CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

292 matches found

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44194

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00303EPSS

Exploits0References3

ATTACKERKB•added 2026/05/04 4:40 p.m.•1 views

CVE-2026-42440

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...

5.9AI score0.00189EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/04 4:40 p.m.•3 views

CVE-2026-42440 Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader

5.8AI score0.00189EPSS

Exploits0References1

CNNVD•added 2026/05/04 12:0 a.m.•5 views

Apache OpenNLP 安全漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. There is a security vulnerability in Apache OpenNLP, which stems from AbstractModelReader not verifying whether the counts in array assignments are non-negative or within a reasonable range. This could lea...

7.5CVSS5.8AI score0.00189EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в tomcat9

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. The following versions were EOL at the time the CVE was created but are known to be...

8.6CVSS8.4AI score0.00413EPSS

Exploits0References2

Veracode•added 2026/02/16 9:24 a.m.•3 views

Denial Of Service (DoS)

Undertow is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of large HTTP parameter names in HttpServletRequestImpl.getParameterNames, where excessively large parameter names supplied by a client can cause unbounded memory allocation during request parsing,...

7.5CVSS5.6AI score0.00381EPSS

Exploits0References4Affected Software1

UbuntuCve•added 2026/01/30 3:16 p.m.•2 views

CVE-2024-4027

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

7.5CVSS5.9AI score0.00381EPSS

Exploits0References3

Tenable Nessus•added 2025/11/20 12:0 a.m.•2 views

TencentOS Server 4: tomcat (TSSA-2024:0569)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0569 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.6CVSS7.8AI score0.00413EPSS

Exploits0References2