Lucene search
K

205 matches found

Vulnrichment
Vulnrichment
added 2026/05/11 6:6 p.m.9 views

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:20 p.m.16 views

CVE-2026-43894

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...

6.2CVSS5.8AI score0.00158EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.16 views

SUSE CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

7.5CVSS5.8AI score0.00311EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/10 9:30 p.m.14 views

EUVD-2026-28998

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

5.8AI score0.00311EPSS
Exploits0References4
OSV
OSV
added 2026/05/10 9:16 p.m.10 views

DEBIAN-CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2026/05/10 9:16 p.m.21 views

CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

6.5CVSS0.00311EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/10 8:15 p.m.13 views

CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

5.8AI score0.00311EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/10 8:15 p.m.9 views

CVE-2026-45190 Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

5.8AI score0.00311EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/10 8:15 p.m.9 views

CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

6.5CVSS5.8AI score0.00311EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.13 views

PT-2026-39538

Name of the Vulnerable Software and Affected Versions Net::CIDR::Lite versions prior to 0.24 Description Net::CIDR::Lite for Perl fails to properly validate IP address and CIDR mask inputs. Inputs containing non-ASCII digit characters or a trailing newline pass validation but are re-encoded by th...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References26
CVE
CVE
added 2026/04/09 7:27 p.m.17 views

CVE-2026-40077

Summary: CVE-2026-40077 describes an IDOR in Beszel’s hub API endpoints that read a system ID from URL parameters. Prior to version 0.18.7, an authenticated user could access routes for any system if they knew the system ID, with system IDs being 15-character alphanumeric tokens and container IDs...

3.5CVSS5.9AI score0.00219EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 1:35 p.m.6 views

CVE-2026-5244

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

7.5CVSS7.2AI score0.00727EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.8AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 12:16 a.m.8 views

UBUNTU-CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References9
OSV
OSV
added 2026/03/23 8:52 p.m.1 views

GHSA-CG4J-Q9V8-6V38 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...

6.9CVSS6.5AI score0.00498EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-27256

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The NumberToDelimitedConverter component utilizes a regular expression with gsub! to insert thousands...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References21
RubySec
RubySec
added 2026/03/23 12:0 a.m.12 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/22 3:16 a.m.2 views

DEBIAN-CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.3AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/03/22 3:16 a.m.5 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS0.00135EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/22 3:16 a.m.8 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.9AI score0.00135EPSS
Exploits0References3
Rows per page
Query Builder