CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1889 matches found

OSV•added 2025/12/17 4:16 p.m.•0 views

UBUNTU-CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS7.1AI score0.00166EPSS

Exploits1References3

Debian CVE•added 2025/12/17 12:0 a.m.•4 views

CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS7.6AI score0.00244EPSS

Exploits1

RedhatCVE•added 2025/12/15 4:38 p.m.•3 views

CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

8.9CVSS6.8AI score0.00533EPSS

Exploits0References5

Veracode•added 2025/12/13 7:51 a.m.•5 views

Denial-of-service (DoS)

pypdf is vulnerable to Denial-of-service DoS. The vulnerability is due to improper handling of the LZWDecode filter while parsing a PDF page content stream, which allows an attacker to craft a malicious PDF that triggers excessive memory usage...

8.7CVSS5.9AI score0.00402EPSS

Exploits0References5Affected Software1

Veracode•added 2025/12/13 7:24 a.m.•11 views

Denial Of Service (DoS)

urllib3 is vulnerable to Denial-Of-Service DoS. The vulnerability is due to improper handling of highly compressed data in the streaming API, where decompression continues until the requested chunk size is satisfied, allowing a small, highly compressed response to be fully decompressed in a singl...

8.9CVSS7.3AI score0.00533EPSS

Exploits0References2Affected Software2

SUSE CVE•added 2025/12/12 12:24 a.m.•0 views

SUSE CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

5.3CVSS6.8AI score0.00533EPSS

Exploits0References22

RedHat Linux•added 2025/12/09 8:32 a.m.•0 views

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

7.8CVSS7.2AI score0.07107EPSS

Exploits1References5

FreeBSD•added 2025/12/08 12:0 a.m.•6 views

powerdns-recursor -- Denial of Service

PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor 2026-01: Crafted zones can lead to increased resource usage in Recursor...

7.5CVSS5.5AI score0.00486EPSS

Exploits0References3

Tenable Nessus•added 2025/12/08 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-66471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed...

8.9CVSS6.9AI score0.00533EPSS

Exploits0References3

Tenable Nessus•added 2025/12/08 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-66418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was...

8.9CVSS6.8AI score0.00533EPSS

Exploits0References2

Github Security Blog•added 2025/12/05 6:15 p.m.•11 views

urllib3 streaming API improperly handles highly compressed data

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.7AI score0.00533EPSS

Exploits0References4Affected Software1

OSV•added 2025/12/05 6:15 p.m.•3 views

GHSA-GM62-XV2J-4W53 urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

8.9CVSS6.7AI score0.00533EPSS

Exploits0References4

OSV•added 2025/12/05 5:16 p.m.•3 views

AZL-71849 CVE-2025-66471 affecting package python-urllib3 1.26.19-3

8.9CVSS6.8AI score0.00533EPSS

Exploits0References1

OSV•added 2025/12/05 5:16 p.m.•9 views

AZL-71837 CVE-2025-66471 affecting package python-urllib3 for versions less than 2.0.7-3

8.9CVSS6.9AI score0.00533EPSS

Exploits0References1