Lucene search
K

1153 matches found

CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Ledger Live 代码问题漏洞

Ledger Live is an encrypted asset management application developed by the French company Ledger. Versions of Ledger Live prior to 6.34.7 contained a code vulnerability caused by integer parsing issues. This vulnerability allowed attackers to manipulate EIP-712 type data messages by exploiting...

6.9CVSS5.9AI score0.00263EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/15 8:2 a.m.18 views

Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

...

8.7CVSS5.8AI score0.00431EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/12 2:9 p.m.8 views

CVE-2026-42260 Open-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

8.2CVSS5.8AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.11 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 7:16 p.m.9 views

DEBIAN-CVE-2026-7790

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 7:16 p.m.15 views

CVE-2026-7790

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS0.00431EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 6:6 p.m.37 views

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS0.00431EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 6:6 p.m.9 views

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 6:6 p.m.19 views

CVE-2026-7790

CVE-2026-7790 : Uncontrolled resource consumption in ninenines cowlib (cow_http_te) allows CPU and memory DoS via HTTP/1.1 chunked transfer encoding. The chunk-size field accepts an unbounded number of hex digits, causing O(N^2) CPU work and O(N) memory for N digits; drip-fed input worsens this t...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/11 6:6 p.m.5 views

EEF-CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Summary Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, ...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39731

Name of the Vulnerable Software and Affected Versions cowlib versions 0.6.0 through 2.16.0 Description An uncontrolled resource consumption issue in the cow http te module allows for excessive allocation. The chunked transfer-encoding parser accepts an unbounded number of hex digits in the...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Cowlib 资源管理错误漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. In versions 0.6.0 to 2.16.1 of Cowlib, there was a resource management error vulnerability. This vulnerability stemmed from the block transfer encoding parser in the cowhttpte module, which allowed unlimited...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/10 12:33 a.m.21 views

EUVD-2026-28942

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directry if the victim uses an attacker-supplied .i64 file...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/05/09 9:47 p.m.16 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 prior to 9.3sp2 do not block Clang dependency-file generation, enabling argument-injection via attacker-supplied .i64 files to place code into a plugins directory. Root cause: missing validation in dependency-file generation. Impact: local attacker could achieve code ...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.7 views

SUSE CVE-2026-43431

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

5.7AI score0.00107EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.10 views

Hex-Rays IDA Pro 参数注入漏洞

Hex-Rays IDA Pro is a professional reverse-engineering tool developed by the Belgian company Hex-Rays. It is used for disassembly and program analysis. Versions of Hex-Rays IDA Pro from 9.2 to 9.3sp2 contained a parameter injection vulnerability. This vulnerability stemmed from the lack of...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 10:11 p.m.35 views

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 10:11 p.m.22 views

CVE-2026-42345

FastGPT (version 4.14.11 and earlier) exposes an SSRF risk in isInternalAddress() (packages/service/common/system/utils.ts) where a fullUrl.startsWith() hardcoded blocklist can be bypassed by at least 7 URL-encoding techniques that resolve to the cloud metadata endpoint. The broader private IP ch...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 3:16 p.m.5 views

UBUNTU-CVE-2026-43431

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 3:16 p.m.12 views

UBUNTU-CVE-2026-43380

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

7.8CVSS5.9AI score0.00143EPSS
Exploits0References10
Rows per page
Query Builder