20542 matches found
FreeBSD : Python -- configparser vulnerable to excessive CPU use (5ec4dcf6-3588-11f1-b51c-6dd25bec137b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5ec4dcf6-3588-11f1-b51c-6dd25bec137b advisory. Stan Ulbrych reports: configparser.RawConfigParser.OPTCRE,OPTCRENV regexes are vulnerable to quadratic...
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Unknown threat actors compromised CPUID "cpuid.com", a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident...
Exploit for CVE-2026-23869
⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...
CVE-2026-23869
A flaw was found in react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack. Specially crafted HTTP requests to server function endpoints can result in an excessive consumption of CPU resources for up to a minute, causing an error that is catchable. Mitigation Red Hat has...
CVE-2026-35599
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far ...
EUVD-2026-20584
React Server Components have a Denial of Service Vulnerability...
GHSA-R4FG-73RC-HHH7 Vikunja has Algorithmic Complexity DoS in Repeating Task Handler
Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...
Security update for cockpit-machines
This update for cockpit-machines fixes the following issues: CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...
Exploit for CVE-2026-23869
CVE-2026-23869 - Proof of Concept PoC Description This...
SUSE SLES15 Security Update : bind (SUSE-SU-2026:1230-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1230-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Tenable has extracted the...
fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification
⚠️ IMPORTANT CLARIFICATIONS Affected Configurations This vulnerability ONLY affects applications that: - Use RegExp objects not strings in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options - Configure patterns susceptible to catastrophic backtracking - Example: allowedAud...
CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification
fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...
CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification
fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...
CVE-2026-35041
The CVE affects fast-jwt versions 5.0.0 through 6.2.0 where allowedAud verification uses a RegExp. The attacker-controlled aud claim, when matched against the provided RegExp, can trigger catastrophic backtracking in the JavaScript engine, causing CPU exhaustion during token verification. This vu...
Security update for bind
This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:1229-1 Security update for bind
This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
The CVE-2026-23869 entry describes a Denial-of-Service vulnerability in React Server Components affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specially crafted HTTP request to Server Function endpoints can cause the server to experience excessive C...