579 matches found
CVE-2026-53433
fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...
EUVD-2026-40303
fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...
Inefficient Algorithmic Complexity
Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted strin...
Inefficient Algorithmic Complexity
Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted string...
libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...
GHSA-WP3C-266W-4QFQ js-toml vulnerable to CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals
Summary js-toml versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration performs a BigInt BigInt operation on an accumulator that grows linearl...
Uncontrolled Resource Consumption
pypdf is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to inefficient processing of PDF streams using the /FlateDecode filter with a PNG predictor, where specially crafted PDF content can trigger excessive computation during stream decoding, allowing attackers to cause...
CVE-2026-49460
CVE-2026-49460 affects the Python PDF library pypdf . Prior to version 6.12.2 , processing a PDF that uses a stream with the /FlateDecode filter and a PNG predictor can cause unusually long runtimes. The issue is fixed in 6.12.2 . Impact, in line with the sources, is a denial of service-like slow...
Inefficient Algorithmic Complexity
Overview py7zr is a Pure python 7-zip library Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the PackInfo.read function. An attacker can cause excessive CPU consumption by providing a crafted archive with a large number of streams, leading to...
Security Bulletin: Vulnerabilities exists in IBM Netezza Software
Summary Vulnerabilities identified in IBM Netezza Software have been addressed in version 11.3.1.1. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when...
Inefficient Algorithmic Complexity
Overview org.webjars.npm:markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the replaceAt function in the smartquotes rule when processing markdown input with a large number of consecutive quotation mar...
CVE-2026-11478
A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...
EUVD-2026-35009
A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via evaluation of user-controlled Spring Expression Language SpEL expressions. An attacker can cause denial of service by supplying specially crafted SpEL expressions that trigger excessive CPU or memo...
PT-2026-47240
A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...
CVE-2026-11312 bytedance InfiniStore KV Map infinistore.h purge_kv_map algorithmic complexity
A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...
CVE-2026-11312
A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...
PT-2026-46877
A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge kv map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...
CVE-2026-10291
A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...