Lucene search
K

1655 matches found

Cvelist
Cvelist
added yesterday16 views

CVE-2026-46629 Twig: Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

5.3CVSS0.00056EPSS
Exploits0References3
CVE
CVE
added yesterday45 views

CVE-2026-47736

Summary: CVE-2026-47736 affects the Puma Ruby/Rack web server when PROXY protocol v1 is enabled. In affected releases (5.5.0 up to 7.2.1 and 8.0.2), Puma reads incoming bytes into an internal buffer while waiting for CRLF to detect a PROXY v1 line, allowing an attacker to send data without CRLF a...

7.5CVSS6.2AI score0.0007EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday16 views

CVE-2026-15709 Soupwebsocketextensiondeflate: libsoup: libsoup: websocket permessage-deflate unbounded decompression remote denial of service

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS
Exploits0References3
OSV
OSV
added yesterday4 views

CVE-2026-59204 Pillow JPEG2000 tiled decode retains a growing scratch buffer and can be used for denial of service

Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates totalcomponentwidth across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled JPEG2000 file to force substantially higher transient memory usage and...

8.7CVSS6.1AI score
Exploits1References6
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-8609

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

7.5CVSS6.1AI score0.00397EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
OSV
OSV
added 5 days ago1 views

CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-57212

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description An unauthenticated attacker can trigger a denial of service by repeatedly calling the OAuth login route with unique values. This action leads to unbounded memory growth, which can exhaust the...

7.5CVSS6AI score0.00397EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System

Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...

9.1CVSS6.7AI score0.00533EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 6 days ago4 views

netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments

A flaw was found in netty-transport-sctp. A remote attacker can exploit this vulnerability by sending specially crafted, non-complete Stream Control Transmission Protocol SCTP message fragments. This can lead to unbounded memory growth within the application, causing a Denial of Service DoS...

7.5CVSS6AI score0.0038EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 6 days ago7 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS6.2AI score0.00436EPSS
Exploits0References3
NVD
NVD
added last week10 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS0.0037EPSS
Exploits1References5
OSV
OSV
added last week3 views

CVE-2026-59879 Immutable.js `List` 32-bit trie overflow → unrecoverable DoS

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References7
EUVD
EUVD
added last week7 views

EUVD-2026-42318

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score0.0037EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:5 p.m.5 views

CVE-2026-55574

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...

7.5CVSS7AI score0.00789EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/07/06 9:17 a.m.5 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.13 views

Important: Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6AI score0.02806EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.8 views

undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...

7.5CVSS5.9AI score0.00789EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.8 views

undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...

7.5CVSS7AI score0.00789EPSS
Exploits0References6
Rows per page
Query Builder