CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

CVE-2026-48515 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...

6.3CVSS5.9AI score0.00231EPSS

Exploits0References1

Cvelist•added 5 days ago•20 views

CVE-2026-48515 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions

6.3CVSS0.00231EPSS

Exploits0References1

RedhatCVE•added 2026/04/20 7:22 p.m.•5 views

CVE-2026-40303

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request t...

7.5CVSS5.8AI score0.00453EPSS

Exploits0References1

NVD•added 2026/04/17 9:16 p.m.•9 views

CVE-2026-40303

7.5CVSS0.00453EPSS

Exploits0References2

Positive Technologies•added 2026/04/16 12:0 a.m.•8 views

PT-2026-33379

Name of the Vulnerable Software and Affected Versions zrok versions prior to 2.0.1 Description The GetSessionCookie function in the endpoints module parses an attacker-supplied cookie chunk count and calls makestring, count without an upper bound before token validation. This occurs on every...

7.5CVSS6AI score0.00453EPSS

Exploits0References9

Packet Storm•added 2026/02/03 12:0 a.m.•145 views

📄 Chromium Memory Corruption Trigger Simulation

This is a theoretical trigger simulation for a Chromium-class vulnerability associated with memory corruption scenarios commonly affecting the V8 JavaScript engine or the Blink rendering engine. The code intentionally performs heap allocation patterns and unsafe memory access attempts in order to...

6.5CVSS6.1AI score0.00224EPSS

Exploits1

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-23882

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00533EPSS

Exploits0References3

SUSE CVE•added 2025/08/07 11:22 p.m.•4 views

SUSE CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

5.3CVSS6.8AI score0.00533EPSS

Exploits0References7

OSV•added 2025/08/06 9:31 p.m.•3 views

GHSA-VH9X-PHQ6-FX54 Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mh55-gqvf-xfwm. This link is maintained to preserve external references. Original Description Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include ...

6.9CVSS6.2AI score0.00533EPSS

Exploits0References5

Github Security Blog•added 2025/08/06 9:31 p.m.•9 views

Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors

7.5CVSS6.2AI score0.00533EPSS

Exploits0References5Affected Software1

OSV•added 2025/08/06 9:15 p.m.•2 views

CVE-2025-47908

7.5CVSS5.8AI score0.00533EPSS

Exploits0References3

NVD•added 2025/08/06 9:15 p.m.•5 views

CVE-2025-47908

7.5CVSS0.00533EPSS

Exploits0References3

Cvelist•added 2025/08/06 8:41 p.m.•6 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

0.00533EPSS

Exploits0References3

Vulnrichment•added 2025/08/06 8:41 p.m.•5 views

CVE-2025-47908 Denial of service via malicious preflight requests in github.com/rs/cors

6.3AI score0.00533EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 3:9 a.m.•3 views

CVE-2023-21366

In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00083EPSS

Exploits0References1

Veracode•added 2024/07/08 7:28 a.m.•10 views

Denial Of Service (DoS)

github.com/rs/cors is vulnerable to Denial of Service DoS. The vulnerability is due to excessive heap allocations when processing malicious preflight requests that include an Access-Control-Request-Headers ACRH header with many commas, which allows attackers can cause undue stress on the...

7AI score

Exploits0

OSV•added 2024/07/05 7:42 p.m.•5 views

GHSA-MH55-GQVF-XFWM Denial of service via malicious preflight requests in github.com/rs/cors

7.5CVSS7AI score0.00533EPSS

Exploits0References6

Github Security Blog•added 2024/07/05 7:42 p.m.•13 views

Denial of service via malicious preflight requests in github.com/rs/cors

7.5CVSS7AI score0.00533EPSS

Exploits0References6Affected Software1

OSV•added 2024/07/02 7:20 p.m.•20 views

GO-2024-2883 Denial of service via malicious preflight requests in github.com/rs/cors

7.5CVSS7AI score0.00533EPSS

Exploits0References2

Positive Technologies•added 2024/07/02 12:0 a.m.•5 views

PT-2025-32214 · Unknown · Middleware

Name of the Vulnerable Software and Affected Versions: Middleware affected versions not specified Description: The middleware experiences excessive heap allocations when handling malicious preflight requests containing a large number of commas within the Access-Control-Request-Headers ACRH header...

7.5CVSS6.1AI score0.00533EPSS

Exploits0References17

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by