699328 matches found
CVE-2026-54000
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
CVE-2026-33382
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...
CVE-2026-53653
Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...
CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
CVE-2026-55687 ESF-IDF: Stack-Based Out-of-Bounds Write in JPEG Decoder DQT Marker Parsing
ESF-IDF is the Espressif Internet of Things IOT Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpegparsedqtmarker in components/espdriverjpeg/jpegparsemarker.c because the attacker-controlled DQT marker Tq nibble is used as an inde...
EUVD-2026-42939
ESF-IDF is the Espressif Internet of Things IOT Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpegparsedqtmarker in components/espdriverjpeg/jpegparsemarker.c because the attacker-controlled DQT marker Tq nibble is used as an inde...
CVE-2026-55687
CVE-2026-55687 describes a stack-based out-of-bounds write in the Espressif ESF-IDF JPEG decoder marker parsing (jpeg_parse_dqt_marker). The attack uses the attacker-controlled DQT marker Tq nibble as an index into the qt_tbl array without validating it is within 0..3, enabling malformed JPEG inp...
CVE-2026-54063 Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...
EUVD-2026-42938
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...
CVE-2026-54063
Excelize CVE-2026-54063: The library vulnerable due to checkSheet() using attacker-controlled row attribute to allocate memory for xlsxRow slices without enforcing the Excel row limit. This can cause (A) out-of-memory leading to process kill and (B) runtime panic from out-of-bounds indexing when ...
CVE-2026-61455
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...
CVE-2026-56366
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...
CVE-2026-56329
Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...
CVE-2026-8609
Grafana CVE-2026-8609 describes an unauthenticated denial-of-service via repeated requests to the OAuth login route. The issue allows an attacker to trigger unbounded memory growth, potentially exhausting memory and crashing the Grafana instance. The entry provides CVSS v3.1 data (AV:N/AC:L/PR:N/...
CVE-2026-8609 Pre-authentication denial of service via the OAuth login route
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...
EUVD-2026-42921
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...
CVE-2026-8609 Pre-authentication denial of service via the OAuth login route
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...
CVE-2026-8609
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...
EUVD-2026-42920
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...
CVE-2026-33382
CVE-2026-33382 affects Grafana API endpoints that may process unbounded request bodies, including unauthenticated ones. The underlying issue is lack of input size limits, allowing very large payloads to trigger excessive memory allocation and potential denial of service. The CVSS v3.1 base score ...