Lucene search
K

7913 matches found

RedhatCVE
RedhatCVE
added 9 hours ago5 views

CVE-2026-49476

A flaw was found in soupsieve, a CSS selector library used with Beautiful Soup 4. This vulnerability allows a remote attacker to cause a denial of service DoS by supplying a specially crafted CSS selector string. The parser allocates unbounded memory when compiling large, comma-separated selector...

7.5CVSS6.1AI score
Exploits0References6
Microsoft CVE
Microsoft CVE
added 12 hours ago8 views

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

...

9.1CVSS6.1AI score0.00207EPSS
Exploits0
NVD
NVD
added yesterday5 views

CVE-2026-49476

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday26 views

CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday23 views

CVE-2026-48801 linkify-it: Quadratic algorithmic complexity in LinkifyIt#match scan loop

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has ON² algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs...

8.7CVSS
Exploits0References2
CVE
CVE
added yesterday28 views

CVE-2026-48801

Linkify-it (linkify-it) prior to version 5.0.1 has an O(N^2) scan loop in LinkifyIt.prototype.match, making inputs with many fuzzy links or emails vulnerable to resource exhaustion on a request hot path that renders untrusted Markdown with linkify: true. The issue arises from re-slicing input and...

8.7CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-59886

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...

7.5CVSS
Exploits0References3
AlpineLinux
AlpineLinux
added yesterday5 views

CVE-2026-59884

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with C...

7.5CVSS6.1AI score
Exploits0
AlpineLinux
AlpineLinux
added yesterday4 views

CVE-2026-59886

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...

7.5CVSS6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-12588

The CVE-2026-12588 entry describes a DoS condition in HX devices where an attacker with access to HX 10.0.0 and earlier can send specially crafted data to the HX console. The malicious detection triggers decompression of a large file, consuming excessive system resources and causing denial of ser...

6CVSS6.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday7 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS6.9AI score0.02806EPSS
Exploits0References5
OSV
OSV
added yesterday2 views

OPENSUSE-SU-2026:21342-1 Security update for python-soupsieve

This update for python-soupsieve fixes the following issues - CVE-2026-49476: Memory Exhaustion via Large Comma-Separated Selector Lists bsc1271187. - CVE-2026-49477: Regular Expression Denial of Service ReDoS via Selector Parser bsc1271188...

7.5CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-58105

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The public rank-filter API in the Pillow Python imaging library allows a native heap out-of-bounds write when a very large odd filter size is provided. This occurs because the...

8.2CVSS6.1AI score
Exploits0References8
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

0.00207EPSS
Exploits0References2
CVE
CVE
added 2 days ago17 views

CVE-2026-13221

CVE-2026-13221 affects Perl versions through 5.43.9. When an alternation of more than 65,535 fixed-string branches is compiled into a trie in Perl_study_chunk, the 16‑bit delta between the first branch and the shared tail overflows. The trie’s match decision table is truncated with no warning, pr...

9.1CVSS6.1AI score0.00207EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2 days ago3 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS6AI score0.0041EPSS
Exploits0References11
OSV
OSV
added 3 days ago3 views

CVE-2026-56259 Crawl4AI - LLM Credential Exfiltration via base_url and Environment Variable Resolution

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS6.2AI score0.00268EPSS
Exploits0References4
NVD
NVD
added 5 days ago10 views

CVE-2026-55213

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS0.00343EPSS
Exploits0References2
Rows per page
Query Builder