Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/06/15 8:19 p.m.3 views

GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

7.5CVSS5.4AI score0.00052EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/03 12:0 a.m.6 views

PT-2026-46098

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

8.1CVSS5.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/06/02 12:0 a.m.9 views

Fedora 44 : dovecot (2026-96eeb03b88)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-96eeb03b88 advisory. CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA--PLUS channel binding could be faked...

9.1CVSS5.8AI score0.0039EPSS
Exploits1References7
Github Security Blog
Github Security Blogadded 2026/04/29 6:30 p.m.16 views

OpenTelemetry.Resources.Azure has an unbounded HTTP response body read

Summary OpenTelemetry.Resources.Azure reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory. This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle MitM to cause excessive memory allocation and possible process...

5.9CVSS5.5AI score0.00323EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/01/28 7:30 p.m.5 views

EUVD-2025-206445

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS5.9AI score0.00789EPSS
Exploits0References4
Redos
Redosadded 2025/04/02 12:0 a.m.11 views

ROS-20250402-02

A vulnerability in the WebTransport component of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the possibility of memory usage after release. Thunderbird is related to the possibility of memory usage after release. Exploitation of the vulnerability could allow a...

9.8CVSS8.7AI score0.01163EPSS
Exploits1
OSV
OSVadded 2020/06/15 5:15 p.m.4 views

DEBIAN-CVE-2020-14152

In IJG JPEG aka libjpeg before 9d, jpegmemavailable in jmemnobs.c in djpeg does not honor the maxmemorytouse setting, possibly causing excessive memory consumption...

7.1CVSS7AI score0.01488EPSS
Exploits0References1
Rows per page
Query Builder