Lucene search
K

11669 matches found

CVE
CVE
added 3 hours ago4 views

CVE-2026-56810

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 7 hours ago5 views

nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames

A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service...

7.5CVSS6.4AI score0.00656EPSS
Exploits0References5
NVD
NVD
added 10 hours ago4 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

Exploits0References3
CVE
CVE
added 10 hours ago9 views

CVE-2026-14803

CVE-2026-14803 affects Mojo::JSON versions before 9.47 for Perl, enabling memory exhaustion via unbounded recursion in the pure-Perl decoder. The recursive path in _decode_value->(_decode_array|_decode_object) has no depth limit, so deeply nested, untrusted JSON can exhaust memory and induce D...

6AI score
Exploits0References3
Cvelist
Cvelist
added 10 hours ago7 views

CVE-2026-14803 Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

Exploits0References2
EUVD
EUVD
added 10 hours ago7 views

EUVD-2026-41798

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6AI score
Exploits0References2
CVE
CVE
added 3 days ago24 views

CVE-2026-11586

The CVE-2026-11586 issue affects curl’s WebSocket handling: curl auto-responds to PING frames and has no upper bound on memory allocation for unacknowledged frames, enabling memory exhaustion via rapid PING floods. Affected are curl versions prior to 8.21.0 (e.g., 8.16.0). Remediation: upgrade to...

6AI score0.00206EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41500

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

6AI score0.00206EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-48044

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted, highly compressed zstd payload to an Envoy proxy with zstd decompression enabled. This can lead to massive memory allocation, causing severe memory...

7.5CVSS5.7AI score0.00486EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-58465

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score0.00555EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41417

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score0.00555EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-58465 Eclipse Wakaama CoAP Block1 Handler Unbounded Memory Allocation DoS

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS0.00555EPSS
Exploits0References4
CVE
CVE
added 4 days ago14 views

CVE-2026-58465

The CVE affects Eclipse Wakaama before snapshot/2026-05-26, with an unbounded memory allocation in the CoAP Block1 handler (coap/block.c). Unauthenticated remote attackers can exhaust memory by sending a sequence of Block1 PUT requests with incrementing block numbers to the registration endpoint ...

8.7CVSS6AI score0.00555EPSS
Exploits0References4
OSV
OSV
added 4 days ago2 views

SUSE-SU-2026:2673-1 Security update for bind

This update for bind fixes the following issues: Security issues: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free vulnerabilit...

9.8CVSS6.7AI score0.01844EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-11946

A flaw was found in open62541. An unauthenticated remote attacker can exploit a vulnerability in the GetEndpoints Discovery Service by sending a malformed request with an excessively long, unvalidated endpointUrl field. This can lead to the server buffering large amounts of data indefinitely,...

7.5CVSS5.8AI score0.00386EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-47262

A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS6AI score0.00386EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS0.00386EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-11946 GetEndpoints Memory Exhaustion in open62541

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS0.00386EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-11946

CVE-2026-11946 affects open62541 (1.4.0–1.4.16, 1.5.0–1.5.4, master). An unauthenticated remote attacker can exhaust server memory through GetEndpoints by sending an oversized endpointUrl in GetEndpointsRequest; length is not validated, allowing ~4.09 GB strings split across chunks, buffered in R...

7.5CVSS5.8AI score0.00386EPSS
Exploits0References3
Rows per page
Query Builder