Lucene search
K

3082 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-59803

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS0.00408EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42372

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59803 rpcx - Denial of Service via Gzip Decompression Bomb in Wire Protocol

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS0.00408EPSS
Exploits0References4
CVE
CVE
added 2 days ago18 views

CVE-2026-59731

Astro 6.4.7 contains an authorization bypass due to improper handling of partially decoded pathnames after the iterative URL decoder limit, with an additional decodeURI() during rewrite route matching that can lead to accessing a protected route. The issue affects 6.4.7 and is fixed in 6.4.8. The...

8.2CVSS6AI score0.00267EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-59731 Astro 6.4.7 Authorization Bypass via Decode Iteration Limit and Rewrite Path Canonicalization Mismatch

Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI operation and can resolve the request to a...

8.2CVSS0.00267EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6AI score0.00436EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-56504

Name of the Vulnerable Software and Affected Versions @opentelemetry/propagator-jaeger versions prior to 2.9.0 Description The @opentelemetry/propagator-jaeger component decodes incoming uber-trace-id and uberctx- HTTP header values using the decodeURIComponent function without proper error...

7.5CVSS6AI score0.00436EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 3 days ago4 views

CVE-2026-14684

A flaw was found in HdrHistogram. A local attacker can exploit a vulnerability in the decodeFromByteBuffer function by manipulating the numberOfSignificantValueDigits argument. This manipulation leads to uncontrolled memory allocation, which can result in a Denial of Service DoS condition, making...

5CVSS5.6AI score0.0012EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS0.00344EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-56810

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 4 days ago4 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.9AI score0.00514EPSS
Exploits0References5
NVD
NVD
added 5 days ago8 views

CVE-2026-14684

A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory...

4.8CVSS0.0012EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago47 views

CVE-2026-14683 HdrHistogram AbstractHistogram.java memory allocation

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results...

4.8CVSS0.00118EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 2:16 p.m.5 views

CVE-2026-53341

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...

0.00156EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 1:32 p.m.7 views

EUVD-2026-40975

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...

5.8AI score0.00156EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 1:32 p.m.23 views

CVE-2026-53341

The CVE-2026-53341 issue affects the Linux kernel and is resolved by addressing a use-after-free (UAF) in may_decode_fh() where mount::mnt_ns was accessed without locks, risking a concurrent unmount/free of the mnt_namespace during an RCU grace period. The patch adds an rcu_read_lock() around the...

5.8AI score0.00156EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 5:16 a.m.11 views

CVE-2026-44042

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS0.00388EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.36 views

CVE-2026-44042 UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS0.00388EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.7 views

CVE-2026-44042 UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS6AI score0.00388EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:33 a.m.9 views

EUVD-2026-40877

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wiuudecode function checks whether the input length exceeds the output buffer with a strict greater-than comparison , while the...

3.7CVSS6AI score0.00388EPSS
Exploits0References2
Rows per page
Query Builder