Lucene search
K

20568 matches found

Github Security Blog
Github Security Blog
added 2026/04/02 8:30 p.m.6 views

Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters

Summary Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticat...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/02 6:20 p.m.5 views

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

8.7CVSS6AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 6:19 p.m.4 views

Inefficient Algorithmic Complexity

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

8.7CVSS5.9AI score0.00475EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 6:16 p.m.3 views

UBUNTU-CVE-2026-34827

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/02 10:59 a.m.9 views

mysql: Optimizer unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.5CVSS7AI score0.00257EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/04/02 12:1 a.m.11 views

mysql:8.4 security update

An update is available for mecab-ipadic, module.mecab-ipadic, module.mysql, module.mecab, mysql, mecab. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is ...

6.5CVSS6AI score0.00337EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/01 7:15 p.m.3 views

CVE-2026-34043

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

5.9CVSS5.8AI score0.00472EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:11 a.m.8 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to urllib3

Summary The urllib3 library is used by IBM Cloud Pak for Data System 1.0 to provide HTTP client functionality for Python applications. Multiple vulnerabilities affect urllib3. CVE-2025-66418 involves allocation of resources without limits or throttling. CVE-2025-66471 and CVE-2026-21441 both rela...

8.9CVSS6.9AI score0.02667EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: bind

Issue Overview: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

7.5CVSS7.3AI score0.01545EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Important: bind

Issue Overview: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

7.5CVSS7.3AI score0.01545EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.11 views

Amazon Linux 2 : bind, --advisory ALAS2-2026-3226 (ALAS-2026-3226)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3226 advisory. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive...

7.5CVSS7.4AI score0.01545EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1533)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1533 advisory. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there...

7.5CVSS7.4AI score0.01545EPSS
Exploits0References4
Mageia
Mageia
added 2026/03/31 11:5 p.m.10 views

Updated zlib packages fix security vulnerability

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...

5.5CVSS5.8AI score0.00204EPSS
Exploits1References4
OSV
OSV
added 2026/03/31 11:5 p.m.6 views

MGASA-2026-0076 Updated zlib packages fix security vulnerability

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...

5.5CVSS5.8AI score0.00204EPSS
Exploits1References5
OSV
OSV
added 2026/03/31 3:15 a.m.2 views

DEBIAN-CVE-2026-34043

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

7.5CVSS5.3AI score0.00472EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/31 3:15 a.m.8 views

CVE-2026-34043

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

7.5CVSS5.8AI score0.00472EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 1:48 a.m.3 views

CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

5.9CVSS5.8AI score0.00472EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 1:48 a.m.60 views

CVE-2026-34043

CVE-2026-34043 affects the Node.js module serialize-javascript. The vulnerability causes a DoS via CPU exhaustion when serializing a specially crafted array-like object with a very large length, leading to a 100% CPU loop and hang. This is fixed in version 7.0.5; affected deployments should upgra...

7.5CVSS5.8AI score0.00472EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/31 1:48 a.m.5 views

CVE-2026-34043

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

7.5CVSS5.3AI score0.00472EPSS
Exploits0
OSV
OSV
added 2026/03/30 10:16 p.m.8 views

UBUNTU-CVE-2026-33983

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

7.5CVSS5.9AI score0.00426EPSS
Exploits0References3
Rows per page
Query Builder