Lucene search
K

8213 matches found

Cvelist
Cvelist
added 2026/07/02 7:33 a.m.37 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS0.00366EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:33 a.m.8 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55275

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Fiber versions prior to 2.52.14 Description The BalancerForward proxy helper in middleware/proxy/proxy.go uses the Header.Add function instead of Header.Set when injecting the X-Real-IP header. This behavior appen...

5.3CVSS6AI score0.00455EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.36 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

0.00451EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55049

Name of the Vulnerable Software and Affected Versions Simple URLs versions prior to 152 Description Cross Site Scripting XSS occurs when an application includes untrusted data in a web page without proper validation or escaping, allowing an attacker to execute malicious scripts in the victim's...

5.9CVSS6AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-54936

Name of the Vulnerable Software and Affected Versions Eclipse Parsson versions prior to 1.1.8 Description The JSON parser does not enforce a default maximum on the number of characters consumed when parsing a single JSON document. This allows an attacker to provide specially crafted JSON document...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-20243

Fixed ALZ parser size handling bugs that could cause malformed ALZ archives to panic, abort the scanner, or skip expected scan-limit handling...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-20216

Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and exhaust temporary storage...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 9:59 p.m.2 views

GHSA-J48M-H7XQ-2XPJ goshs: Share-link ?token=… redemption races past download limit

Share-link ?token=… redemption races past download limit Ecosystem: Go Package: goshs.de/goshs/v2 github.com/patrickhener/goshs Affected: 0 || entry.DownloadLimit == -1 // ...serve file... // = current.DownloadLimit deletefs.SharedLinks, token fs.sharedLinksMu.Unlock Between line 978 RUnlock and...

5.9CVSS5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 12:13 p.m.5 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.5 views

axios: Axios: Denial of Service due to unenforced request and response size limits

A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References5
NVD
NVD
added 2026/07/01 12:16 a.m.7 views

CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.4 views

PT-2026-55218

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description A race condition exists in the ShareHandler when processing share-link redemptions. The system reads the DownloadLimit of a share token using a read lock, releases it to serve the file, and only then...

5.9CVSS6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:37 p.m.5 views

CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.8 views

qs: qs: Denial of Service via improper input validation in array parsing

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

6.3CVSS6.7AI score0.0041EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53972

Name of the Vulnerable Software and Affected Versions coturn versions prior to 4.13.0 Description An authenticated TURN client can bypass the default loopback guard by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 within a TURN XOR-PEER-ADDRESS attribute. This occurs because the ioa ad...

7.4CVSS6.1AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/29 10:56 p.m.8 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.9AI score0.00451EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/29 10:9 p.m.25 views

CVE-2026-7656 Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6nbr.c handlerainput, handlensinput, handlenainput used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target checks...

8.1CVSS0.00205EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/29 8:27 p.m.4 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.9AI score0.00451EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/29 5:17 p.m.38 views

CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS0.00192EPSS
Exploits0References4
Rows per page
Query Builder