Lucene search
K

3464 matches found

NVD
NVD
added 2026/05/19 2:16 p.m.16 views

CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

7.5CVSS0.00682EPSS
Exploits1References4
NCSC
NCSC
added 2026/05/13 6:33 a.m.33 views

Vulnerabilities present in Siemens products

Siemens has identified vulnerabilities in various OT-products. These include products from the Siemens RUGGEDCOM, SCALANCE, SIMATIC, SIMIT, SINAMICS, SIPROTEC, SENTRON, and Solid Edge product families. The vulnerabilities enable malicious actors to carry out attacks that can cause the following...

9.8CVSS7.2AI score0.72648EPSS
Exploits40References17
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29095

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

5.8AI score0.00278EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:20 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.317 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option ...

9.8CVSS7.5AI score0.02874EPSS
Exploits3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 2:59 a.m.17 views

hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

5.3CVSS6.8AI score0.00806EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 11:9 p.m.5 views

GHSA-MGX6-5CF9-RR43 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

7.1CVSS5.8AI score0.00299EPSS
Exploits3References8
OSV
OSV
added 2026/05/05 12:28 a.m.11 views

CLSA-2026-1777940906 python2: Fix of 3 CVEs

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.5 views

Fedora 43 : xen (2026-78cd69d9ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-78cd69d9ae advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

7.8CVSS5.9AI score0.00191EPSS
Exploits0References5
Amazon
Amazon
added 2026/04/30 12:0 a.m.6 views

Low: librsvg2

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

6.8CVSS5.2AI score0.00291EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-22004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0...

4.9CVSS6.8AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.6 views

CVE-2026-35239

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS0.00242EPSS
Exploits0References1
OSV
OSV
added 2026/04/17 1:2 p.m.9 views

OESA-2026-1966 corosync security update

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script. Security Fixes: A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membersh...

8.2CVSS5.8AI score0.00994EPSS
Exploits2References3
OSV
OSV
added 2026/04/16 9:9 p.m.5 views

GHSA-CPF9-PH2J-CCR9 zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

7.5CVSS5.7AI score0.00453EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : nghttp2 (SUSE-SU-2026:1350-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1350-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing sta...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33130

A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service DoS, leading to the plugin crashing and potential...

6.1CVSS6AI score0.00331EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/13 10:11 p.m.5 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0018EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/13 2:21 a.m.6 views

Important: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

7.5CVSS6.8AI score0.01945EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:43 p.m.2 views

Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty,Spring Cloud Netflix Zuul,Spring Framework,Spring Security,NPM package,glob-parent package,jQuery,Braces, go-redis,qs,LZ4,js-yaml might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, Spring Cloud Netflix Zuul , Spring Framework, Spring Security, NPM package, glob-parent package, jQuery, Braces, go-redis, qs, LZ4 and js-yaml. Vulnerabilities include , bypassing the...

8.1CVSS7.3AI score0.7848EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:11 p.m.5 views

Security Bulletin: DevOps Test Performance and Rational Performance Tester contains a vulnerabilty related to use of the qs library

Summary Due to use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerabiity. CVE-2025-15284 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP...

6.3CVSS6.5AI score0.0041EPSS
Exploits1Affected Software1
CVE
CVE
added 2026/04/09 9:25 p.m.13 views

CVE-2025-59969

CVE-2025-59969 affects Junos OS Evolved on PTX Series and QFX5000 Series. The vulnerability is a buffer copy without size checking in the advanced forwarding toolkit components evo-aftmand and evo-pfemand, leading to a Denial of Service when an attacker—positioned adjacent—sends crafted multicast...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder