Lucene search
K

271 matches found

OSV
OSV
added 2026/01/16 7:16 p.m.5 views

UBUNTU-CVE-2026-23490

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2...

7.5CVSS7.2AI score0.00679EPSS
Exploits0References6
CVE
CVE
added 2026/01/16 7:3 p.m.105 views

CVE-2026-23490

CVE-2026-23490 affects the Python ASN.1 library pyasn1. Prior to 0.6.2, a Denial-of-Service condition can cause memory exhaustion via malformed RELATIVE-OID with excessive continuation octets. The issue is fixed in 0.6.2. Affected versions are those before the upgrade; CVSS v3.1 base score is 7.5...

7.5CVSS6.4AI score0.00679EPSS
Exploits0References56Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/07 11:52 p.m.5 views

CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

9.8CVSS7.5AI score0.00342EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2025/12/24 1:16 p.m.7 views

CVE-2023-54110

In the Linux kernel, the following vulnerability has been resolved: usb: rndishost: Secure rndisquery check against int overflow Variables off and len typed as uint32 in rndisquery function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a...

5.9AI score0.00184EPSS
Exploits0References9
OSV
OSV
added 2025/12/05 6:19 p.m.2 views

GHSA-4QG8-FJ49-PXJH Sigstore Timestamp Authority allocates excessive memory during request parsing

Impact Excessive memory allocation Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type header which is also untrusted data on an application string...

7.5CVSS6.8AI score0.00411EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/05 6:19 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the api.ParseJSONRequest or api.getContentType functions. An attacker can cause excessive memory consumption by sending requests with either an excessively long OID containing man...

7.5CVSS6.8AI score0.00411EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/05 6:19 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the api.ParseJSONRequest or api.getContentType functions. An attacker can cause excessive memory consumption by sending requests with either an excessively long OID containing man...

7.5CVSS6.8AI score0.00411EPSS
Exploits0References2
NVD
NVD
added 2025/12/04 11:15 p.m.8 views

CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS0.00411EPSS
Exploits0References2
OSV
OSV
added 2025/12/04 11:15 p.m.4 views

UBUNTU-CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References4
OSV
OSV
added 2025/12/04 10:37 p.m.4 views

CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2025/11/29 9:3 a.m.8 views

node-forge ASN.1 OID Integer Truncation

...

6.3CVSS7AI score0.00276EPSS
Exploits0
CVE
CVE
added 2025/11/26 10:23 p.m.36 views

CVE-2025-66030

CVE-2025-66030 (node-forge) is a vulnerability in the Forge/ node-forge TLS implementation for JavaScript. The issue is an integer overflow in versions 1.3.1 and earlier, allowing remote, unauthenticated attackers to craft ASN.1 structures with oversized arcs. These arcs can be decoded as smaller...

6.3CVSS6.5AI score0.00276EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/26 10:23 p.m.5 views

CVE-2025-66030 node-forge ASN.1 OID Integer Truncation

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

6.3CVSS6.8AI score0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/26 10:23 p.m.5 views

EUVD-2025-199768

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

6.3CVSS6.4AI score0.00276EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.6 views

node-forge 输入验证错误漏洞

node-forge is a software application. A WebJar for node-forge. An input validation error vulnerability exists in node-forge 1.3.1 and prior versions, which stems from an integer overflow that could allow a remote, unauthenticated attacker to bypass OID-based security decisions...

6.3CVSS4.6AI score0.00276EPSS
Exploits0References3
NVD
NVD
added 2025/11/25 8:16 p.m.4 views

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

4.3CVSS0.00214EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.9 views

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

0.00214EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2001-1302

Malware in sbrugna...

7.5CVSS6.4AI score0.05796EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-9171

Malware in sbrugna...

7.5CVSS7.6AI score0.04128EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-16767

Malware in sbrugna...

9.8CVSS9.2AI score0.03261EPSS
Exploits1References17
Rows per page
Query Builder