Lucene search
+L

268 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-30922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursio...

7.5CVSS6.8AI score0.00803EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/17 4:17 p.m.7 views

Denial of Service in pyasn1 via Unbounded Recursion

Summary The pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. This...

7.5CVSS7.1AI score0.00803EPSS
Exploits1References8Affected Software1
Snyk
Snyk
added 2026/03/17 4:17 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion when decoding ASN.1 data. An attacker can cause the application to crash or exhaust system memory by supplying specially crafted ASN.1 data with deeply nested SEQUENCE or SET tags using indefinite Length markers...

8.7CVSS7.2AI score0.00803EPSS
Exploits1References2
OSV
OSV
added 2026/03/17 4:17 p.m.6 views

GHSA-JR27-M4P2-RC6R Denial of Service in pyasn1 via Unbounded Recursion

Summary The pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. This...

7.5CVSS7.1AI score0.00803EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.13 views

PT-2026-25973

Name of the Vulnerable Software and Affected Versions pyasn1 versions prior to 0.6.3 Description The pyasn1 library is susceptible to a Denial of Service DoS attack stemming from uncontrolled recursion when decoding ASN.1 data containing deeply nested structures. An attacker can craft a payload...

7.8CVSS7.1AI score0.00803EPSS
Exploits1References264
ATTACKERKB
ATTACKERKB
added 2026/03/03 5:0 a.m.5 views

CVE-2026-3449

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

4.8CVSS5.9AI score0.00112EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.5 views

CVE-2026-28268

Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a...

9.8CVSS6AI score0.00673EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/25 6:28 p.m.25 views

CVE-2026-25476 OpenEMR has Session Timeout Bypass via skip_timeout_reset

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

7.5CVSS0.00312EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/19 8:32 p.m.4 views

Improper Handling of Windows Device Names

Overview Affected versions of this package are vulnerable to Improper Handling of Windows Device Names via the safejoin function. An attacker can cause the application to hang indefinitely by requesting a path ending with a Windows special device name. Notes: 1 This is only vulnerable on Windows,...

6.3CVSS6.4AI score0.00556EPSS
Exploits1References2
OSV
OSV
added 2026/02/17 6:9 p.m.5 views

GO-2026-4488 webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go

webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go...

7.5CVSS5.4AI score0.00413EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/12 8:1 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the STARTTLS component. An attacker can cause resource exhaustion by sending a specially crafted request and stalling the connection, which bypasses configured read timeouts and...

8.7CVSS5.6AI score0.00709EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/07 5:47 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the indefinite wait state in the HTTP response handling process. An attacker can cause worker threads to become permanently blocked by repeatedly closing HTTP connections while...

8.2CVSS5.6AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.14 views

PT-2026-6179

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s fs/writeback functionality, specifically within the wait sb inodes function. The issue involves skipping AS NO DATA INTEGRITY mappings, which can caus...

5.5AI score0.00111EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/11 12:58 a.m.14 views

CVE-2025-67507

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...

8.1CVSS6.7AI score0.00312EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 5:19 p.m.7 views

GHSA-PVCV-Q3Q7-266G Filament multi-factor authentication (app) recovery codes can be used multiple times

A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused indefinitely. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. If an attacker gains access to both the user's password and...

8.1CVSS5.5AI score0.00312EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2020-28196)

MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit. This plugin only works with Tenable.ot. Please visit...

7.5CVSS7.4AI score0.04365EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:46 p.m.2 views

Malicious code in lina-empal6-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69ee9be93d7a863085ad8ae797a8526effc3350e9f235db89760a3aae98d7bfd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 12:41 a.m.2 views

MAL-2025-67255 Malicious code in coastal-cyan-seahorse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fca3a7b462db2e0c9bdd74555f00f28c29f87cfdc0f55b424281c3bd93ae4ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
NVD
NVD
added 2025/10/16 11:15 a.m.10 views

CVE-2025-3930

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS0.00633EPSS
Exploits0References4
Talos
Talos
added 2025/10/16 12:0 a.m.9 views

Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability

Talos Vulnerability Report TALOS-2025-2142 Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability October 16, 2025 CVE Number None SUMMARY A stack overflow vulnerability exists in the GetIndefiniteElementLen functionality of Dell BSAFE Crypto-C xxx. A specially crafted ASN.1...

7.5AI score
Exploits0
Rows per page
Query Builder