Lucene search
K

264 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Decimal 资源管理错误漏洞

Decimal is a arbitrary-precision decimal arithmetic library developed by Eric Meadows-Jönsson. In versions 0.1.0 to 3.0.0 of Decimal, there was a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the parsed exponents, which could lead to unauthorized...

6.9CVSS5.8AI score0.00321EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 4:39 p.m.5 views

GHSA-RRJR-V56M-WW88 ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this could lead to a stack overflow. In a service environment, this would potentially take down a service. This affects applicatio...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/24 4:39 p.m.14 views

ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this could lead to a stack overflow. In a service environment, this would potentially take down a service. This affects applicatio...

5.3CVSS5.3AI score0.00273EPSS
Exploits0References4Affected Software1
Exploit DB
Exploit DB
added 2026/04/06 12:0 a.m.142 views

is-localhost-ip 2.0.0 - SSRF

Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...

6.9CVSS5.9AI score0.00357EPSS
Exploits2
NVD
NVD
added 2026/03/24 12:16 a.m.7 views

CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS0.0061EPSS
Exploits0References7
CVE
CVE
added 2026/03/23 11:29 p.m.20 views

CVE-2026-33176

CVE-2026-33176 — Active Support (Rails) number helpers incorrectly accept strings containing scientific notation (e.g., 1e10000). When expanded by BigDecimal, this can trigger extremely large decimal representations, leading to excessive memory and CPU usage and a potential DoS. The patch is incl...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 11:29 p.m.4 views

CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References7
OSV
OSV
added 2026/02/02 1:54 p.m.16 views

CLSA-2026-1770040438 kernel: Fix of 14 CVEs

efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...

7.8CVSS6AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/21 8:0 p.m.2 views

CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS6.8AI score0.00149EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/21 8:0 p.m.18 views

CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS0.00149EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/21 8:0 p.m.3 views

CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS6.6AI score0.00149EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/01/21 8:0 p.m.6 views

EUVD-2025-206313

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS6.8AI score0.00149EPSS
Exploits0References5
OSV
OSV
added 2025/12/10 1:58 a.m.3 views

MAL-2025-192414 Malicious code in mongo-decimal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31ef468b36fa90f39d081db22602ad19c8c84bfa3416e3b471eebaaad2919bf The package mongo-decimal was found to contain malicious code. Source: ghsa-malware e32897d62825ec82598cd1de92099161013a0fc84c60add6ec1c9496320ab58d...

6.8AI score
Exploits0References1
Snyk
Snyk
added 2025/12/10 1:58 a.m.4 views

Malicious Package

Overview mongo-decimal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/12/10 1:58 a.m.2 views

EUVD-2025-202363

Malicious code in mongo-decimal npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/10 1:58 a.m.7 views

Malicious code in mongo-decimal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31ef468b36fa90f39d081db22602ad19c8c84bfa3416e3b471eebaaad2919bf The package mongo-decimal was found to contain malicious code. Source: ghsa-malware e32897d62825ec82598cd1de92099161013a0fc84c60add6ec1c9496320ab58d...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2018-18928)

International Components for Unicode ICU for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString in i18n/numberdecimalquantity.cpp. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

9.8CVSS7.2AI score0.02918EPSS
Exploits0References4
OSV
OSV
added 2025/10/16 4:15 p.m.5 views

DEBIAN-CVE-2025-62496

A vulnerability exists in the QuickJS engine's BigInt string parsing logic jsbigintfromstring when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits nbits required to store the BigInt using the formula:...

8.8CVSS5.6AI score0.00437EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18354

Malware in sbrugna...

7.8CVSS7.8AI score0.02511EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-27387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimalbinsize, which is exploited via specially crafted SQL...

7.5CVSS8.2AI score0.02458EPSS
Exploits1References2
Rows per page
Query Builder