Lucene search
+L

425 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44156

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.26.0 Description The built-in strip html filter uses a regular expression containing four flawed lazy-quantified alternatives. When processing input with numerous script, style, or !-- opener tokens that lack...

7.5CVSS5.2AI score0.00385EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.21 views

PT-2026-44154

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.26.0 Description An issue exists in the date filter's strftime implementation where width specifiers, such as %9999999d, are parsed and passed unchecked into the pad and padStart functions. In the...

7.5CVSS5.2AI score0.00385EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions prior to 2.0.0 through 4.0.1, which stems from a WebSocket client that does not set an upper limit on memory consumption, potentially leading to resource exhaustion...

8.7CVSS5.8AI score0.00825EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/20 2:0 p.m.19 views

kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...

7.8CVSS6.6AI score0.00168EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Fedora 44 : python-django6 (2026-de6e24ae07)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-de6e24ae07 advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.9AI score0.00879EPSS
Exploits1References10
EUVD
EUVD
added 2026/05/12 3:31 p.m.12 views

EUVD-2026-29473

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 1:28 p.m.25 views

CVE-2026-42006

CVE-2026-42006 affects Dovecot IMAP servers; the issue is uncontrolled memory usage caused by excessive bracing over IMAP, arising from an incomplete fix to CVE-2026-27857. Public advisories across multiple distros (Debian, Ubuntu, Fedora, SUSE) document vulnerable dovecot packages and partial/ne...

7.5CVSS5.7AI score0.00454EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/12 1:28 p.m.12 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:28 p.m.15 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

7.5CVSS5.7AI score0.00667EPSS
Exploits1References2
OSV
OSV
added 2026/05/12 1:28 p.m.2 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.9AI score0.00454EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40030

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can cause uncontrolled memory usage via excessive bracing over IMAP. A previous fix was incomplete as it only blocked closing braces, allowing the memory limit to be bypassed using op...

7.5CVSS5.8AI score0.00454EPSS
Exploits0References42
OSV
OSV
added 2026/05/09 12:31 p.m.11 views

OESA-2026-2219 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References9
OSV
OSV
added 2026/05/09 12:30 p.m.13 views

OESA-2026-2217 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39154

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILE UPLOAD MAX MEMORY SIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/06 10:52 p.m.8 views

CVE-2026-43240

A flaw was found in the Linux kernel's x86/kexec component. When a second-stage kernel is booted with a memory-limiting command, the Integrity Measurement Architecture IMA kexec buffer may be located outside the accessible memory range. This can lead to a kernel panic, effectively causing a Denia...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/06 6:2 p.m.10 views

CVE-2026-43129

A flaw was found in the Linux kernel's Integrity Measurement Architecture IMA subsystem. When a second-stage kernel is booted via kexec with a memory-limiting command line, the IMA measurement buffer from the previous kernel may fall outside the new kernel's addressable memory. This out-of-bounds...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.29 views

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

0.00122EPSS
Exploits0References5
CVE
CVE
added 2026/05/06 11:27 a.m.21 views

CVE-2026-43129

The CVE-2026-43129 issue stems from the Linux kernel IMA subsystem: when booting a second-stage kernel via kexec with a memory-limited command line, the IMA measurement buffer from the previous kernel could lie outside the new kernel’s addressable RAM, causing an early-page fault on x86_64. The f...

5.5CVSS6AI score0.00122EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/06 11:27 a.m.2 views

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/05 6:33 p.m.18 views

EUVD-2026-27381

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4
Rows per page
Query Builder