Moderate: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-9801

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

BIT-ARGO-WORKFLOWS-2026-42294 Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

GHSA-3G76-F9XQ-8VP6 Vert.x has a DoS via unbounded server-side SNI SslContext cache growth

Potential unbounded server-side SNI SslContext cache growth in Vert.x TLS handling, with = resource-exhaustion / DoS impact. On affected versions, matching server-side SNI names are cached via computeIfAbsentserverName, ... in a serverName-keyed SslContext cache. The implementation differs slight...

CLSA-2026-1778255734 dovecot: Fix of 2 CVEs

CVE-2026-27858: bound managesieve-login AUTHENTICATE initial response size to prevent memory exhaustion DoS before authentication - CVE-2025-59032: fix managesieve-login crash when AUTHENTICATE command did not finish on the first call due to literal SASL initial response...

OESA-2026-2194 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

OESA-2026-2193 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

OESA-2026-2192 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

Security Bulletin: Vulnerabilities in python affects IBM Netezza Appliance

Summary The python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-12084, CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-12084 DESCRIPTION: When building nested elements using xml.dom.minidom methods such as appendChild that have a...

Security Bulletin: Vulnerability in platform-python affects IBM Netezza Appliance

Summary The platform-python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-13836 DESCRIPTION: When reading an HTTP response from a server, if no read amount is specified, the default behavior wi...

CVE-2026-35405 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts...

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

Summary For some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. Impact If an application uses Request.post an attacker can send a specially crafted multipart request to force significant temporary memory allocation even when the request is ultimate...

CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754

Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...

CVE-2026-29112

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

CVE-2026-20021

A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service DoS condition. Thi...