CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

OSV•added 2026/03/24 10:16 p.m.•2 views

GHSA-XW6W-9JJH-P9CR Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation

Summary Scriban's expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls LimitToString, LoopLimit do not protect these paths, giving...

6.5CVSS6AI score

Exploits0References2

RedhatCVE•added 2026/03/23 7:4 a.m.•3 views

CVE-2026-4602

A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the modPow function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature...

8.7CVSS5.7AI score0.00078EPSS

Exploits1References7

Vulnrichment•added 2026/03/23 5:0 a.m.•0 views

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS5.8AI score0.00012EPSS

Exploits1References4

Snyk•added 2026/02/21 2:3 a.m.•2 views

Division by zero

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key...

5.9CVSS5.8AI score0.00012EPSS

Exploits1References2

Snyk•added 2026/02/21 2:3 a.m.•4 views

Division by zero

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RS...

5.9CVSS5.9AI score0.00012EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 8:44 a.m.•1 views

CVE-2024-23086

Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPowdouble. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been...

9.8CVSS6.7AI score0.00146EPSS

Exploits0References1

OSV•added 2024/04/08 8:15 p.m.•1 views

CVE-2024-23086

9.8CVSS8.1AI score

Exploits0References3

UbuntuCve•added 2024/04/08 8:15 p.m.•14 views

CVE-2024-23086

9.8CVSS5.9AI score0.00146EPSS

Exploits0References4

OSV•added 2024/04/08 8:15 p.m.•0 views

UBUNTU-CVE-2024-23086

DISPUTED Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPowdouble. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may...

9.8CVSS5.8AI score0.00146EPSS

Exploits0References5

Positive Technologies•added 2024/04/08 12:0 a.m.•2 views

PT-2024-19665 · Apfloat · Apfloat

Name of the Vulnerable Software and Affected Versions: Apfloat version 1.10.1 Description: A stack overflow issue was discovered in the component org.apfloat.internal.DoubleModMath::modPowdouble. However, the existence of this issue is disputed by multiple third parties due to potentially...

9.8CVSS9.5AI score0.00146EPSS

Exploits0References15

Debian CVE•added 2024/04/08 12:0 a.m.•13 views

CVE-2024-23086

Removed by vendor...

9.8CVSS9.1AI score0.00146EPSS

Exploits0

Vulnrichment•added 2024/04/08 12:0 a.m.•13 views

CVE-2024-23086

7.9AI score0.00146EPSS

Exploits0References3

CVE•added 2024/04/08 12:0 a.m.•59 views

CVE-2024-23086

CVE-2024-23086 concerns Apfloat v1.10.1 with a stack overflow in org.apfloat.internal.DoubleModMath::modPow(double, double). The issue is disputed by third parties regarding its existence; no concrete exploit details or remediation are provided in the supplied documents. Connected sources identif...

9.8CVSS7.8AI score0.00146EPSS

Exploits0References3Affected Software1

CVE•added 2005/02/13 5:0 a.m.•44 views

CVE-2004-1440

Summary: CVE-2004-1440 affects PuTTY before 0.55. The modpow function suffers heap-based buffer overflows that allow remote attackers to execute arbitrary code via a crafted SSH2 packet (base argument larger than mod argument). A second impact is a possible denial of service (client crash) and ar...

7.5CVSS7.9AI score0.03466EPSS

Exploits0References7Affected Software1