Lucene search
K

3790 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-41101

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2 days ago10 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
OSV
OSV
added 2 days ago2 views

SUSE-SU-2026:2693-1 Security update for podman

This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. - CVE-2026-39829,CVE-2026-39830,CVE-2026-42508,CVE-2026-46598:...

9.1CVSS6.7AI score0.00651EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
CVE
CVE
added 2 days ago15 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40267

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References3
CVE
CVE
added 2 days ago11 views

CVE-2026-45822

CVE-2026-45822 – decode-uri-component : The connected records specify that the npm package decode-uri-component (versions up to 0.4.1) is vulnerable. The vulnerability lies in the decode() function, which splits input on '%' and then calls decodeComponents(), producing super-linear parsing time. ...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-13752

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS5.9AI score0.00188EPSS
Exploits0References2Affected Software1
NVD
NVD
added 6 days ago8 views

CVE-2026-38639

An issue in the parsemonth function /time/strptime.rs of relibc commit ab6a2e allows attackers to cause a Denial of Service DoS via parsing a crafted input...

7.5CVSS0.00446EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-56132

A flaw was found in libexpat, a library used for parsing XML data. An attacker could exploit a heap-based buffer overflow, a type of memory error, by providing specially crafted XML input. This vulnerability occurs when the library mishandles memory reallocation while processing XML, particularly...

6.9CVSS6.2AI score0.00088EPSS
Exploits0References4
CVE
CVE
added 6 days ago12 views

CVE-2026-57918

CVE-2026-57918 affects libnfs up to version 6.0.2 prior to the patch referenced by commit IDs f0b109d (NVD entry) / 935b8db (CVE record). The vulnerability is an xid integer underflow in READ_IOVEC within rpc_read_from_socket when a crafted NFS server causes the expected PDU size to exceed the ab...

7.1CVSS5.8AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago22 views

CVE-2026-38639

An issue in the parsemonth function /time/strptime.rs of relibc commit ab6a2e allows attackers to cause a Denial of Service DoS via parsing a crafted input...

0.00446EPSS
Exploits0References4
CVE
CVE
added 6 days ago8 views

CVE-2026-38639

CVE-2026-38639 affects relibc. The issue is in the parse_month function (path /time/strptime.rs) within commit ab6a2e and allows an attacker to trigger a Denial of Service by parsing a crafted input. The available sources confirm the vulnerability location and impact but do not provide exploitati...

7.5CVSS5.8AI score0.00446EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago20 views

PT-2026-52968

Name of the Vulnerable Software and Affected Versions relibc affected versions not specified Description A Denial of Service DoS issue exists in the parse month function located in /time/strptime.rs. An attacker can cause the system to crash by providing a specially crafted input. This issue is...

7.5CVSS5.8AI score0.00446EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/25 6:37 p.m.5 views

CVE-2026-49851

A flaw was found in Mistune, a Python Markdown parser. A remote attacker can exploit this vulnerability by providing a specially crafted Markdown input containing many consecutive bracket characters. This can lead to excessive CPU usage, causing a denial-of-service DoS condition on the affected...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 5:24 a.m.9 views

CVE-2026-12244

NSD (the DNS server) is affected when configured as a secondary for a zone. A primary can crash NSD by sending an AXFR containing a DNS message with a specially crafted SVCB RR whose rdata size is 65512, which causes an (uint16_t) length to overflow while allocating space for the RR wrap (total s...

8.8CVSS5.9AI score0.00303EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 4:48 a.m.5 views

EUVD-2026-39180

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2025-210335

A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS6.1AI score0.00579EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52579

Name of the Vulnerable Software and Affected Versions relibc version 61f42d Description A flaw in the pthread rwlockattr setpshared function allows attackers to trigger a Denial of Service DoS by providing crafted input. Recommendations As a temporary workaround, consider restricting the use of t...

7.5CVSS5.8AI score0.00446EPSS
Exploits0References6
Rows per page
Query Builder