Lucene search
K

1908 matches found

FreeBSD
FreeBSD
added 2026/04/29 12:0 a.m.10 views

Prosody XMPP server advisory 2026-04-29

The Prosody team reports: Traffic patterns were discovered which can cause Prosody to consume excessive amounts of memory with much smaller amounts of incoming traffic. This traffic can be sent by unauthenticated connections. It was discovered that modproxy65’s access control was broken and...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/04/28 10:43 p.m.5 views

GHSA-63CW-R7XF-JMWR CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...

8.7CVSS5.6AI score0.00672EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/28 10:43 p.m.10 views

CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...

8.7CVSS5.5AI score0.00672EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/28 11:53 a.m.10 views

SUSE-SU-2026:1641-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. - CVE-2026-27855: OTP...

7.5CVSS5.4AI score0.0079EPSS
Exploits5References15
Fedora
Fedora
added 2026/04/25 1:52 a.m.10 views

[SECURITY] Fedora 44 Update: nginx-1.28.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

8.8CVSS8.6AI score0.21621EPSS
Exploits0
NVD
NVD
added 2026/04/24 3:16 a.m.6 views

CVE-2026-41309

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

8.2CVSS0.00369EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 6:22 p.m.8 views

CVE-2026-41173

OpenTelemetry.Sampler.AWS is affected by an unbounded HTTP response body read in the AWS X-Ray remote sampler prior to 0.1.0-alpha.8. The AWSXRaySamplerClient.DoRequestAsync call reads the entire HTTP response into memory (ReadAsStringAsync) without size limits, enabling an attacker controlling o...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:3 p.m.4 views

CVE-2026-40894

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References7Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.6 views

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20598-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20598-1 advisory. Changes in python-PyPDF2: - CVE-2026-40260: crafted PDF can lead to large memory usage bsc1262284 Tenable has extracted the preceding description block...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 2:16 p.m.5 views

CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

7.5CVSS0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 9:37 a.m.32 views

CVE-2026-33257 Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS0.00514EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:37 a.m.5 views

CVE-2026-33257

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References4Affected Software3
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/22 12:0 a.m.11 views

Security update for python-PyPDF2 (moderate)

openSUSE security update: security update for python-pypdf2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20598-1 Rating: moderate References: bsc1262284 Cross-References: CVE-2026-40260 Affected Products: openSUSE Leap 16.0...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 9:43 a.m.5 views

OPENSUSE-SU-2026:20598-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-40260: crafted PDF can lead to large memory usage bsc1262284...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 1:17 a.m.7 views

CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

6.9CVSS0.00423EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 1:15 p.m.6 views

SUSE-SU-2026:21208-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

8.2CVSS5.8AI score0.0079EPSS
Exploits6References21
Veracode
Veracode
added 2026/04/16 8:45 a.m.6 views

Memory Limit Bypass

LiquidJS is vulnerable to Memory Limit Bypass. The vulnerability is due to the replace filter incorrectly accounting for memory usage when the memoryLimit option is enabled, where an attacker who controls template content can bypass the memoryLimit DoS protection with approximately 2,500x...

5.3CVSS5.8AI score0.00495EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 10:31 p.m.3 views

CVE-2026-35034 Jellyfin: Potential Application DoS from excessively large SyncPlay group names

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in the SyncPlay group creation endpoint POST /SyncPlay/New, where an authenticated user can create groups with names of unlimited size due to insufficient input validation. By...

6.5CVSS5.9AI score0.0026EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/13 12:51 p.m.2 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.2 views

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

5.9CVSS7AI score0.00566EPSS
Exploits0References7
Rows per page
Query Builder