CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2 days ago•5 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

RedHat Linux•added 3 days ago•6 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

6.5CVSS7.2AI score0.00043EPSS

Fedora•added 2026/05/23 12:58 a.m.•7 views

[SECURITY] Fedora 44 Update: perl-Apache-Session-Browseable-1.3.19-1.fc44

A virtual Apache::Session back-end providing some class methods to manipulate all sessions and add the capability to index some fields to make re-search faster...

6.5CVSS5.8AI score0.00041EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•5 views

PT-2026-42752

This release brings a built-in Markdown editor, with both visual and source modes, plus support for tables, task lists, images, code blocks, file locking, and unsaved-change protection. It also adds optional trash retention, storage quota synchronization via LDAP/OIDC, improved file editing and...

5.9AI score

RedHat Linux•added 2026/05/20 1:36 p.m.•8 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

RedHat Linux•added 2026/05/20 11:57 a.m.•8 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: sched: Fixed out-of-bound access in uclamp. Util-clamp places tasks into different buckets based on their clamp values for performance reasons. However, the size of the buckets is currently computed using a rounding division, whi...

7.1CVSS6.4AI score0.00121EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A array indexing vulnerability was discovered in the netfilter subsystem of the Linux kernel. The absence of a certain macro could lead to an incorrect calculation of the offset of the h-nets array, giving attackers the ability to arbitrarily increment/decrement a memory buffer beyond its bounds...

7.8CVSS6.8AI score0.00014EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: tpm2-sessions: Fixed out-of-range indexing in namesize. The namesize field does not have any range checks; it simply indexes using TPMALGID. This could lead to memory corruption in extreme cases. The issue is addressed by only...

5.8AI score0.0004EPSS

Fedora•added 2026/05/19 4:20 p.m.•10 views

[SECURITY] Fedora 44 Update: python-pysam-0.24.0-1.fc44

pysam - a python module for reading, manipulating and writing genomic data sets.pysam is a lightweight wrapper of the htslib C-API and provides faciliti es to read and write SAM/BAM/VCF/BCF/BED/GFF/GTF/FASTA/FASTQ files as well as access to the command line functionality of the samtools and...

9.8CVSS5.8AI score0.00122EPSS

CNNVD•added 2026/05/19 12:0 a.m.•5 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...

7.1CVSS6AI score0.00047EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•11 views

PT-2026-41862

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00054EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-41964

This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...

5.4CVSS5.7AI score

Exploits0References3

Packet Storm News•added 2026/05/15 12:0 a.m.•5 views

Faraday 5.21.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

5.8AI score

RedHat Linux•added 2026/05/13 1:20 p.m.•9 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

Redos•added 2026/05/12 12:0 a.m.•5 views

ROS-20260512-73-0009

Vulnerability in beats related to unchecked array indexing. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...

6.5CVSS5.8AI score0.00056EPSS