Lucene search
K

692 matches found

CVE
CVE
added 6 days ago11 views

CVE-2026-56289

CVE-2026-56289 affects GNU patch. The vulnerability is a DoS caused by improper validation of hunk line offsets in unified-diff input, where a crafted patch can specify an extremely large line number, causing an effectively infinite processing loop and high CPU usage, rendering the process unresp...

5.5CVSS5.9AI score0.00115EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added last week37 views

CVE-2025-3110

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

6.9CVSS0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 9:16 a.m.11 views

CVE-2026-57253

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS0.00107EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 7:54 p.m.7 views

EUVD-2026-24973

cut: -s only-delimited ignored when delimiter is a newline...

3.3CVSS6AI score0.00135EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 6:27 a.m.5 views

OESA-2026-2838 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.CVE-2026-54273 If an attacker sends...

8.7CVSS6AI score0.00322EPSS
Exploits0References9
OSV
OSV
added 2026/07/01 5:40 p.m.2 views

GHSA-J9PP-7WFG-Q7FJ Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines

Summary A memory-safety vulnerability in Open Babel's ChemKin parser caused a NULL pointer dereference when reading a crafted input file. Details The flaw was in ChemKinFormat::ReadReactionQualifierLines. A malformed reaction qualifier record caused the parser to dereference a NULL pointer. Impac...

5.5CVSS5.8AI score0.00187EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/06/30 2:28 p.m.8 views

CVE-2026-53432

A flaw was found in fzf. An integer overflow vulnerability exists in the FuzzyMatchV2 function when processing exceptionally long input lines and patterns. This can lead to the application terminating unexpectedly with a non-recoverable panic, resulting in a Denial of Service DoS. A local user...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-57451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's te...

6.1CVSS6AI score0.00113EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 7:16 p.m.13 views

CVE-2026-53428

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS0.00142EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:52 p.m.4 views

EEF-CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Summary Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comrak\nif::lumis\adapter::LumisAdapter::parse\highlight\lines in native/comrak\nif/src/lumis\adapter.rs eagerly...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 6:52 p.m.3 views

CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS6.1AI score0.00142EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/29 6:52 p.m.11 views

CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 6:52 p.m.15 views

CVE-2026-53428

Summary: The CVE describes an unbounded memory allocation in the mdex/native codepath when parsing a user-supplied highlight_lines range in Markdown code blocks, enabling a denial-of-service via memory exhaustion. The affected components are mdex (v0.11.0 before 0.12.3) and mdex_native (v0.1.0 be...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 6:50 p.m.14 views

CVE-2026-53427

The CVE-2026-53427 issue is a cross-site scripting vulnerability in leandrocp MDEx exposed via Markdown rendering. When render: full_info_string is enabled, the Lumis adapter copies a code fence’s highlight_lines_class info-string into per-line HTML class attributes, parsing key=value pairs via s...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 6:50 p.m.10 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 6:50 p.m.30 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS0.00405EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:50 p.m.4 views

EEF-CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Summary Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: \full\info\string: true\ ar...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 6:50 p.m.2 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS6AI score0.00405EPSS
Exploits0References10
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53306

In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.3CVSS0.00656EPSS
Exploits0References1
Rows per page
Query Builder