CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/03/10 9:36 p.m.•1 views

CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

6.8CVSS5.8AI score0.00005EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/03/10 12:0 a.m.•2 views

pypdf 安全漏洞

pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.8.0, pypdf had a security vulnerability. This vulnerability stemmed from improper memory usage when parsing PDF content streams...

6.8CVSS5.8AI score0.00005EPSS

Exploits0References5

Tenable Nessus•added 2026/02/12 12:0 a.m.•4 views

GitLab 6.3 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-14157)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial...

6.5CVSS5.7AI score0.00077EPSS

Cvelist•added 2026/01/27 5:52 p.m.•19 views

CVE-2026-0918 Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS

The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated...

7.1CVSS0.00059EPSS

Exploits0References7

RedhatCVE•added 2025/12/12 4:13 a.m.•1 views

CVE-2025-14157

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters...

6.5CVSS6.7AI score0.00077EPSS

NVD•added 2025/12/11 4:15 a.m.•1 views

CVE-2025-14157

6.5CVSS0.00077EPSS

EUVD•added 2025/12/11 3:33 a.m.•1 views

EUVD-2025-202661

6.5CVSS6.2AI score0.00077EPSS

Exploits0References3

Vulnrichment•added 2025/12/11 3:33 a.m.•1 views

CVE-2025-14157 Allocation of Resources Without Limits or Throttling in GitLab

6.5CVSS6.3AI score0.00077EPSS

Cvelist•added 2025/12/11 3:33 a.m.•26 views

CVE-2025-14157 Allocation of Resources Without Limits or Throttling in GitLab

6.5CVSS0.00077EPSS

CVE•added 2025/12/11 3:33 a.m.•12 views

CVE-2025-14157

CVE-2025-14157 affects GitLab CE/EE: authenticated users could cause a DoS by sending crafted API calls with large content parameters. Affected versions are GitLab 6.3–18.4.5, 18.5.0–18.5.3, and 18.6.0–18.6.1; fixed in GitLab 18.6.2 (and related patch releases). Remediation is to upgrade to the p...

6.5CVSS6.3AI score0.00077EPSS

Exploits0References2Affected Software1

Snyk•added 2025/12/01 6:2 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the http.client.HTTPResponse.read function when used without arguments. An attacker can exhaust system memory and potentially cause application or system instability by sending a...

7.5CVSS7.3AI score0.00215EPSS

OSV•added 2025/11/26 11:15 p.m.•0 views

UBUNTU-CVE-2025-64333

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions...

7.5CVSS5.8AI score0.00076EPSS

Vulnrichment•added 2025/11/26 10:57 p.m.•1 views

CVE-2025-64333 Suricata is vulnerable to a stack overflow from big content-type

7.5CVSS6.4AI score0.00076EPSS

Debian CVE•added 2025/11/26 10:57 p.m.•7 views

CVE-2025-64333

7.5CVSS5.3AI score0.00076EPSS

Exploits0

EUVD•added 2025/11/26 10:57 p.m.•3 views

EUVD-2025-199775

7.5CVSS6.3AI score0.00076EPSS

OSV•added 2025/11/26 10:57 p.m.•2 views

CVE-2025-64333 Suricata is vulnerable to a stack overflow from big content-type

7.5CVSS6.7AI score0.00076EPSS

Exploits0References3

Positive Technologies•added 2025/11/06 12:0 a.m.•1 views

PT-2025-48206

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 7.0.13 Suricata versions prior to 8.0.2 Description Suricata, a network IDS, IPS and NSM engine, is susceptible to a stack overflow when logging large HTTP content types. This can lead to Suricata crashing. A...

7.8CVSS6.8AI score0.01059EPSS

Exploits3References59

OSV•added 2025/06/17 9:32 p.m.•1 views

GHSA-WGC6-9F6W-H8HX Withdrawn Advisory: microlight allows a denial of service

Withdrawn Advisory This advisory has been withdrawn because the proof of concept does not demonstrate a practical security impact. This link is maintained to preserve external references. Original Description A denial of service DoS vulnerability has been identified in the JavaScript library...

5.1CVSS5.8AI score0.00084EPSS

RedhatCVE•added 2025/05/23 6:2 a.m.•1 views

CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

7.5CVSS6.7AI score0.00701EPSS