Lucene search
K

3614 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 12:53 p.m.8 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-573 wger vulnerable to brute force attempts

Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2...

9.8CVSS7.1AI score0.00661EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 a.m.4 views

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS6.7AI score0.00638EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.43 views

CVE-2026-57924

In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...

4.3CVSS0.00167EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 9:0 a.m.12 views

SUSE-SU-2026:2645-1 Security update for dovecot22

This update for dovecot22 fixes the following issues - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40020: IMAP folders can be shared-spammed to everyone bsc1265149. - CVE-2026-42006: imap-login: uncontrolled memory usage with excessive...

7.5CVSS5.7AI score0.00454EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
CVE
CVE
added 2026/06/25 5:24 a.m.17 views

CVE-2026-12246

NSD 4.14.0 contains a vulnerability where a specially crafted APL RR with adflength exceeding the address family limit can cause a stack overwrite when writing the zone to disk, allowing up to 111 attacker-controlled bytes to influence memory. This is a data/stack corruption issue that affects th...

8.1CVSS5.9AI score0.00265EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in python-urllib3

urllib3 is a HTTP client library for Python. The streaming API of urllib3 is designed for efficiently handling large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.7AI score0.02667EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in alsa-lib

Versions of alsa-lib from 1.2.2 up to and including 1.2.15.2, prior to the release of 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without...

4.6CVSS7.2AI score0.00191EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 12:5 p.m.3 views

RLSA-2026:28000 Important: python-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS5.8AI score0.0068EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/23 10:55 a.m.6 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.9AI score0.0068EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2 : golist, --advisory ALAS2-2026-3382 (ALAS-2026-3382)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3382 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...

7.5CVSS6.3AI score0.00939EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and posed a potential vector for a...

7.5CVSS6.7AI score0.62575EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.9 views

Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

7.5CVSS5.4AI score0.00665EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 3:16 p.m.13 views

CVE-2026-6853

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

9.8CVSS0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:50 p.m.10 views

EUVD-2026-36429

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

9.8CVSS5.2AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48885

Name of the Vulnerable Software and Affected Versions Pause+ Mobile App versions 1.0.6 through 1.4.x Description Improper restriction of excessive authentication attempts allows for authentication bypass. Recommendations Update to version 1.5...

9.8CVSS5.2AI score0.00346EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.15 views

EulerOS Virtualization 2.13.0 : bind (EulerOS-SA-2026-2395)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU...

7.5CVSS5.8AI score0.01545EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 5:0 p.m.25 views

CVE-2026-3329

CVE-2026-3329 affects Sonatype Nexus Repository. A remote unauthenticated attacker can perform credential-guessing attacks via authentication endpoints, with a CVSS v4.0 base score 8.7 (HIGH) and network exposure. The vulnerability is characterized by a lack of authentication requirements for gue...

8.7CVSS5.5AI score0.00503EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 11:33 p.m.8 views

CVE-2026-45664

A flaw was found in ImageMagick. A remote attacker could exploit a missing check in the Multiple-image Network Graphics MNG coder to read more images than allowed by policy. This could lead to excessive resource consumption, resulting in a denial of service DoS. Mitigation Mitigation for this iss...

7.5CVSS5.1AI score0.00441EPSS
Exploits0References4
Rows per page
Query Builder