Lucene search
K

113 matches found

OSV
OSV
added 2026/04/07 8:16 p.m.3 views

UBUNTU-CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:35 p.m.5 views

CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

6.8CVSS6.6AI score0.0098EPSS
Exploits2References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/07 7:35 p.m.3 views

CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

5.3CVSS5.4AI score0.00294EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/26 4:21 p.m.2 views

CVE-2026-3114 Zip Bomb Denial of Service via Unrestricted Archive Decompression

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to validate decompressed archive entry sizes during file extraction which allows authenticated users with file upload permissions to cause a denial of service via crafted zip archives containing highly...

6.5CVSS5.8AI score0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28423

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.11 Mattermost versions 11.2.x through 11.2.3 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The software does not properly validate the size of...

6.5CVSS5.9AI score0.00343EPSS
Exploits0References7
OSV
OSV
added 2026/03/17 5:31 p.m.9 views

CLSA-2026-1773768694 Fix CVE(s): CVE-2025-14847

SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched zlib compressed protocol headers MongoBleed - debian/patches/CVE-2025-14847.patch: Return actual decompressed size instead of buffer size in ZlibMessageCompressor::decompressData - CVE-2025-14847...

8.7CVSS6.1AI score0.83007EPSS
Exploits39References1
OSV
OSV
added 2026/03/17 2:31 p.m.8 views

CLSA-2026-1773757893 Fix CVE(s): CVE-2025-14847

SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched zlib compressed protocol headers MongoBleed - debian/patches/CVE-2025-14847.patch: Return actual decompressed size instead of buffer size in ZlibMessageCompressor::decompressData - CVE-2025-14847...

8.7CVSS5.9AI score0.83007EPSS
Exploits39References1
UbuntuCve
UbuntuCve
added 2026/03/04 8:16 p.m.4 views

CVE-2026-28435

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

7.5CVSS5.7AI score0.00418EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/04 7:36 p.m.4 views

EUVD-2026-9496

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

7.5CVSS5.7AI score0.00418EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.6 views

cpp-httplib 安全漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.35.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of payload size restrictions on decompressed request...

7.5CVSS5.8AI score0.00418EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/14 9:18 p.m.5 views

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

7.5CVSS6.6AI score0.00431EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/01/14 12:24 a.m.6 views

SUSE CVE-2026-22776

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...

6.5CVSS6.8AI score0.00353EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/13 9:54 p.m.9 views

GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

Summary GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data...

7.5CVSS6.8AI score0.00431EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/01/13 9:15 p.m.11 views

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

7.5CVSS0.00431EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/13 8:43 p.m.26 views

CVE-2026-22870 GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

7.1CVSS0.00431EPSS
Exploits1References2
OSV
OSV
added 2026/01/13 10:53 a.m.7 views

CLSA-2026-1768301582 ruby: Fix of CVE-2025-24294

CVE-2025-24294: Limit the length of a decompressed domain name to prevent DoS in resolv gem...

7.5CVSS7.1AI score0.00539EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.12 views

PT-2026-2804

Name of the Vulnerable Software and Affected Versions GuardDog versions prior to 2.7.1 Description GuardDog, a CLI tool for identifying malicious PyPI packages, contains a flaw in its safe extract function. This function does not validate the size of decompressed files when handling ZIP archives,...

7.5CVSS6.5AI score0.00431EPSS
Exploits1References13
NVD
NVD
added 2026/01/12 7:16 p.m.4 views

CVE-2026-22776

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...

8.7CVSS0.00353EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/01/12 7:16 p.m.4 views

CVE-2026-22776

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...

8.7CVSS5.7AI score0.00353EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/12 6:18 p.m.6 views

EUVD-2026-2006

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...

8.7CVSS6.2AI score0.00353EPSS
Exploits1References2
Rows per page
Query Builder