Lucene search
+L

782 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-8202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/13 4:16 p.m.13 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:17 p.m.14 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:19 a.m.8 views

CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/05 8:16 p.m.9 views

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00672EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.12 views

RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

9.1CVSS5.8AI score0.01386EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.10 views

RHCOS 9 : OpenShift Container Platform 4.14.41 (RHSA-2024:9623)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9623 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

9.1CVSS5.8AI score0.01386EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/29 11:27 a.m.11 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS4.8AI score0.00426EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.10 views

PT-2026-36036

NEW THREAT INTEL: Qinglong Auth Bypass Chain to RCE - CVE-2026-3965 + CVE-2026-4047 CVSS 9.3 chained for unauth RCE on Qinglong = 2.20.1, dropping .fullgc cryptominer. 9 detections, 20 IOCs. https://t.co/dXJBNXiie3 ThreatIntel CyberSecurity RCE CVE https://t.co/PmenIBo9jX...

6.5CVSS6.8AI score0.00441EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/28 7:54 a.m.6 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS5.6AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/28 7:43 a.m.15 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS4.8AI score0.00426EPSS
Exploits0References6
OSV
OSV
added 2026/04/25 5:49 a.m.5 views

OESA-2026-2059 bind security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

7.5CVSS8.7AI score0.01545EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 1:7 a.m.32 views

CVE-2026-41146 facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop with unreachable exit condition

facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a...

8.7CVSS0.00294EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

facil.io 资源管理错误漏洞

facil.io is a C-language high-performance web application microframework developed by Bo’s individual developer. Facil.io has a resource management vulnerability; this vulnerability arises when fiojsonparse enters an infinite loop upon encountering nested JSON values that start with “i” or “I”,...

8.7CVSS5.8AI score0.00294EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/21 5:31 p.m.2 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6.5AI score0.00358EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.3 views

SUSE SLES15 Security Update : bind (SUSE-SU-2026:1428-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1428-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Tenable has extracted the...

7.5CVSS5.8AI score0.01545EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/17 10:0 a.m.4 views

Security update for bind

This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.7CVSS7.4AI score0.01545EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/17 8:17 a.m.10 views

Regular Expression Denial Of Service

fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...

6.5CVSS5.7AI score0.00262EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/16 12:52 p.m.5 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.10 views

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2026:1366-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1366-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805...

7.5CVSS7.3AI score0.01545EPSS
Exploits0References4
Rows per page
Query Builder