Lucene search
K

3283 matches found

OSV
OSV
added 2026/03/12 9:16 p.m.2 views

DEBIAN-CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS7.5AI score0.0115EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 9:16 p.m.4 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS0.0115EPSS
Exploits0References21
Cvelist
Cvelist
added 2026/03/12 8:8 p.m.37 views

CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS0.0115EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/12 8:8 p.m.4 views

CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 8:8 p.m.6 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References5
CVE
CVE
added 2026/03/12 8:8 p.m.68 views

CVE-2026-1526

undici WebSocket PerMessageDeflate.decompress() can accumulate decompressed data without a size limit, enabling a decompression bomb that may exhaust Node.js memory and crash or render the process unresponsive. The description specifies a denial-of-service via memory exhaustion. No remediation or...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References21Affected Software1
Debian CVE
Debian CVE
added 2026/03/12 8:8 p.m.8 views

CVE-2026-1526

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS7.5AI score0.0115EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-25045

Name of the Vulnerable Software and Affected Versions LibreDWG versions 0.13.3.7571 through 0.13.3.7835 Description A heap buffer overflow exists in LibreDWG. A specially crafted DWG file can lead to a Denial of Service DoS condition. The issue is located in the decompress R2004 section function...

6.5CVSS5.9AI score0.00218EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

undici 安全漏洞

Undici is an open-source HTTP/1.1 client developed by Node.js. Undici has a security vulnerability that stems from unlimited memory consumption during the decompression of permessage-deflate. This vulnerability could allow malicious WebSocket servers to send small compressed frames, causing the...

7.5CVSS6.8AI score0.0115EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25065

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 Description The undici WebSocket client is susceptible to a denial-of-service condition due to unrestricted memory usage during permessage-deflate decompression. When a WebSocket connection utilizes the...

7.5CVSS7.1AI score0.0115EPSS
Exploits0References213
RedHat Linux
RedHat Linux
added 2026/03/11 9:2 a.m.8 views

Important: Red Hat Security Advisory: RHTAS 1.3.2 - Tech Preview Release of Model Transparency

The Tech Preview release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

8.9CVSS6.6AI score0.02667EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.9 views

openSUSE 16 Security Update : ImageMagick (openSUSE-SU-2026:20337-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20337-1 advisory. - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can...

9.8CVSS6.1AI score0.00671EPSS
Exploits3References114
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.3 views

EulerOS 2.0 SP13 : python-urllib3 (EulerOS-SA-2026-1259)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...

8.9CVSS6.1AI score0.02667EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : python-urllib3 (EulerOS-SA-2026-1295)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...

8.9CVSS6.1AI score0.02667EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/09 1:20 p.m.6 views

CVE-2026-2219

A flaw was found in dpkg-deb, a component of the Debian package management system. This vulnerability allows a local user to trigger a Denial of Service DoS by providing a specially crafted zstd-compressed .deb archive. The flaw occurs because dpkg-deb does not properly validate the end of the da...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.3 views

MiracleLinux 8 : fence-agents-4.2.1-129.el8_10.24 (AXBA:2026-269:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2026-269:05 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression...

8.9CVSS6.1AI score0.02667EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.5 views

CVE-2026-20054

Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this...

5.8CVSS6AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.6 views

CVE-2026-20058

Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit...

5.8CVSS6AI score0.0039EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/05 7:7 p.m.4 views

keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service DoS by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryErro...

5.3CVSS5.8AI score0.00502EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/05 11:15 a.m.9 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.5 security update

Important: Red Hat OpenShift GitOps v1.17.5 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8438 CVE-2025-12816 openshift-gitops-1/console-plugin-rhel8: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic...

8.9CVSS6.9AI score0.02667EPSS
Exploits1References8
Rows per page
Query Builder