CVE-2026-32049

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

SUSE CVE-2026-33219

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

OpenClaw Denial of Service Vulnerability (CNVD-2026-16053)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that can be exploited by attackers to cause increased memory usage and process instability...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions prior to 2.11.15 and 2.12.6 of Nats-Server. These vulnerabilities allowed malicious clients to exploit unlimited memor...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from specially crafted TIFF files that may cause excessive memory allocation during image...

Allocation of Resources Without Limits or Throttling

Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...

NATS is vulnerable to pre-auth DoS through WebSockets client service

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server offers a WebSockets client service, used in deployments where browsers are the NATS clients. Problem Description A malicious...

CVE-2026-33332

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

Allocation of Resources Without Limits or Throttling

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the File Manager’s bulk download functionality due to improper memory management when creating zip archives. An attacker can cau...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181

Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...

DEBIAN-CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

CVE-2026-33320

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

GHSA-2J26-FRM8-CMJ9 Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

Security update for docker-stable

This update for docker-stable fixes the following issues: CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

SUSE CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

Denial Of Service

pypdf is vulnerable to Denial of Service. The vulnerability is due to inefficient decoding of array-based streams, where accessing an array-based stream with many entries leads to long runtimes and large memory usage, and attackers can exploit it by crafting a malicious PDF with a large array-bas...