Lucene search
K

679 matches found

Cvelist
Cvelist
added last week32 views

CVE-2026-49866 libp2p: CPU DoS via oversized IHAVE and IWANT control message arrays

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronousl...

7.5CVSS0.00446EPSS
Exploits0References4
Cvelist
Cvelist
added last week37 views

CVE-2026-59873 node-tar: Decompression/parse DoS via unlimited input

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS0.00358EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.7 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS6.9AI score0.00244EPSS
Exploits1References5
OSV
OSV
added 2026/06/30 11:31 a.m.2 views

OPENSUSE-SU-2026:21182-1 Security update for python-python-engineio

This update for python-python-engineio fixes the following issues: Changes in python-python-engineio: - CVE-2026-48802: remote user can cause the creation of unnecessary background threads in the server through the heartbeat mechanism and cause a DoS bsc1269544 - CVE-2026-48809: size of incoming...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/26 8:19 p.m.7 views

GHSA-JQC5-2P7Q-FQFC Hysteria: http large header with sniff cause server DoS

Summary Sending an excessively large header by an attacker could lead to a server-side DoS attack. Details The current sniff implementation does not explicitly specify the upper limit for HTTP headers. Attackers can continuously send excessively large headers without including \r\n\r\n, leading t...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5457 Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc

Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc...

5.8AI score0.0009EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:12 a.m.6 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and ifix. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP...

7.5CVSS5.9AI score0.00625EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.12 views

CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

8.7CVSS0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50829

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP affected versions not specified Description An Expected Behavior Violation allows a remote attacker to cause a denial-of-service DoS condition. By continuously...

8.7CVSS5.9AI score0.00367EPSS
Exploits0References7
NVD
NVD
added 2026/06/18 5:16 p.m.13 views

CVE-2025-32422

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, StepThroughItemsBlock can iterate all the contents in a list and send them to FileStoreBlock for downloading one by one. Although FileStoreBlock has access...

8.7CVSS0.00276EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.10 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.14 views

RockyLinux 9 : podman (RLSA-2026:26447)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26447 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

7.5CVSS5.5AI score0.00621EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48807

Name of the Vulnerable Software and Affected Versions Arc versions prior to 26.06.1 Description Arc registers Go net/http/pprof handlers at the /debug/pprof/ endpoint. Due to a configuration where /debug/pprof is added to PublicPrefixes and the authentication middleware short-circuits before toke...

8.8CVSS6AI score0.0009EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 3:16 p.m.14 views

CVE-2026-49232

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...

8.7CVSS0.00333EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/08 1:19 p.m.12 views

AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload

Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-20167

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this...

7.7CVSS5.5AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of a bot mitigation mechanism in the /v1/account/register registration path, which may allow malicious automated syste...

9.1CVSS5.3AI score0.00243EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/02 10:30 a.m.18 views

How Leading Organizations Are Turning EDR Into Operational Resilience

Most organizations now recognize that endpoint protection alone is no longer sufficient. That's why adoption of endpoint detection and response EDR has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require...

5.9AI score
Exploits0
CloudLinux
CloudLinux
added 2026/05/30 10:23 a.m.21 views

bind: Fix of CVE-2026-1519

CVE-2026-1519: Limit NSEC3 iterations when validating referrals to unsigned delegations to avoid excessive CPU consumption...

7.5CVSS5.4AI score0.01545EPSS
Exploits0
OSV
OSV
added 2026/05/27 2:17 p.m.8 views

UBUNTU-CVE-2026-45919

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Skip currently executing CPU in rtonextcpu CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References11
Rows per page
Query Builder