Lucene search
+L

283 matches found

Cvelist
Cvelist
added 2026/07/06 6:49 p.m.32 views

CVE-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS0.00361EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/01 9:48 a.m.7 views

kernel: netfilter: flowtable: strictly check for maximum number of actions

A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...

7.8CVSS5.7AI score0.00141EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 6:14 p.m.41 views

CVE-2026-56789 RTKLIB 2.4.3 - Heap Buffer Overflow and Stack Read via Oversized RINEX Epoch Satellite Count

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS0.00239EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/11 1:40 p.m.25 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.1AI score0.01945EPSS
Exploits4References7
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.12 views

CVE-2026-36499

A flaw was found in Open vSwitch. A missing upper-bound check in udpifsetthreads allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads, causing resource exhaustion and denial of service. Reported against Open vSwitch v3.6.90; affects...

6.5CVSS5.7AI score0.00328EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.36 views

RecurGuard: Runtime Monitoring for Reasoning-Token Consumption Attacks

Reasoning-capable large language models can be induced to spend their generation budget on injected decoy tasks rather than answering the user's question, causing denial of service when no final answer is produced and denial of wallet when excess output tokens are billed. Input-side safety...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47077

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

6.8CVSS5.9AI score0.0018EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 3:16 p.m.21 views

CVE-2026-10533

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that...

5CVSS0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 2:6 p.m.15 views

EUVD-2026-31115

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.21 views

PT-2026-42181

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of attempting to reallocate excess pages during page reallocation in afalgpulltsg...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

rust-openssl 缓冲区错误漏洞

rust-openssl is an open-source library in the rust ecosystem that allows for interaction with the OpenSSL library. In versions 0.9.0 to 0.10.78 of rust-openssl, there was a buffer error vulnerability. This vulnerability stemmed from the frompemcallback API not verifying the length returned by use...

9.1CVSS6AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 9:31 p.m.10 views

EUVD-2026-24337

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 8:37 p.m.7 views

CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.11 views

SUSE CVE-2026-32280

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References40
Snyk
Snyk
added 2026/04/08 7:52 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of messages from D-Bus peers. An attacker can exhaust system resources, cause application crashes, or spoof signals by sending messages with excessive Unix file...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/08 12:14 p.m.4 views

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

8.3CVSS6.1AI score0.00955EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.15 views

PT-2026-31444

Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell...

5CVSS5.9AI score0.00183EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/07 3:30 p.m.10 views

EUVD-2026-19646

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

6.5CVSS5.9AI score0.00879EPSS
Exploits1References4
OSV
OSV
added 2026/04/07 3:30 p.m.6 views

GHSA-5MF9-H53Q-7MHQ Django has potential DoS via MultiPartParser through crafted multipart uploads

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

6.5CVSS5.8AI score0.00879EPSS
Exploits1References6
Rows per page
Query Builder