Lucene search
+L

3863 matches found

redhat
redhat
added 2026/07/02 11:34 p.m.3 views

github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

6.5CVSS6.1AI score0.00295EPSS
Exploits0References7
ubuntu
ubuntu
added 2026/07/02 10:4 p.m.8 views

USN-8503-1: ncurses vulnerability

It was discovered that ncurses incorrectly handled certain terminfo entries in the infocmp tool. An attacker could possibly use this issue to cause a denial of service via a crafted terminfo file. The default compiler options for affected releases should reduce the vulnerability to a denial of...

9.8CVSS6AI score0.00414EPSS
Exploits1
osv
osv
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14401

Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00237EPSS
Exploits0References1
redhat
redhat
added 2026/07/01 6:55 p.m.2 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6.4AI score0.00358EPSS
Exploits1References7
osv
osv
added 2026/07/01 5:49 p.m.3 views

GHSA-RJ4C-R689-CM87 Open Babel has out-of-bounds write in ORCA nAtoms parser

Summary A memory-safety vulnerability in Open Babel's ORCA parser allowed an out-of-bounds write when reading a crafted input file. Details The flaw was in the nAtoms handling of the ORCA reader. A malformed input caused the parser to write past the end of its destination buffer. Impact Open Babe...

7.8CVSS7.1AI score0.00816EPSS
Exploits1References6
osv
osv
added 2026/07/01 5:48 p.m.3 views

GHSA-8QXC-57HF-HC9J Open Babel has uninitialized pointer dereference in PQS pFormat

Summary A memory-safety vulnerability in Open Babel's PQS parser caused an uninitialized pointer dereference when reading a crafted input file. Details The flaw was in the pFormat handling of the PQS reader. A malformed input caused the parser to dereference a format pointer that had never been...

7.8CVSS5.7AI score0.00843EPSS
Exploits1References6
osv
osv
added 2026/07/01 5:41 p.m.4 views

GHSA-55J6-RJHX-HWFH Open Babel has NULL pointer dereference in CACAO CacaoFormat::SetHilderbrandt

Summary A memory-safety vulnerability in Open Babel's CACAO parser caused a NULL pointer dereference when reading a crafted input file. Details The flaw was in CacaoFormat::SetHilderbrandt. A malformed input caused the parser to dereference a NULL pointer while applying the Hilderbrandt...

5.5CVSS5.8AI score0.00188EPSS
Exploits1References9
osv
osv
added 2026/07/01 5:39 p.m.3 views

GHSA-8WQ6-QH76-WPV9 Open Babel has heap buffer overflow in ChemKin ChemKinFormat::CheckSpecies

Summary A memory-safety vulnerability in Open Babel's ChemKin parser caused a heap buffer overflow when reading a crafted input file. Details The flaw was in ChemKinFormat::CheckSpecies. A malformed species record caused the parser to write past the end of a heap-allocated buffer. Impact Open Bab...

7.8CVSS6.5AI score0.00224EPSS
Exploits1References8
euvd
euvd
added 2026/07/01 5:21 p.m.9 views

EUVD-2026-41101

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS5.8AI score0.00201EPSS
Exploits0References1
nessus
nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References4
osv
osv
added 2026/06/30 6:47 p.m.5 views

GHSA-4W5W-4FHM-Q483 Open Babel has NULL pointer dereference in MOL2 OBAtom::SetFormalCharge

Summary A memory-safety vulnerability in Open Babel's MOL2 file format parser caused a NULL pointer dereference when reading a crafted input file. Details The flaw was in OBAtom::SetFormalCharge as called from the MOL2 parser. A malformed atom record caused the parser to call the method on a NULL...

5.5CVSS6.1AI score0.007EPSS
Exploits1References10
osv
osv
added 2026/06/30 10:16 a.m.13 views

UBUNTU-CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References4
nvd
nvd
added 2026/06/30 9:16 a.m.11 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
osv
osv
added 2026/06/30 9:16 a.m.4 views

UBUNTU-CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References5
osv
osv
added 2026/06/30 9:15 a.m.3 views

SUSE-SU-2026:2697-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to cra...

7.8CVSS6.2AI score0.00296EPSS
Exploits2References13
osv
osv
added 2026/06/30 9:4 a.m.4 views

SUSE-SU-2026:2693-1 Security update for podman

This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. - CVE-2026-39829,CVE-2026-39830,CVE-2026-42508,CVE-2026-46598:...

9.1CVSS6.7AI score0.00651EPSS
Exploits0References8
cvelist
cvelist
added 2026/06/30 8:30 a.m.39 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/30 8:30 a.m.5 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References3
cve
cve
added 2026/06/30 8:30 a.m.80 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/30 8:5 a.m.30 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
Rows per page
Query Builder