CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Apache2

If the Apache HTTP Server 2.4.53 is configured to perform transformations using modsed, especially in contexts where the input to modsed can be very large, modsed may cause excessive memory allocation and trigger an abort...

7.5CVSS7.5AI score0.90407EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in lz4

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: The vendor states that “only a few specific/rare uses of the API are at risk.”...

8.1CVSS7.3AI score0.09116EPSS

RedhatCVE•added 2026/06/05 7:24 p.m.•8 views

CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

6.5CVSS5.4AI score0.00263EPSS

RedHat Linux•added 2026/06/02 10:29 p.m.•11 views

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

7.5CVSS5.8AI score0.00241EPSS

Exploits0References5

OSV•added 2026/05/26 7:31 p.m.•15 views

JLSEC-2026-547

A flaw was found in the opj2decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and...

5.5CVSS7.1AI score0.01078EPSS

Exploits0References13

OSV•added 2026/05/21 8:39 p.m.•4 views

USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

8.8CVSS6.3AI score0.00471EPSS

Exploits0References12

Ubuntu•added 2026/05/21 8:39 p.m.•11 views

USN-8294-1: PostgreSQL vulnerabilities

8.8CVSS6.3AI score0.00471EPSS

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в openjpeg2

A flaw was discovered in the opj2decompress program within openjpeg2 2.4.0, particularly in its handling of an input directory containing a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, resulting...

5.5CVSS7AI score0.01078EPSS

OSV•added 2026/05/19 8:53 a.m.•5 views

BIT-MONGODB-2026-8202 Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

Tenable Nessus•added 2026/05/18 12:0 a.m.•8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021480)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021480 advisory. A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the...

4.2CVSS5.8AI score0.00304EPSS

Exploits1References4

NVD•added 2026/05/13 4:17 a.m.•5 views

CVE-2026-8202

6.5CVSS0.00263EPSS

OSV•added 2026/05/13 4:17 a.m.•0 views

UBUNTU-CVE-2026-8202

UbuntuCve•added 2026/05/13 4:17 a.m.•6 views

CVE-2026-8202

CVE•added 2026/05/13 12:19 a.m.•47 views

CVE-2026-8202

CVE-2026-8202 affects MongoDB Server prior to certain fixed versions: v7.0 before 7.0.34, v8.0 before 8.0.23, v8.2 before 8.2.9, and v8.3 before 8.3.2. The issue is a post-authentication CPU DoS caused by using a densely populated characters mask with large input strings in the MongoDB aggregatio...

Exploits0References1Affected Software1

Cvelist•added 2026/05/13 12:19 a.m.•56 views

CVE-2026-8202 Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators

5.3CVSS0.00263EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40286

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00241EPSS

Exploits0References3

Cvelist•added 2026/05/10 3:42 a.m.•50 views

CVE-2026-7568 Signed integer overflow in metaphone()

6.3CVSS0.00241EPSS

Tenable Nessus•added 2026/05/09 12:0 a.m.•4 views

Unity Linux 20.1070e Security Update: openjpeg2 (UTSA-2026-017380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017380 advisory. A flaw was found in the opj2decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a...

5.5CVSS6AI score0.01078EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Netty

The Snappy frame decoder function does not limit the chunk length, which can lead to excessive memory usage. In addition, it may also buffer reserved skipable chunks until the entire chunk is received, which can also result in excessive memory usage. This vulnerability can be exploited by providi...

7.5CVSS6.9AI score0.0628EPSS