CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/12 9:20 p.m.•7 views

Denial of Service (DoS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Denial of Service DoS through the handling of resource requests. An attacker can cause the application to become unresponsive by sending specially crafted requests that...

8.7CVSS5.8AI score0.0002EPSS

RedhatCVE•added 2026/05/09 1:45 a.m.•8 views

CVE-2026-43469

A flaw was found in the Linux kernel's xprtrdma component. This vulnerability occurs when the rpcrdmapostrecvs function fails to create a work request or exits prematurely, leading to the rereceiving counter not being decremented. This improper resource handling can cause the system to hang...

7.5CVSS5.8AI score0.0007EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way pa works we have: pa0x8000000000000000 == 0, and therefore virttopfn0x8000000000000000 == ...

5.5CVSS6AI score0.00016EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add addpages override for PPC With commit ffa0b64e3be5 "powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit" the kernel now validate the addr against highmemory value. This results in the below BUGON with da...

5.5CVSS6.5AI score0.00143EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fillpool syzbot is reporting a lockdep warning in fillpool because the allocation from debugobjects is using GFPATOMIC, which is GFPHIGH | GFPKSWAPDRECLAIM and therefore tries to wake up...

5.7AI score0.00029EPSS

Exploits0References1

Snyk•added 2026/04/08 10:12 p.m.•3 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...

8.2CVSS5.8AI score0.00007EPSS

Veracode•added 2026/03/21 5:27 a.m.•3 views

Denial Of Service

pypdf is vulnerable to Denial of Service. The vulnerability is due to inefficient decoding of array-based streams, where accessing an array-based stream with many entries leads to long runtimes and large memory usage, and attackers can exploit it by crafting a malicious PDF with a large array-bas...

6.5CVSS5.8AI score0.00014EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/20 10:16 a.m.•1 views

UBUNTU-CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

6.5CVSS5.7AI score0.00014EPSS

Exploits0References5

CNNVD•added 2026/03/20 12:0 a.m.•4 views

pypdf 安全漏洞

pypdf is an open-source, free Python library for handling PDF files. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.9.1 contained security vulnerabilities, which stemmed from defects in processing malicious PDFs. These vulnerabiliti...

6.5CVSS5.8AI score0.00014EPSS

Exploits0References4

Positive Technologies•added 2026/02/27 12:0 a.m.•3 views

PT-2026-22400

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.4 Description The pypdf library is susceptible to a resource exhaustion issue. An attacker can create a specially crafted PDF file that causes excessive memory usage when processed using the RunLengthDecode filter...

6.9CVSS5.7AI score0.00019EPSS

Exploits0References23

RedHat Linux•added 2026/02/25 11:48 a.m.•4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00043EPSS

Exploits1References8

RedHat Linux•added 2026/02/16 11:40 a.m.•4 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

Amazon•added 2026/02/05 12:0 a.m.•2 views

Important: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

8.9CVSS5.7AI score0.00032EPSS

Exploits0

RedHat Linux•added 2026/02/03 10:17 a.m.•2 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

RedHat Linux•added 2026/02/02 3:25 p.m.•7 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

RedHat Linux•added 2026/02/02 6:47 a.m.•4 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

RedHat Linux•added 2026/01/28 3:32 p.m.•5 views

urllib3: urllib3 Streaming API improperly handles highly compressed data