Lucene search
K

17764 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-50651

.NET Denial of Service Vulnerability - HTTP/2 SETTINGS/PING ACK flood causing OOM...

7.5CVSS6.1AI score
Exploits0References3
The Hacker News
The Hacker News
added yesterday13 views

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

libcurl 8.16.0 < 8.21.0 WebSocket Auto-PONG Memory Exhaustion (CVE-2026-11586)

The version of libcurl installed on the remote host is 8.16.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a...

7.5CVSS6.1AI score0.0086EPSS
Exploits1References2
EUVD
EUVD
added 6 days ago12 views

EUVD-2026-33939

mint: Unbounded streams map growth via PUSHPROMISE without follow-up HEADERS...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago15 views

EUVD-2026-33940

mint: Unbounded CONTINUATION/HEADERS frame accumulation CONTINUATION flood...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56659

Name of the Vulnerable Software and Affected Versions Drupal Login Disable versions 0.0.0 through 2.1.4 Description The Login Disable module, which restricts site access by requiring a secret key on the login form, does not sufficiently protect the form from brute force attacks. An attacker could...

6AI score0.00209EPSS
Exploits0References3
CVE
CVE
added 2026/07/03 6:13 a.m.62 views

CVE-2026-11586

CVE-2026-11586 : curl is vulnerable to memory exhaustion via WebSocket PING handling. The description across sources states that curl automatically responds to WebSocket PING frames and lacks an upper bound on memory allocation for unacknowledged frames, enabling a malicious server to flood curl ...

7.5CVSS6AI score0.0086EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/07/03 6:13 a.m.7 views

EUVD-2026-41500

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

6AI score0.0086EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 6:13 a.m.4 views

CVE-2026-11586 WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS6.1AI score0.0086EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:2 p.m.7 views

CVE-2026-54399

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.2 views

DEBIAN-CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:8 a.m.3 views

OPENSUSE-SU-2026:21175-1 Security update for python-zeroconf

This update for python-zeroconf fixes the following issues: Changes in python-zeroconf: - CVE-2026-47180: zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service bsc1268341 - CVE-2026-47183: zeroconf: Unbounded exception-dedup state retains pack...

5.8AI score0.00023EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/29 5:17 p.m.8 views

CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS5.9AI score0.00192EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/06/26 3:3 a.m.12 views

K000161919: BIND vulnerability CVE-2026-5947

Security Advisory Description Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as...

7.5CVSS5.8AI score0.01387EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53208

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 12:22 p.m.5 views

EUVD-2026-39346

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS5.8AI score0.00158EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 12:22 p.m.5 views

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS5.8AI score0.00158EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate numifs to prevent out-of-bounds write The driver obtains swattr.numifs from the firmware via dpswgetattributes, but never validates it against DPSWMAXIF 64. This value controls the iteration in...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:0 a.m.15 views

CURL-CVE-2026-11586 WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS5.8AI score0.0086EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.7 views

WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS5.8AI score0.0086EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder