Lucene search
K

26448 matches found

NVD
NVD
added 6 hours ago6 views

CVE-2026-61868

ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...

6.3CVSS
Exploits0References2
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-44617

ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...

6.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-61867 ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service...

2.9CVSS
Exploits0References2
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-44615

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...

2.9CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 6 hours ago3 views

CVE-2026-61449 Grav before 2.0.2 Decompression Bomb via Forged ZIP Size

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 7 hours ago3 views

CVE-2026-48125

A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...

5.3CVSS6AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 8 hours ago3 views

CVE-2026-47736

A flaw was found in Puma, a Ruby/Rack web server. When PROXY protocol v1 support is enabled, a remote attacker can continuously send data without proper termination. This causes the server to consume an increasing amount of memory and CPU resources, leading to a Denial of Service DoS where the...

7.5CVSS6.1AI score0.0007EPSS
Exploits0References8
NVD
NVD
added yesterday4 views

CVE-2026-46627

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-50651

.NET Denial of Service Vulnerability - HTTP/2 SETTINGS/PING ACK flood causing OOM...

7.5CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-49476

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS
Exploits0References3
CVE
CVE
added yesterday17 views

CVE-2026-46627

CVE-2026-46627 concerns Twig, a PHP template engine. Before 3.26.0, Twig’s sandbox does not prevent a template from consuming CPU, memory, or wall-clock time even with an allow-list, allowing resource exhaustion via unbounded for/range usage. The issue is mitigated in version 3.26.0, which docume...

7.1CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday26 views

CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS
Exploits0References3
CVE
CVE
added yesterday22 views

CVE-2026-49855

Tornado (Python) prior to 6.5.6 allows a malicious server accessed via SimpleAsyncHTTPClient or an HTTPServer with decompress_request=True to accumulate decompressed data without an overall size limit, potentially causing memory exhaustion. Affected is gzip decompression routines that previously ...

7.5CVSS6.1AI score0.00052EPSS
Exploits0References3
NVD
NVD
added yesterday2 views

CVE-2026-47476

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-15713

A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated...

5.9CVSS
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-24271

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday26 views

CVE-2026-24271

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday23 views

CVE-2026-47736 Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, when PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer while waiting for CRLF to determine whether a PROXY v1 line is present, allowing an attacker that continuously sends...

7.5CVSS0.0007EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday23 views

CVE-2026-47479

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday24 views

CVE-2026-15713 Libsoup: soupcache: libsoup: http/2 frame window exhaustion remote denial of service via memory leak

A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated...

5.9CVSS
Exploits0References3
Rows per page
Query Builder