3790 matches found
EUVD-2026-41101
Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...
CVE-2026-45822
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
SUSE-SU-2026:2693-1 Security update for podman
This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. - CVE-2026-39829,CVE-2026-39830,CVE-2026-42508,CVE-2026-46598:...
CVE-2026-13149
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...
CVE-2026-13149
The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...
EUVD-2026-40267
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
CVE-2026-45822
CVE-2026-45822 – decode-uri-component : The connected records specify that the npm package decode-uri-component (versions up to 0.4.1) is vulnerable. The vulnerability lies in the decode() function, which splits input on '%' and then calls decodeComponents(), producing super-linear parsing time. ...
CVE-2026-45822
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
CVE-2026-13752
Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...
CVE-2026-38639
An issue in the parsemonth function /time/strptime.rs of relibc commit ab6a2e allows attackers to cause a Denial of Service DoS via parsing a crafted input...
CVE-2026-56132
A flaw was found in libexpat, a library used for parsing XML data. An attacker could exploit a heap-based buffer overflow, a type of memory error, by providing specially crafted XML input. This vulnerability occurs when the library mishandles memory reallocation while processing XML, particularly...
CVE-2026-57918
CVE-2026-57918 affects libnfs up to version 6.0.2 prior to the patch referenced by commit IDs f0b109d (NVD entry) / 935b8db (CVE record). The vulnerability is an xid integer underflow in READ_IOVEC within rpc_read_from_socket when a crafted NFS server causes the expected PDU size to exceed the ab...
CVE-2026-38639
An issue in the parsemonth function /time/strptime.rs of relibc commit ab6a2e allows attackers to cause a Denial of Service DoS via parsing a crafted input...
CVE-2026-38639
CVE-2026-38639 affects relibc. The issue is in the parse_month function (path /time/strptime.rs) within commit ab6a2e and allows an attacker to trigger a Denial of Service by parsing a crafted input. The available sources confirm the vulnerability location and impact but do not provide exploitati...
PT-2026-52968
Name of the Vulnerable Software and Affected Versions relibc affected versions not specified Description A Denial of Service DoS issue exists in the parse month function located in /time/strptime.rs. An attacker can cause the system to crash by providing a specially crafted input. This issue is...
CVE-2026-49851
A flaw was found in Mistune, a Python Markdown parser. A remote attacker can exploit this vulnerability by providing a specially crafted Markdown input containing many consecutive bracket characters. This can lead to excessive CPU usage, causing a denial-of-service DoS condition on the affected...
CVE-2026-12244
NSD (the DNS server) is affected when configured as a secondary for a zone. A primary can crash NSD by sending an AXFR containing a DNS message with a specially crafted SVCB RR whose rdata size is 65512, which causes an (uint16_t) length to overflow while allocating space for the RR wrap (total s...
EUVD-2026-39180
shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...
EUVD-2025-210335
A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...
PT-2026-52579
Name of the Vulnerable Software and Affected Versions relibc version 61f42d Description A flaw in the pthread rwlockattr setpshared function allows attackers to trigger a Denial of Service DoS by providing crafted input. Recommendations As a temporary workaround, consider restricting the use of t...