Lucene search
K

3282 matches found

Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.6 views

PT-2026-23046

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.35.0 Description cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Before version 0.35.0, the library does not enforce the payload size limit configured via Server::set payload ma...

8.7CVSS5.7AI score0.00602EPSS
Exploits6References30
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

Cisco IOS XE和Cisco Secure Firewall Threat Defense 安全漏洞

Cisco IOS XE and Cisco Secure Firewall Threat Defense are both products of the American company Cisco. Cisco IOS XE is an operating system. It serves as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN operations. Cisco IOS XE reduces the complexity o...

5.8CVSS5.8AI score0.00414EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

Cisco IOS XE和Cisco Secure Firewall Threat Defense 数字错误漏洞

Cisco IOS XE and Cisco Secure Firewall Threat Defense are both products of the American company Cisco. Cisco IOS XE is an operating system. It serves as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN operations. Cisco IOS XE reduces the complexity o...

5.8CVSS5.8AI score0.00432EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: brotli (UTSA-2026-005387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005387 advisory. Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: resource-agents (UTSA-2026-005388)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005388 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks...

8.9CVSS6AI score0.02667EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 4:14 a.m.5 views

Security Bulletin: There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21441)

Summary There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient...

8.9CVSS6AI score0.02667EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.5 views

Ubuntu 22.04 LTS / 24.04 LTS : Authlib vulnerabilities (USN-8065-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8065-1 advisory. Millie Solem discovered that Authlib did not properly restrict algorithm selection during JWT verification, allowing HMAC verification with...

8.8CVSS6AI score0.00582EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.5 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-urllib3_1 (SUSE-SU-2026:0635-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0635-1 advisory. - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in...

8.9CVSS6AI score0.02667EPSS
Exploits0References10
OSV
OSV
added 2026/02/28 12:44 p.m.8 views

OESA-2026-1445 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

8.9CVSS6AI score0.02667EPSS
Exploits0References2
Veracode
Veracode
added 2026/02/28 5:12 a.m.9 views

Denial Of Service

pypdf is vulnerable to Denial of Service. The vulnerability is due to a malformed /FlateDecode stream, where the byte-by-byte decompression is used, and an attacker can craft a PDF which leads to long runtimes...

6.9CVSS5.2AI score0.00168EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:16 p.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content...

8.9CVSS7.2AI score0.02667EPSS
Exploits4Affected Software1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

kaniko 路径遍历漏洞

Kaniko is a tool developed by Chainguard Forks for building container images in Kubernetes. Versions of Kaniko prior to 1.25.10 contained a path traversal vulnerability. This vulnerability stemmed from the lack of ensuring that the final path was within the target directory during the decompressi...

8.2CVSS7.7AI score0.00613EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/26 3:20 p.m.7 views

EUVD-2026-8781

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps...

8.8CVSS5.3AI score0.0041EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/26 3:20 p.m.9 views

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

Summary A security review of the psdtools.compression module conducted against the fix/invalid-rle-compression branch, commits 7490ffa–2a006f5 identified the following pre-existing issues. The two findings introduced and fixed by those commits Cython buffer overflow, IndexError on lone repeat...

9.1CVSS5.7AI score0.0041EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/26 3:20 p.m.6 views

GHSA-24P2-J2JR-386W psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

Summary A security review of the psdtools.compression module conducted against the fix/invalid-rle-compression branch, commits 7490ffa–2a006f5 identified the following pre-existing issues. The two findings introduced and fixed by those commits Cython buffer overflow, IndexError on lone repeat...

8.8CVSS5.8AI score0.0041EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/26 1:48 p.m.3 views

CVE-2026-26965

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

8.8CVSS6.4AI score0.00591EPSS
Exploits1References5
OSV
OSV
added 2026/02/26 1:20 p.m.6 views

CLSA-2026-1772112014 openssl: Fix of CVE-2025-66199

CVE-2025-66199: validate uncompressed certificate length to prevent large pre-decompression allocation...

5.9CVSS5.8AI score0.00403EPSS
Exploits1References1
OSV
OSV
added 2026/02/26 9:45 a.m.7 views

OPENSUSE-SU-2026:20271-1 Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

8.9CVSS7.1AI score0.02667EPSS
Exploits0References6
OSV
OSV
added 2026/02/26 9:44 a.m.5 views

SUSE-SU-2026:20591-1 Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

8.9CVSS6.7AI score0.02667EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/26 3:13 a.m.5 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview psd-tools is a Python package for working with Adobe Photoshop PSD files as described in specification. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the compression module. An attacker can cause application crashes...

9.1CVSS5.9AI score0.0041EPSS
Exploits1References2
Rows per page
Query Builder