golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

SUSE SLES15 Security Update : yq (SUSE-SU-2026:2096-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2096-1 advisory. This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be...

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

UBUNTU-CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

SUSE-SU-2026:2096-1 Security update for yq

This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTM...

CVE-2026-3603

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit...

PT-2026-43374

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 Interim Fix 001 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 Interim Fix 001 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through...

SUSE-SU-2026:21827-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

CLSA-2026-1779093100 binutils: Fix of 6 CVEs

CVE-2022-38533: fix heap buffer overflow in bfdgetl32 from stripmain with crafted COFF file - CVE-2022-47007: fix memory leak in stabdemanglev3arg in stabs.c - CVE-2022-47008: fix memory leak in maketempdir and maketempname in bucomm.c - CVE-2022-47010: fix memory leak in prfunctiontype in...

Svelte devalue: DoS via sparse array deserialization

devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption...

CVE-2026-8280

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation...

CVE-2026-8280 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation...

CVE-2026-44577

CVE-2026-44577 affects Next.js self-hosted Image Optimization API when using the default image loader. From 10.0.0 through versions before 15.5.16 and 16.2.5, local images are read entirely into memory without a maximum size limit, enabling potential Out-Of-Memory conditions via requests to /_nex...

Denial Of Service (DoS)

brace-expansion is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of brace patterns with a zero step value, which allows an attacker to trigger infinite loops and excessive memory consumption...

Astra Linux - уязвимость в python-django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter consumes significant memory when dealing with a string representation of a number in scientific notation with a large exponent...

Astra Linux - уязвимость в libsoup2.4

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

CLEANSTART-2026-OL12277 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the kor package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

TencentOS Server 4: nodejs20 (TSSA-2026:0186)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0186 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

OESA-2026-2065 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. of CVE-2022-22815,CVE-2022-22816 Security Fixes: Pillow is a Python imaging library. Versions 10.3.0...