Lucene search
K

138 matches found

OSV
OSV
added last week2 views

PYSEC-2026-982 TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2`

Impact When RandomPoissonV2 receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=4,, dtype=tf.int32, maxval=65536 arg1=tf.random.uniformshape=4, 4, 4, 4, 4, dtype=tf.float32, maxval=None...

5.9CVSS7AI score0.00396EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 5:14 p.m.3 views

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 4:11 p.m.33 views

CVE-2025-32394 AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the...

5.3CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:9 p.m.13 views

CVE-2025-32423

AutoGPT contains a DoS vulnerability in the ExtractTextInformationBlock prior to version 0.6.32. Malicious input amplification can cause a server to consume excessive memory (e.g., 10 KB input leading to ~50 GB memory usage), exhausting resources and causing DoS. The issue is fixed in 0.6.32. Aff...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculations, the library may incorrectly calculate buffer boundaries. This can lead to memory writes outside of the allocated buffer. Applications...

4.2CVSS5.9AI score0.00304EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.10 views

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are vulnerable to a denial-of-service attack due to very large inputs containing a specific sequence of characters...

7.5CVSS6.8AI score0.25327EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in openssl1.0

Calls to the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions may cause the output length argument to overflow in some cases where the input length is close to the maximum permissible length for integers on the platform. In such cases, the return value from the function call will...

7.5CVSS6.6AI score0.50732EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 2:16 p.m.20 views

ALPINE-CVE-2026-6473

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/14 1:18 p.m.9 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the escapeandappend function in the document-builder API when processing very large input strings on platforms with limited sizet width. An attacker can cause out-of-bounds memory reads, potentially...

6.9CVSS5.8AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 10:27 a.m.15 views

EUVD-2026-30265

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...

6.9CVSS5.9AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40301

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References3
OSV
OSV
added 2026/05/09 12:32 p.m.8 views

OESA-2026-2231 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-43400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpuuserqsignalioctl can lead to a OOM and could be exploited. So check...

5.5CVSS6.2AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/04/26 1:19 p.m.10 views

CVE-2018-25275

CVE-2018-25275 affects Faleemi Plus 1.0.2 and describes a local buffer overflow that can crash the application. A 2000-byte payload pasted into the Camera name and DID number fields during camera addition is reported to trigger the crash. The connected records confirm the vulnerability and its lo...

6.9CVSS5.7AI score0.00136EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/13 5:23 p.m.5 views

CVE-2026-31423

A flaw was found in the Linux kernel's Hierarchical Fair Service Curve HFSC network scheduler. When processing specific large input values, a calculation error can cause a variable to be truncated to zero. This zero value is then used as a divisor, leading to a divide-by-zero error and a system...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References4
OSV
OSV
added 2026/04/13 5:38 a.m.2 views

BIT-ELK-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 6:34 p.m.5 views

EUVD-2026-20521

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 6:26 p.m.10 views

CVE-2026-33459

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

6.5CVSS0.0024EPSS
Exploits0References1
OSV
OSV
added 2026/04/06 8:16 p.m.3 views

DEBIAN-CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

5.9CVSS4.8AI score0.00275EPSS
Exploits1References1
Rows per page
Query Builder