Lucene search
+L

582 matches found

Vulnrichment
Vulnrichment
added 2026/06/02 10:1 p.m.10 views

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

5.9AI score0.00939EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/29 8:2 p.m.36 views

Inefficient CPU Computation

Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Inefficient CPU Computation in the WithExpandoObjectConverter. An attacker can cause excessive CPU consumption by deserializing special...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/27 7:33 p.m.11 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the BER data parsing process. An attacker can cause excessive resource consumption and service disruption by submitting specially crafted indefinite length encodings. Remediation Upgrade botan to...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/05/25 12:0 a.m.4 views

The vulnerability of the minimatch library on the Node.js software platform lies in the use of a regular expression with inefficient computational complexity, which allows attackers to trigger a service failure.

The vulnerability of the minimatch library on the Node.js software platform is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...

7.8CVSS6.5AI score0.00472EPSS
Exploits1References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/05/25 12:0 a.m.6 views

The vulnerability of the minimatch library on the Node.js software platform lies in the use of a regular expression with inefficient computational complexity, which allows attackers to trigger a service failure.

The vulnerability of the minimatch library on the Node.js software platform is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...

7.8CVSS6.5AI score0.00519EPSS
Exploits1References7Affected Software4
Snyk
Snyk
added 2026/05/22 5:42 p.m.12 views

Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by providi...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 12:0 a.m.15 views

ALSA-2026:18683 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Double Free Vulnerability in libssh Key Export Functions CVE-2025-5351 libssh: Use of uninitialized variable in privatekeyfromfile CVE-2025-4878 libssh: Write...

8.2CVSS7.2AI score0.00582EPSS
Exploits0References22
EUVD
EUVD
added 2026/05/14 1:8 p.m.22 views

EUVD-2026-28800

Absinthe: Quadratic fragment-name uniqueness check...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/11 6:24 p.m.12 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Inefficient Algorithmic Complexity (CVE-2026-27903, CVE-2026-27904)

Summary There are vulnerabilities in minimatch-9.0.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27903, CVE-2026-27904. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27903 DESCRIPTION: minimatch is a minimal matching utili...

7.5CVSS7.1AI score0.00517EPSS
Exploits2Affected Software1
Snyk
Snyk
added 2026/05/10 8:12 a.m.11 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity due to the computational complexity of attribute name collision checks in XML parsing. An attacker can cause excessive resource consumption by providing specially crafted XML input. Remediation Upgrade...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
Redos
Redos
added 2026/05/08 12:0 a.m.12 views

ROS-20260508-73-0002

Vulnerability in rubygem-activesupport related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

6.9CVSS5.8AI score0.00498EPSS
Exploits0
Snyk
Snyk
added 2026/05/05 9:12 p.m.9 views

Inefficient Algorithmic Complexity

Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the decode function in the DNS name decompression process. An attacker can cause the server to hang and...

8.7CVSS5.8AI score0.00433EPSS
Exploits1References2
Veracode
Veracode
added 2026/04/29 10:20 a.m.15 views

Denial Of Service (DoS)

Spring Core is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient handling of static resource resolution on Windows file systems, where specially crafted requests can take excessive time to process and hold HTTP connections open, leading to resource exhaustion and servic...

5.3CVSS5.3AI score0.00341EPSS
Exploits0References4Affected Software3
RedHat Linux
RedHat Linux
added 2026/04/24 2:38 a.m.11 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.2AI score0.00349EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 10:46 a.m.10 views

Security Bulletin: Vulnerabilities in python affects IBM Netezza Appliance

Summary The python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-12084, CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-12084 DESCRIPTION: When building nested elements using xml.dom.minidom methods such as appendChild that have a...

7.5CVSS5.8AI score0.01525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:5 p.m.11 views

Security Bulletin: Multiple vulnerabilities in Python affect AIX

Summary Vulnerabilities in Python could allow a null pointer dereference CVE-2026-32776, CVE-2026-32778, an infinite loop CVE-2026-32777, or impact availability CVE-2025-12084. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-32776...

6.3CVSS5.8AI score0.00708EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:54 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509 [CVE-2025-58187]

Summary IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509, due to non-linear processing time of some inputs scale with respect to the size of the certificate CVE-2025-58187. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has...

7.5CVSS6.8AI score0.00384EPSS
Exploits0Affected Software1
Wiz blog
Wiz blog
added 2026/04/14 12:0 p.m.4 views

Introducing Shadow Data Detection: Reduce Cost and Risk Across Your Cloud

Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/14 1:5 a.m.4 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the OverlappingFieldsCanBeMerged validation process. An attacker can cause excessive CPU usage and resource exhaustion by submitting queries containing thousands of repeated fields with the sam...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

musl libc 安全漏洞

musl libc is an open-source C language standard library developed by musl. It is primarily used in embedded systems and mobile devices. Versions of musl libc up to 1.2.6 contained security vulnerabilities, which were caused by inefficient algorithms and could lead to local attacks...

4.8CVSS5.7AI score0.00227EPSS
Exploits1References7
Rows per page
Query Builder