782 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-8202
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with...
CVE-2026-44432
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...
CVE-2026-44432
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...
CVE-2026-8202
Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...
CVE-2026-32936
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...
RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...
RHCOS 9 : OpenShift Container Platform 4.14.41 (RHSA-2024:9623)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9623 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
PT-2026-36036
NEW THREAT INTEL: Qinglong Auth Bypass Chain to RCE - CVE-2026-3965 + CVE-2026-4047 CVSS 9.3 chained for unauth RCE on Qinglong = 2.20.1, dropping .fullgc cryptominer. 9 detections, 20 IOCs. https://t.co/dXJBNXiie3 ThreatIntel CyberSecurity RCE CVE https://t.co/PmenIBo9jX...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
OESA-2026-2059 bind security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
CVE-2026-41146 facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop with unreachable exit condition
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a...
facil.io 资源管理错误漏洞
facil.io is a C-language high-performance web application microframework developed by Bo’s individual developer. Facil.io has a resource management vulnerability; this vulnerability arises when fiojsonparse enters an infinite loop upon encountering nested JSON values that start with “i” or “I”,...
js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document
A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...
SUSE SLES15 Security Update : bind (SUSE-SU-2026:1428-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1428-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Tenable has extracted the...
Security update for bind
This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Regular Expression Denial Of Service
fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2026:1366-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1366-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805...