Lucene search
K

13 matches found

NVD
NVD
added 2026/06/30 9:16 a.m.11 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.6 views

Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Impact Given a malformed % case % tag without associated % when % or % else % block, and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack. Patches The issue is fixed in...

7.1CVSS5.8AI score0.00451EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50737

Name of the Vulnerable Software and Affected Versions @tinacms/mdx versions prior to 2.1.7 tinacms versions prior to 3.9.3 Description Rich-text parsing and the default link/image renderers fail to sanitize the url field on Slate link/image nodes. This allows content containing javascript: or...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/04 1:56 p.m.15 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/03 10:4 a.m.12 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/19 7:25 p.m.18 views

CVE-2026-45186

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/29 10:10 p.m.2 views

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

6.5AI score0.00626EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-33587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7AI score0.02267EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 1:51 p.m.10 views

BIT-LIBPYTHON-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

7.5CVSS6.5AI score0.03502EPSS
Exploits0References30
Debian CVE
Debian CVE
added 2023/03/10 12:0 a.m.36 views

CVE-2023-27530

A DoS vulnerability exists in Rack v3.0.4.2, v2.2.6.3, v2.1.4.3 and v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected...

7.5CVSS6.4AI score0.0183EPSS
Exploits0
FreeBSD
FreeBSD
added 2023/03/03 12:0 a.m.31 views

rack -- possible DoS vulnerability in multipart MIME parsing

Aaron Patterson reports: The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected...

7.5CVSS7.7AI score0.0183EPSS
Exploits0References1
OSV
OSV
added 2018/07/16 5:29 p.m.3 views

ALPINE-CVE-2018-0361

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file...

3.3CVSS8.5AI score0.01621EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2018/07/16 5:0 p.m.8 views

CVE-2018-0361

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file...

6.6AI score0.01621EPSS
Exploits0References4
Rows per page
Query Builder