Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3177 matches found

UbuntuCve
UbuntuCveadded 2026/03/13 7:54 p.m.2 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.9AI score0.00065EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/03/13 7:48 p.m.4 views

CVE-2026-31897

An out of bounds read flaw has been discovered in FreeRDP. This Out-of-bounds read exists in the freerdpbitmapdecompressplanar function when SrcSize is 0. This flaw may allow an attcker to read of 1 byte from heap memory in some situation. The more common and expected impact is a crash when the...

9.1CVSS5.6AI score0.00058EPSS
Exploits1References5
EUVD
EUVDadded 2026/03/13 5:42 p.m.3 views

EUVD-2026-12064

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdpbitmapdecompressplanar when SrcSize is 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize = 1. When SrcSize is 0 and pSrcData is...

5.8AI score0.00058EPSS
Exploits1References2
CVE
CVEadded 2026/03/13 5:42 p.m.25 views

CVE-2026-31897

CVE-2026-31897 affects FreeRDP prior to 3.24.0, where an out-of-bounds read occurs in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences srcp (pointing to pSrcData) without verifying SrcSize >= 1, causing a read one byte past the end of the source buffer if pSrcData ...

9.1CVSS5.8AI score0.00058EPSS
Exploits1References2Affected Software1
Snyk
Snykadded 2026/03/13 2:43 p.m.4 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the archivereaddata process. An attacker can exhaust system resources by submitting a specially crafted RAR5 archive that triggers an infinite loop during decompression. Remediation Upgrade libarchive to version...

8.7CVSS5.7AI score0.00037EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/13 11:45 a.m.7 views

CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.8AI score0.00037EPSS
Exploits0References29
Cvelist
Cvelistadded 2026/03/13 11:45 a.m.34 views

CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS0.00037EPSS
Exploits0References29
CVE
CVEadded 2026/03/13 11:45 a.m.46 views

CVE-2026-4111

The issue CVE-2026-4111 affects the libarchive library, specifically the RAR5 decompression logic. The vulnerability resides in archive_read_data() where processing a specially crafted RAR5 archive can enter an infinite loop, preventing forward progress and causing continuous CPU usage. The affec...

7.5CVSS5.8AI score0.00037EPSS
Exploits0References29
Debian CVE
Debian CVEadded 2026/03/13 11:45 a.m.1 views

CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.3AI score0.00037EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/03/13 11:40 a.m.1 views

CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.7AI score0.00037EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/03/13 12:0 a.m.2 views

Red Hat Enterprise Linux 10 安全漏洞

Red Hat Enterprise Linux 10 is a Linux operating system designed for enterprise users by the American company Red Hat. Red Hat Enterprise Linux 10 contains security vulnerabilities, specifically related to the RAR5 archive decompression logic. These vulnerabilities may lead to infinite loops and...

7.5CVSS7.1AI score0.00037EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/03/12 10:23 p.m.2 views

CVE-2026-1526

A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to...

7.5CVSS5.7AI score0.00021EPSS
Exploits0References7
NVD
NVDadded 2026/03/12 9:16 p.m.2 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS0.00021EPSS
Exploits0References4
OSV
OSVadded 2026/03/12 9:16 p.m.1 views

DEBIAN-CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS7.5AI score0.00021EPSS
Exploits0References1
OSV
OSVadded 2026/03/12 9:16 p.m.1 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/12 8:8 p.m.5 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.00021EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2026/03/12 8:8 p.m.4 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS7.5AI score0.00021EPSS
Exploits0
Cvelist
Cvelistadded 2026/03/12 8:8 p.m.31 views

CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS0.00021EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/12 8:8 p.m.3 views

CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.00021EPSS
Exploits0References4
CVE
CVEadded 2026/03/12 8:8 p.m.38 views

CVE-2026-1526

undici WebSocket PerMessageDeflate.decompress() can accumulate decompressed data without a size limit, enabling a decompression bomb that may exhaust Node.js memory and crash or render the process unresponsive. The description specifies a denial-of-service via memory exhaustion. No remediation or...

7.5CVSS5.8AI score0.00021EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder