Lucene search
K

3471 matches found

ICS
ICS
added 2026/05/26 12:0 a.m.24 views

Hitachi Energy ITT600 Explorer

SUMMARY Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service DoS attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600...

5.5AI score
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk.Authenticated users can trigger a denial-of-service attack by using specially crafted, overly long pattern matching on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matchi...

6.5CVSS6.3AI score0.01009EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in libde265

It was discovered that libde265 v1.0.10 contains a NULL pointer dereferencing in the ffhevcputweightedpredavg8sse function located at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...

5.5CVSS6.3AI score0.00292EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/19 7:10 p.m.58 views

CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS0.0032EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 5:36 p.m.6 views

CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

7.5CVSS5.9AI score0.00367EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/05/19 2:16 p.m.16 views

CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

7.5CVSS0.00682EPSS
Exploits1References4
NCSC
NCSC
added 2026/05/13 6:33 a.m.33 views

Vulnerabilities present in Siemens products

Siemens has identified vulnerabilities in various OT-products. These include products from the Siemens RUGGEDCOM, SCALANCE, SIMATIC, SIMIT, SINAMICS, SIPROTEC, SENTRON, and Solid Edge product families. The vulnerabilities enable malicious actors to carry out attacks that can cause the following...

9.8CVSS7.2AI score0.72648EPSS
Exploits40References17
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29095

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

5.8AI score0.00278EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:20 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.317 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option ...

9.8CVSS7.5AI score0.02874EPSS
Exploits3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 2:59 a.m.18 views

hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

5.3CVSS6.8AI score0.00801EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 11:9 p.m.5 views

GHSA-MGX6-5CF9-RR43 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

7.1CVSS5.8AI score0.00299EPSS
Exploits3References8
OSV
OSV
added 2026/05/05 12:28 a.m.11 views

CLSA-2026-1777940906 python2: Fix of 3 CVEs

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.5 views

Fedora 43 : xen (2026-78cd69d9ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-78cd69d9ae advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

9.4CVSS5.9AI score0.00191EPSS
Exploits0References5
Amazon
Amazon
added 2026/04/30 12:0 a.m.6 views

Low: librsvg2

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

6.8CVSS5.2AI score0.00291EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-22004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0...

4.9CVSS6.8AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.6 views

CVE-2026-35239

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS0.00242EPSS
Exploits0References1
OSV
OSV
added 2026/04/17 1:2 p.m.9 views

OESA-2026-1966 corosync security update

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script. Security Fixes: A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membersh...

8.2CVSS5.8AI score0.00994EPSS
Exploits2References3
OSV
OSV
added 2026/04/16 9:9 p.m.6 views

GHSA-CPF9-PH2J-CCR9 zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

7.5CVSS5.7AI score0.00453EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : nghttp2 (SUSE-SU-2026:1350-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1350-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing sta...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33130

A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service DoS, leading to the plugin crashing and potential...

6.1CVSS6AI score0.00331EPSS
Exploits0References4
Rows per page
Query Builder