CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1885 matches found

OSV•added 2026/03/18 11:29 a.m.•4 views

OPENSUSE-SU-2026:20386-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5: - CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates bsc1258542 - CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce...

7.5CVSS6.8AI score0.00046EPSS

Exploits4References18

Veracode•added 2026/03/18 7:47 a.m.•4 views

Denial Of Service (DoS)

github.com/elastic/beats is vulnerable to Denial of Service DoS. The vulnerability is due to improper resource management when processing integrated IPv4 fragments, which allows an unauthenticated remote attacker to send malicious fragments that trigger excessive memory and CPU allocation...

5.3CVSS5.9AI score0.00129EPSS

Exploits0References3Affected Software2

CNNVD•added 2026/03/18 12:0 a.m.•4 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 16.0.1 to 16.1.7 had a security vulnerability. This vulnerability stemmed from requests containing the next-resume: 1 header, which would buffer the request body under certain settings, without consistently enforcing...

7.5CVSS5.9AI score0.0002EPSS

Exploits0References4

Tenable Nessus•added 2026/03/17 12:0 a.m.•4 views

EulerOS Virtualization 2.12.0 : brotli (EulerOS-SA-2026-1476)

According to the versions of the brotli package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression...

7.5CVSS7.1AI score0.00034EPSS

Exploits0References2

Tenable Nessus•added 2026/03/16 12:0 a.m.•2 views

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2026-1591)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...

8.9CVSS6.5AI score0.00025EPSS

Exploits0References3

Tenable Nessus•added 2026/03/16 12:0 a.m.•4 views

EulerOS 2.0 SP12 : python-urllib3 (EulerOS-SA-2026-1409)

8.9CVSS6.5AI score0.00025EPSS

Exploits0References4

Tenable Nessus•added 2026/03/15 12:0 a.m.•1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-urllib3 (UTSA-2026-006157)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006157 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded...

8.9CVSS6.7AI score0.00025EPSS

Exploits0References4

OSV•added 2026/03/13 8:37 p.m.•2 views

GHSA-PHC3-FGPG-7M6H Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

5.9CVSS5.7AI score0.0002EPSS

Exploits0References5

ATTACKERKB•added 2026/03/12 8:13 p.m.•2 views

CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

5.9CVSS5.7AI score0.0002EPSS

Exploits0References4

Vulnrichment•added 2026/03/12 8:13 p.m.•5 views

CVE-2026-2581 undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS

5.9CVSS5.7AI score0.0002EPSS

Exploits0References3

OSV•added 2026/03/12 6:41 p.m.•6 views

CLSA-2026-1773309522 osbuild-composer: Fix of 4 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVEs - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs - CVE-2025-61728: reduce CPU usage in index construction - CVE-2025-61726: limit...

10CVSS7.1AI score0.00025EPSS

Exploits4References1

OSV•added 2026/03/12 1:58 p.m.•6 views

CLSA-2026-1773323876 go-rpm-macros: Fix of CVE-2025-61726

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing...

7.5CVSS7.1AI score0.00025EPSS

Exploits0References1

SUSE CVE•added 2026/03/11 4:49 p.m.•0 views

SUSE CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

5.5CVSS5.7AI score0.00005EPSS

Exploits0References3

RedHat Linux•added 2026/03/11 5:24 a.m.•2 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00019EPSS

Exploits1References8