Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11902 matches found

OSV
OSVadded 2026/05/14 8:17 p.m.5 views

DEBIAN-CVE-2026-44638

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

2.5CVSS5.8AI score0.00018EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/14 7:59 p.m.29 views

CVE-2026-44638 libsixel: NULL pointer dereference

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

2.5CVSS0.00018EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/05/14 4:36 p.m.11 views

OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

5.3CVSS5.9AI score0.00059EPSS
Exploits0References6Affected Software2
Tenable Nessus
Tenable Nessusadded 2026/05/14 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-42946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When...

8.3CVSS5.9AI score0.0007EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.7 views

PT-2026-41034

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel decode raw and sixel decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter...

2.5CVSS5.8AI score0.00018EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/13 9:32 p.m.10 views

EUVD-2026-30138

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00019EPSS
Exploits0References2
NVD
NVDadded 2026/05/13 8:16 p.m.6 views

CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS0.00019EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/13 7:28 p.m.4 views

CVE-2026-28383 Grafana plugin resources can lead to unbounded memory allocation

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...

6.5CVSS5.8AI score0.00014EPSS
Exploits0References1
CVE
CVEadded 2026/05/13 7:28 p.m.16 views

CVE-2026-28376

CVE-2026-28376 affects the Grafana Live push endpoint. An authenticated user with access to the Grafana Live API can trigger unbounded memory allocation by sending a large or streaming request body, potentially causing out-of-memory conditions. The available documents describe the vulnerable comp...

6.5CVSS5.8AI score0.00019EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/13 7:28 p.m.5 views

CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00019EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinuxadded 2026/05/13 7:28 p.m.8 views

CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00019EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/13 7:28 p.m.28 views

CVE-2026-28376 Grafana Live push endpoint allows unbounded memory allocation leading to OOM

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS0.00019EPSS
Exploits0References1
NVD
NVDadded 2026/05/13 7:17 p.m.5 views

CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS0.00017EPSS
Exploits1References1
OSV
OSVadded 2026/05/13 7:17 p.m.2 views

UBUNTU-CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00017EPSS
Exploits1References3
OSV
OSVadded 2026/05/13 7:17 p.m.3 views

UBUNTU-CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS5.8AI score0.00017EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2026/05/13 6:6 p.m.8 views

CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS5.8AI score0.00017EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/13 6:6 p.m.28 views

CVE-2026-42582 Netty: HTTP/3 QPACK literal unbounded allocation

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS0.00017EPSS
Exploits1References1
NVD
NVDadded 2026/05/13 4:16 p.m.5 views

CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

8.3CVSS0.0007EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/13 4:16 p.m.6 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00019EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/13 3:17 p.m.5 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.00019EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder