CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

260 matches found

DEBIAN-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.5CVSS5.8AI score0.00104EPSS

Exploits0References1

NVD•added 4 days ago•4 views

CVE-2026-39894

2.9CVSS0.00104EPSS

Exploits0References3

CVE•added 4 days ago•15 views

CVE-2026-39894

CVE-2026-39894 affects Cacti (≤ 1.2.30). Locale-dependent decimal formatting in rrdtool_function_update() uses PHP string interpolation for metric values after is_numeric(), so a value like 1.5 may be rendered as 1,5 under LC_NUMERIC with a comma decimal. RRDtool expects a dot, causing metric dat...

2.9CVSS5.8AI score0.00104EPSS

Exploits0References3Affected Software1

Cvelist•added 4 days ago•20 views

CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

2.9CVSS0.00104EPSS

Exploits0References3

Debian CVE•added 4 days ago•4 views

CVE-2026-39894

2.9CVSS5.8AI score0.00104EPSS

Exploits0

Positive Technologies•added 4 days ago•7 views

PT-2026-52129

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Locale-dependent decimal formatting in the rrdtool function update function can lead to the corruption of RRDtool metric values. The function validates metric values using is numeric and incorporates...

2.9CVSS5.8AI score0.00104EPSS

Exploits0References5

OSV•added 6 days ago•4 views

DEBIAN-CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

6.1CVSS5.9AI score0.00161EPSS

Exploits0References1

NVD•added 6 days ago•7 views

CVE-2026-50171

8.2CVSS0.00161EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•5 views

CVE-2026-50171

8.2CVSS5.9AI score0.00161EPSS

Exploits0References2Affected Software1

Cvelist•added 6 days ago•31 views

CVE-2026-50171 Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

8.2CVSS0.00161EPSS

Exploits0References1

CVE•added 6 days ago•27 views

CVE-2026-50171

The CVE concerns Angular (vulnerable in @angular/common) where formatNumber used by DecimalPipe, PercentPipe, and CurrencyPipe mishandles digitsInfo bounds. Specifically, parsing digitsInfo with large fraction digits (e.g., 1.200000000-200000000) causes an unbounded loop in roundNumber, leading t...

8.2CVSS5.9AI score0.00161EPSS

Exploits0References1Affected Software1

Debian CVE•added 6 days ago•5 views

CVE-2026-50171

8.2CVSS5.8AI score0.00161EPSS

Exploits0

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in NTP

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when adding a decimal point. An adversary may be able to attack a client’s ntpq process, but they cannot attack the ntpd process...

5.6CVSS7.1AI score0.00645EPSS

Exploits0References2

RedhatCVE•added 2026/05/27 2:12 a.m.•13 views

CVE-2026-32686

Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent e.g. Decimal.new"1e1000000000" is accepted without error. Subsequent cal...

6.9CVSS5.8AI score0.00321EPSS

Exploits0References1

OSV•added 2026/05/22 1:21 p.m.•8 views

OESA-2026-2424 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS

Exploits7References8

Snyk•added 2026/05/19 9:0 p.m.•6 views

Malicious Package

Overview github.com/shopsprint/decimal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score

Exploits0References2

OSV•added 2026/05/18 4:56 p.m.•6 views

CLSA-2026-1779123410 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

7.5CVSS5.9AI score0.00227EPSS

Exploits7References1

EUVD•added 2026/05/12 3:9 p.m.•10 views

EUVD-2026-28376

Decimal: Unbounded exponent in Decimal.new enables unauthenticated DoS...

6.9CVSS5.8AI score0.00321EPSS

Exploits0References6

OSV•added 2026/05/12 3:9 p.m.•10 views

GHSA-RHV4-8758-JX7V Decimal: Unbounded exponent in `Decimal.new` enables unauthenticated DoS

Summary decimal doesn't bound the exponent on parsed input, so something like "1e10000000" is parsed fine but then explodes the memory to more than 7GB if you run e.g. Decimal.addDecimal.parse"1e10000000", 1 because for positive exp, the function tail-recurses with coef 10 and exp - 1 per...

6.9CVSS5.8AI score0.00321EPSS

Exploits0References7

Github Security Blog•added 2026/05/12 3:9 p.m.•12 views

Decimal: Unbounded exponent in `Decimal.new` enables unauthenticated DoS

6.9CVSS5.8AI score0.00321EPSS

Exploits0References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by