Lucene search
K

7233 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-57918

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::X509 versions prior to 2.1.3 Description A heap out-of-bounds read occurs when processing a long certificate extension Object Identifier OID in hv exts. This happens during the construction of the extension hash through the...

6.1AI score0.00106EPSS
Exploits0References6
NVD
NVD
added 5 days ago7 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-57209

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.10.0-lts Description An issue exists where the tool import functionality in apps/tools/serializers/tool.py and the MCP referencing mode in apps/application/chat pipeline/step/chat step/impl/base chat step.py do not...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Langflow < 1.0.19 DoS (CVE-2026-55446)

The version of Langflow installed on the remote host is prior to 1.0.19. It is, therefore, affected by a denial of service vulnerability: - An attacker can send a /api/v1/files/upload/ request without any authentication and abuse a very long multipart form boundary to make the Langflow applicatio...

7.5CVSS6.2AI score0.00321EPSS
Exploits1References2
CVE
CVE
added last week9 views

CVE-2026-59937

CVE-2026-59937 affects the Python PDF library pypdf prior to 6.14.0. A crafted PDF with repeated malformed cross-reference streams can cause pypdf to spend long runtimes recovering broken cross-reference table entries, resulting in high impact on availability. The issue is fixed in version 6.14.0...

7.5CVSS6AI score0.00345EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-59937 pypdf: Possible long runtimes for repeated malformed cross-reference entries

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...

6.9CVSS0.00345EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-59937

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...

6.9CVSS6AI score0.00345EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added last week4 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-54268

A flaw was found in the @angular/common package of the Angular framework. A remote attacker could exploit a Denial of Service DoS vulnerability in the formatDate function, which is also used by the Angular DatePipe, by providing an excessively long and maliciously crafted date format string. This...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References6
CVE
CVE
added last week12 views

CVE-2026-59925

The CVE-2026-59925 affects Mistune, a Python Markdown parser. Before version 3.3.0, long sequences of well-formed emphasis markers (/x / or /x * around a character) trigger quadratic work in src/mistune/inline_parser.py by scanning for matching close markers from each opening run, enabling denial...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added last week5 views

EUVD-2026-42335

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score0.00358EPSS
Exploits1References3
Cvelist
Cvelist
added last week36 views

CVE-2026-59925 inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS0.00358EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added last week4 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
NVD
NVD
added last week8 views

CVE-2026-10708

This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the...

7.5CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added last week11 views

CVE-2026-10708

CVE-2026-10708 — Summary (Adalo platform) Affected: Adalo’s database API across V1/V2 applications (notably via a minimal leaderboard component). Root cause: Wildcard Cross‑Origin Resource Sharing (CORS), long‑lived JWTs (~20 days) stored client‑side, and absence of token revocation/ownership che...

7.5CVSS6AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added last week35 views

CVE-2026-10708 Insufficiently Protected Credentials

This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the...

0.00158EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added last week5 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/08 12:37 a.m.9 views

EUVD-2026-42127

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

6AI score0.00392EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-56422

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.5CVSS6.1AI score0.00338EPSS
Exploits0References3
Rows per page
Query Builder