Lucene search
K

413 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 1:28 p.m.12 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40030

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can cause uncontrolled memory usage via excessive bracing over IMAP. A previous fix was incomplete as it only blocked closing braces, allowing the memory limit to be bypassed using op...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References30
OSV
OSV
added 2026/05/09 12:31 p.m.10 views

OESA-2026-2219 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References9
OSV
OSV
added 2026/05/09 12:30 p.m.11 views

OESA-2026-2217 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-39154

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILE UPLOAD MAX MEMORY SIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/06 10:52 p.m.8 views

CVE-2026-43240

A flaw was found in the Linux kernel's x86/kexec component. When a second-stage kernel is booted with a memory-limiting command, the Integrity Measurement Architecture IMA kexec buffer may be located outside the accessible memory range. This can lead to a kernel panic, effectively causing a Denia...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/06 6:2 p.m.10 views

CVE-2026-43129

A flaw was found in the Linux kernel's Integrity Measurement Architecture IMA subsystem. When a second-stage kernel is booted via kexec with a memory-limiting command line, the IMA measurement buffer from the previous kernel may fall outside the new kernel's addressable memory. This out-of-bounds...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 11:27 a.m.17 views

CVE-2026-43129

The CVE-2026-43129 issue stems from the Linux kernel IMA subsystem: when booting a second-stage kernel via kexec with a memory-limited command line, the IMA measurement buffer from the previous kernel could lie outside the new kernel’s addressable RAM, causing an early-page fault on x86_64. The f...

5.5CVSS6AI score0.00122EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.27 views

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/05 6:33 p.m.14 views

EUVD-2026-27381

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.12 views

Django has an Improper Handling of Length Parameter Inconsistency

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/05/05 4:16 p.m.23 views

PYSEC-2026-54

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to b...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/05 4:16 p.m.9 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS0.00423EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/05 2:49 p.m.12 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0
CVE
CVE
added 2026/05/05 2:49 p.m.26 views

CVE-2026-5766

CVE-2026-5766 affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. An ASGI request with a missing or understated Content-Length can bypass FILE_UPLOAD_MAX_MEMORY_SIZE, potentially loading large files into memory and degrading service. The issue is mitigated by applying the patched releases (6.0...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 2:49 p.m.10 views

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:42 p.m.4 views

CVE-2026-31602

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...

7.8CVSS5.3AI score0.00131EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:31 a.m.33 views

CVE-2026-41309 Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

8.2CVSS0.00369EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/24 2:31 a.m.4 views

CVE-2026-41309 Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

8.2CVSS5.4AI score0.00369EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/21 12:0 a.m.8 views

Security update for python-Django (important)

openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20578-1 Rating: important References: bsc1261722 bsc1261724 bsc1261729 bsc1261731 bsc1261732 Cross-References: CVE-2026-33033 CVE-2026-33034...

6.9CVSS5.7AI score0.00769EPSS
Exploits1References5
Rows per page
Query Builder