PT-2026-24480

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.8.0 Description pypdf is a free and open-source pure-python PDF library. A crafted PDF file can cause excessive memory usage when parsed, specifically when processing a content stream with a large /Length value,...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2026-1292)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

Denial Of Service

pypdf is vulnerable to Denial Of Service. The vulnerability is due to unbounded processing of RunLengthDecode streams, where the content stream is parsed without proper memory usage checks and an attacker can craft a PDF that leads to large memory consumption...

Security update for grpc

This update for grpc fixes the following issue: CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS bsc1214148. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint

Summary The /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When MCPALLOWANONYMOUSACCESS=true is set required for the HTTP server to function without OAuth/API key,...

SUSE-SU-2026:20685-1 Security update for helm

This update for helm fixes the following issues: - Update to version 3.19.1: CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with quadratic complexity when parsing HTML documents bsc1251442 CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory consumption by...

OPENSUSE-SU-2026:20327-1 Security update for helm

This update for helm fixes the following issues: - Update to version 3.19.1: CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with quadratic complexity when parsing HTML documents bsc1251442 CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory consumption by...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

SUSE CVE-2025-22891

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: resource-agents (UTSA-2026-005593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005593 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

SUSE-SU-2026:20694-1 Security update for docker

This update for docker fixes the following issues: - CVE-2025-58181: an invalid number of mechanisms may cause unbounded memory consumption bcs1253904...

Alibaba Cloud Linux 3 : 0042: go-toolset:an8 (ALINUX3-SA-2026:0042)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0042 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-61726: The net/url package does n...

CLSA-2026-1772576264 containernetworking-plugins: Fix of 3 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in handling inbound media downloads across multiple channels, where configured byte limits are not consistently enforced before...

CVE-2026-28351

A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file that, when parsed, leads to excessive memory consumption. This occurs specifically when processing the content stream using the RunLengthDecode...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

Linux Distros Unpatched Vulnerability : CVE-2026-28351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large...