Lucene search
K

677 matches found

Cvelist
Cvelist
added 2026/05/27 12:17 p.m.41 views

CVE-2026-45919 sched/rt: Skip currently executing CPU in rto_next_cpu()

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Skip currently executing CPU in rtonextcpu CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load...

0.0013EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.17 views

Amazon Linux 2023 : git-lfs (ALAS2023-2026-1722)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1722 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBU...

7.5CVSS7.4AI score0.00813EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rtonextcpu function in the RT scheduler not skipping the currently executing CPU. This allows...

5.8AI score0.0013EPSS
Exploits0References8
Amazon
Amazon
added 2026/05/26 12:0 a.m.16 views

Important: oci-add-hooks

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.23 views

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.4AI score0.00813EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/24 10:27 a.m.101 views

FortressWAF

FortressWAF — Web Application Firewall !Licensehttps://im...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/22 2:8 a.m.11 views

GO-2026-5016 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 3:34 p.m.16 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-61726 DESCRIPTION: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally...

10CVSS7.7AI score0.01945EPSS
Exploits4Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in unbound, bind9

The “Closest Encloser Proof” aspect of the DNS protocol as described in RFC 5155, when the guidance provided in RFC 9276 is skipped enables remote attackers to cause a denial of service resulting in high CPU usage for SHA-1 calculations through DNSSEC responses during a random subdomain attack,...

7.5CVSS7AI score0.81729EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 8:16 p.m.6 views

UBUNTU-CVE-2026-32739

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS5.7AI score0.0032EPSS
Exploits1References5
NVD
NVD
added 2026/05/19 12:16 p.m.20 views

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

7.5CVSS0.00743EPSS
Exploits0References7
Oracle linux
Oracle linux
added 2026/05/19 12:0 a.m.24 views

ruby:3.3 security update

ruby 3.3.10-6 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171255 3.3.10-5 - Upgrade to Ruby 3.3.10. Resolves: RHEL-127912 - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes...

8.1CVSS6.4AI score0.02364EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/17 11:0 p.m.24 views

CVE-2026-8769

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00561EPSS
Exploits1References4Affected Software1
CloudLinux
CloudLinux
added 2026/05/16 3:42 p.m.12 views

subversion: Fix of CVE-2018-11782

CVE-2018-11782: fix svnserve DoS via well-formed read-only get-deleted-rev request...

6.5CVSS6.7AI score0.02422EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.11 views

SUSE CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 8:16 p.m.34 views

CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 7:28 p.m.12 views

CVE-2026-33378 Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:28 p.m.60 views

CVE-2026-33378 Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.25 views

EUVD-2026-29890

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...

7.1CVSS5.8AI score0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:19 a.m.52 views

CVE-2026-8202

CVE-2026-8202 affects MongoDB Server prior to certain fixed versions: v7.0 before 7.0.34, v8.0 before 8.0.23, v8.2 before 8.2.9, and v8.3 before 8.3.2. The issue is a post-authentication CPU DoS caused by using a densely populated characters mask with large input strings in the MongoDB aggregatio...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder