521 matches found
CVE-2026-10291
A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...
Inefficient CPU Computation
Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Inefficient CPU Computation in the WithExpandoObjectConverter. An attacker can cause excessive CPU consumption by deserializing special...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the BER data parsing process. An attacker can cause excessive resource consumption and service disruption by submitting specially crafted indefinite length encodings. Remediation Upgrade botan to...
Inefficient Algorithmic Complexity
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...
ALSA-2026:18683 Moderate: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Double Free Vulnerability in libssh Key Export Functions CVE-2025-5351 libssh: Use of uninitialized variable in privatekeyfromfile CVE-2025-4878 libssh: Write...
EUVD-2026-28800
Absinthe: Quadratic fragment-name uniqueness check...
Security Bulletin: MongoDB Enterprised Advanced affected by: Inefficient Algorithmic Complexity (CVE-2026-27903, CVE-2026-27904)
Summary There are vulnerabilities in minimatch-9.0.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27903, CVE-2026-27904. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27903 DESCRIPTION: minimatch is a minimal matching utili...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity due to the computational complexity of attribute name collision checks in XML parsing. An attacker can cause excessive resource consumption by providing specially crafted XML input. Remediation Upgrade...
ROS-20260508-73-0002
Vulnerability in rubygem-activesupport related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Inefficient Algorithmic Complexity
Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the decode function in the DNS name decompression process. An attacker can cause the server to hang and...
Denial Of Service (DoS)
Spring Core is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient handling of static resource resolution on Windows file systems, where specially crafted requests can take excessive time to process and hold HTTP connections open, leading to resource exhaustion and servic...
Security Bulletin: Vulnerabilities in python affects IBM Netezza Appliance
Summary The python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-12084, CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-12084 DESCRIPTION: When building nested elements using xml.dom.minidom methods such as appendChild that have a...
Security Bulletin: Multiple vulnerabilities in Python affect AIX
Summary Vulnerabilities in Python could allow a null pointer dereference CVE-2026-32776, CVE-2026-32778, an infinite loop CVE-2026-32777, or impact availability CVE-2025-12084. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-32776...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509 [CVE-2025-58187]
Summary IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509, due to non-linear processing time of some inputs scale with respect to the size of the certificate CVE-2025-58187. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has...
Introducing Shadow Data Detection: Reduce Cost and Risk Across Your Cloud
Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the OverlappingFieldsCanBeMerged validation process. An attacker can cause excessive CPU usage and resource exhaustion by submitting queries containing thousands of repeated fields with the sam...
ROS-20260410-73-0011
Vulnerability in libssh related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
musl libc 安全漏洞
musl libc is an open-source C language standard library developed by musl. It is primarily used in embedded systems and mobile devices. Versions of musl libc up to 1.2.6 contained security vulnerabilities, which were caused by inefficient algorithms and could lead to local attacks...
Inefficient Algorithmic Complexity
Overview @chenglou/pretext is a Fast, accurate & comprehensive text measurement & layout Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the isRepeatedSingleCharRun function during text analysis. An attacker can cause significant performance...