Lucene search
K

5669 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.18 views

SUSE SLES15 Security Update : yq (SUSE-SU-2026:2096-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2096-1 advisory. This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be...

7.5CVSS7.1AI score0.00781EPSS
Exploits1References13
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:37 p.m.11 views

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS5.8AI score0.00791EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2026/05/28 4:16 p.m.11 views

UBUNTU-CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:20 p.m.8 views

SUSE-SU-2026:2096-1 Security update for yq

This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTM...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References9
NVD
NVD
added 2026/05/26 7:16 p.m.16 views

CVE-2026-3603

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit...

7.1CVSS0.00354EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43374

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 Interim Fix 001 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 Interim Fix 001 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 11:51 a.m.13 views

SUSE-SU-2026:21827-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

9.1CVSS6.7AI score0.01557EPSS
Exploits3References13
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter consumes significant memory when dealing with a string representation of a number in scientific notation with a large exponent...

7.5CVSS6.7AI score0.012EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 8:31 a.m.10 views

CLSA-2026-1779093100 binutils: Fix of 6 CVEs

CVE-2022-38533: fix heap buffer overflow in bfdgetl32 from stripmain with crafted COFF file - CVE-2022-47007: fix memory leak in stabdemanglev3arg in stabs.c - CVE-2022-47008: fix memory leak in maketempdir and maketempname in bucomm.c - CVE-2022-47010: fix memory leak in prfunctiontype in...

6.5CVSS6.8AI score0.00895EPSS
Exploits4References1
Github Security Blog
Github Security Blog
added 2026/05/14 8:23 p.m.12 views

Svelte devalue: DoS via sparse array deserialization

devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/14 6:16 a.m.24 views

CVE-2026-8280

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation...

6.5CVSS0.00295EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 5:33 a.m.8 views

CVE-2026-8280 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 5:0 p.m.42 views

CVE-2026-44577

CVE-2026-44577 affects Next.js self-hosted Image Optimization API (default image loader) from versions 10.0.0 up to before 15.5.16 and 16.2.5. The vulnerability causes the API to fetch local images entirely into memory without a maximum size limit, enabling potential Out-Of-Memory conditions when...

7.5CVSS5.8AI score0.00705EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2026/05/07 6:23 p.m.18 views

Denial Of Service (DoS)

brace-expansion is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of brace patterns with a zero step value, which allows an attacker to trigger infinite loops and excessive memory consumption...

7.5CVSS6.2AI score0.0043EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/04/30 1:1 a.m.8 views

CLEANSTART-2026-OL12277 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the kor package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

9.8CVSS7.3AI score0.00804EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.14 views

TencentOS Server 4: nodejs20 (TSSA-2026:0186)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0186 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS7.7AI score0.0115EPSS
Exploits0References5
OSV
OSV
added 2026/04/25 5:49 a.m.7 views

OESA-2026-2065 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. of CVE-2022-22815,CVE-2022-22816 Security Fixes: Pillow is a Python imaging library. Versions 10.3.0...

8.7CVSS5.4AI score0.00671EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/24 9:30 a.m.22 views

Grafana Tempo has an Uncontrolled Resource Consumption issue

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.8AI score0.00645EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/04/24 2:31 a.m.15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via DoRequestAsync. An attacker in control of a configured endpoint can cause excessive memory consumption and potentially terminate the process by supplying a large HTTP response bod...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.17 views

PT-2026-34868

Name of the Vulnerable Software and Affected Versions Tempo affected versions not specified Description Queries with large limits can cause excessive memory allocations, which may impact service availability depending on the deployment strategy. Recommendations Set the max result limit in the...

7.5CVSS5.9AI score0.00645EPSS
Exploits0References12
Rows per page
Query Builder