 p.m.6 views

CVE-2026-23869

A flaw was found in react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack. Specially crafted HTTP requests to server function endpoints can result in an excessive consumption of CPU resources for up to a minute, causing an error that is catchable. Mitigation Red Hat has...

7.5CVSS5.7AI score0.01551EPSS
Exploits4References4
NVD
NVD
added 2026/04/10 5:17 p.m.4 views

CVE-2026-35599

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...

6.5CVSS0.00347EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/10 3:35 p.m.5 views

EUVD-2026-20584

React Server Components have a Denial of Service Vulnerability...

7.5CVSS5.8AI score0.01551EPSS
Exploits4References3
OSV
OSV
added 2026/04/10 3:34 p.m.3 views

GHSA-R4FG-73RC-HHH7 Vikunja has Algorithmic Complexity DoS in Repeating Task Handler

Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...

6.5CVSS5.8AI score0.00347EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2026/04/10 11:36 a.m.4 views

Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2026/04/10 6:34 a.m.230 views

Exploit for CVE-2026-23869

CVE-2026-23869 - Proof of Concept PoC Description This...

7.5CVSS5.9AI score0.01551EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.4 views

SUSE SLES15 Security Update : bind (SUSE-SU-2026:1230-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1230-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Tenable has extracted the...

7.5CVSS5.9AI score0.01545EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/09 4:41 p.m.12 views

fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification

⚠️ IMPORTANT CLARIFICATIONS Affected Configurations This vulnerability ONLY affects applications that: - Use RegExp objects not strings in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options - Configure patterns susceptible to catastrophic backtracking - Example: allowedAud...

6.5CVSS6AI score0.00262EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/04/09 2:55 p.m.16 views

CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

4.2CVSS0.00262EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/09 2:55 p.m.1 views

CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

4.2CVSS5.9AI score0.00262EPSS
Exploits1References4
CVE
CVE
added 2026/04/09 2:55 p.m.11 views

CVE-2026-35041

The CVE affects fast-jwt versions 5.0.0 through 6.2.0 where allowedAud verification uses a RegExp. The attacker-controlled aud claim, when matched against the provided RegExp, can trigger catastrophic backtracking in the JavaScript engine, causing CPU exhaustion during token verification. This vu...

6.5CVSS5.9AI score0.00262EPSS
Exploits1References4Affected Software1
SUSE Linux
SUSE Linux
added 2026/04/09 8:58 a.m.8 views

Security update for bind

This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.7CVSS7.3AI score0.01545EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 8:58 a.m.3 views

SUSE-SU-2026:1229-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805...

7.5CVSS7.3AI score0.01545EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 8:16 p.m.5 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS0.01551EPSS
Exploits4References4
Cvelist
Cvelist
added 2026/04/08 7:11 p.m.19 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS0.01551EPSS
Exploits4References1
Rows per page
Query Builder