CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6

Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.9

Red Hat OpenShift Service Mesh 3.0.9 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.0....

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

CVE-2025-69646

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debugrnglists data. A logic error in the handling of the debugrnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an...

BIT-GOLANG-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

CVE-2025-61724

CVE-2025-61724 is addressed in IBM security bulletins for IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers. The vulnerability stems from the Reader.ReadResponse function, which builds a response by repeatedly concatenating strings; when responses contain many ...

EUVD-2019-18886

Malware in sbrugna...

EUVD-2018-8640

Malicious code in bioql PyPI...

TencentOS Server 3: nghttp2 (TSSA-2024:0318)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0318 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

NewStart CGSL MAIN 7.02 : nghttp2 Vulnerability (NS-SA-2025-0078)

The remote NewStart CGSL host, running version MAIN 7.02, has nghttp2 packages installed that are affected by a vulnerability: - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2...

Alibaba Cloud Linux 3 : 0212: nghttp2 (ALINUX3-SA-2024:0212)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0212 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-28182: nghttp2 is an implementation of the...

Medium: javapackages-bootstrap

Issue Overview: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are...

Linux Distros Unpatched Vulnerability : CVE-2024-28182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number o...

Security Bulletin: Vulnerability in nghttp2 (CVE-2024-28182) affects Power HMC.

Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0...

Security Bulletin: IBM Technical Support Appliance - possible degraded performance or excessive CPU usage

Summary Domain Name Service DNS messaging is used to resolve hostnames to IP addresses. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in resolver caches and authoritative zone databas...

Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service

Summary DNS protocol allows teh IBM Technical Suport Appliance to resolve hostnames to their corresponding IP address. Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-2639)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-2673)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7080-1: Unbound vulnerability

Toshifumi Sakaguchi discovered that Unbound incorrectly handled name compression for large RRsets, which could lead to excessive CPU usage. An attacker could potentially use this issue to cause a denial of service by sending specially crafted DNS responses...