Lucene search
+L

1973 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-62389

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS0.0045EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-60379

Name of the Vulnerable Software and Affected Versions affected versions not specified Description When used with the permessage-deflate extension, a WebSocket server or client may accept messages exceeding the configured maximum size. This occurs because the size limit is validated against the...

6.3CVSS5.3AI score
Exploits0References8
OSV
OSV
added 2026/07/09 10:34 p.m.4 views

CVE-2026-59857 Vim: Out-of-bounds Write in SAL Soundfolding

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6.1AI score0.00107EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/09 2:40 p.m.3 views

openssh: OpenSSH: Denial of Service via excessive GSSAPI authentication attempts

A flaw was found in OpenSSH's Secure Shell Daemon sshd. This vulnerability allows a remote attacker to cause a denial of service by initiating an excessive number of authentication attempts. The issue arises from the mishandling of the MaxAuthTries setting specifically when using...

7.5CVSS6.1AI score0.00407EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/08 12:20 a.m.38 views

CVE-2026-55432 Coder's sub-agent app registration bypasses template port-sharing policy enforcement

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS0.00315EPSS
Exploits0References6
NVD
NVD
added 2026/07/08 12:16 a.m.9 views

CVE-2026-55079

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

6.5CVSS0.00611EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/08 12:14 a.m.7 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS6AI score0.00407EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/07/08 12:14 a.m.7 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

7.5CVSS6AI score0.00407EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 11:50 p.m.8 views

CVE-2026-55079 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

4.9CVSS6AI score0.00611EPSS
Exploits0References8
Veracode
Veracode
added 2026/07/07 11:58 a.m.5 views

Improper Authorization

The CreateSubAgent RPC is vulnerable to improper authorization. The vulnerability is due to the failure to validate the requested app sharing level against the template's maximum allowed sharing level before persisting workspace apps, which allows a workspace owner to exceed the...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1956 TensorFlow has Null Pointer Error in SparseSparseMaximum

Impact When SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. python import tensorflow as tf tf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, Patches We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00439EPSS
Exploits1References6
NVD
NVD
added 2026/07/06 9:16 p.m.7 views

CVE-2026-21370

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...

5.3CVSS0.0006EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-21379

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value...

7.8CVSS0.0007EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/07/06 9:8 p.m.7 views

Coder's sub-agent app registration bypasses template port-sharing policy enforcement

Summary The CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum. Note: Exploitation requires the ability to register sub-agent apps in...

5.4CVSS6AI score0.00315EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 8:54 p.m.6 views

GHSA-F962-QM93-MJ4C Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...

4.9CVSS6AI score0.00611EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:43 p.m.4 views

GHSA-GV83-GQW6-9J2C GoFiber never set HSTS header in helmet middleware due to incorrect protocol check

Summary The helmet middleware in gofiber/fiber never sets the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is explicitly configured, because the condition check at helmet.go:67 uses c.Protocol — which returns the HTTP protocol version string e.g., "HTTP/1.1", "HTTP/2.0" —...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/06 8:9 p.m.5 views

EUVD-2026-41929

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value...

7.8CVSS6AI score0.0007EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.6 views

CVE-2026-21379

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value...

7.8CVSS6AI score0.0007EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.5 views

CVE-2026-21370

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 8:9 p.m.5 views

EUVD-2026-41928

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References1
Rows per page
Query Builder