Lucene search
K

1920 matches found

NVD
NVD
added yesterday8 views

CVE-2026-59938

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-59938

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS6AI score
Exploits0References5Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-59938

CVE-2026-59938 affects the Python PDF library pypdf. Before version 6.14.0, an attacker can craft a PDF with image size values declared much larger than actual data, causing large memory usage during pypdf image parsing. Root cause: mismatch between declared image dimensions and image data in the...

6.9CVSS6AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added yesterday32 views

CVE-2026-59938 pypdf: Possible large memory usage for wrong image dimensions

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-56560

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An unauthenticated MQTT client can cause the server to consume excessive memory by sending large incomplete MQTT CONNECT packets. The server retains these...

7.5CVSS5.9AI score
Exploits0References7
NVD
NVD
added 3 days ago8 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS0.00364EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel...

5.3CVSS6.1AI score0.0033EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 4:26 p.m.30 views

CVE-2026-56150 Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS0.00312EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.5 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS6.1AI score0.0068EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 10:16 p.m.6 views

DEBIAN-CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.5CVSS5.7AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 10:16 p.m.2 views

UBUNTU-CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS5.7AI score0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 9:59 p.m.17 views

CVE-2026-57204

CVE-2026-57204 affects the Python PDF library pypdf. Before version 6.13.3, a malicious PDF can trigger a DoS by causing excessive memory usage when parsing a content stream without a /Length value, due to MAX_DECLARED_STREAM_LENGTH being ignored. The issue is resolved in pypdf 6.13.3. The vulner...

6.9CVSS5.7AI score0.00206EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 11:31 a.m.2 views

OPENSUSE-SU-2026:21182-1 Security update for python-python-engineio

This update for python-python-engineio fixes the following issues: Changes in python-python-engineio: - CVE-2026-48802: remote user can cause the creation of unnecessary background threads in the server through the heartbeat mechanism and cause a DoS bsc1269544 - CVE-2026-48809: size of incoming...

5.8AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 12:53 p.m.8 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References5
Veeam
Veeam
added 2026/06/29 12:0 a.m.11 views

Release Information for Veeam Backup for Microsoft 365 8.5

Requirements This release can be used to: upgrade an existing v8, v8.1, v8.2, v8.3, or v8.4 deployment of Veeam Backup for Microsoft 365 to v8.5. install a new deployment of Veeam Backup for Microsoft 365 v8.5. After installing this release, the Veeam Backup for Microsoft 365 build number will be...

5.7AI score
Exploits0Affected Software1
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: nginx-1.30.3-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS7AI score0.03225EPSS
Exploits4
OSV
OSV
added 2026/06/25 8:17 p.m.2 views

DEBIAN-CVE-2026-46602

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 7:47 p.m.18 views

CVE-2026-46602

The CVE-2026-46602 issue affects the TIFF decoder in golang.org/x/image: it does not enforce a limit on tile sizes in tiled TIFF images, which can lead to unbounded memory consumption when processing a malicious or corrupted image with a very large tile. This is stated across multiple sources in ...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/23 10:47 a.m.5 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.9AI score0.0068EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 9:16 p.m.5 views

DEBIAN-CVE-2026-49461

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
Rows per page
Query Builder