Lucene search
K

135 matches found

Snyk
Snyk
added 5 days ago5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59928

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing a specially crafted Markdown document containing numerous repeated or distinct reference-link definitions. This can lead to excessive processing, causing CPU exhaustion and a...

7.5CVSS6AI score0.00366EPSS
Exploits1References6
CVE
CVE
added 6 days ago9 views

CVE-2026-56669

Elysia (a TypeScript framework for request validation, type inference, OpenAPI docs, and client-server communication) contains a vulnerability (CVE-2026-56669) caused by using getAll in form data normalization for multipart/form-data endpoints prior to 1.4.29. This leads to quadratic growth in wo...

7.5CVSS6AI score0.00358EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago4 views

PT-2026-56508

Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description A flaw in the Python Markdown parser occurs when the strikethrough, mark, or insert plugins scan for matching markers from each possible start position. Specifically, a sequence of closed tilde,...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/29 10:3 a.m.8 views

ImageMagick: ImageMagick: Denial of Service via crafted MIFF file

A flaw was found in ImageMagick. A remote attacker could provide a specially crafted MIFF Magick Image File Format file, which, due to a missing check in the MIFF decoder, would lead to an infinite loop. This vulnerability results in CPU exhaustion, causing a Denial of Service DoS for the affecte...

7.5CVSS5.8AI score0.01849EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.7 views

CVE-2026-55199

A vulnerability in libssh2 allows a malicious SSH server to freeze connected clients during the handshake process. By sending a malformed packet, the server triggers a loop that exhausts the client's CPU, resulting in a denial of service. Mitigation To mitigate this issue, ensure your libssh2...

8.2CVSS5.9AI score0.00408EPSS
Exploits1References6
NVD
NVD
added 2026/06/22 6:16 p.m.42 views

CVE-2026-53539

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead...

7.5CVSS0.00263EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that...

8.2CVSS7AI score0.00408EPSS
Exploits1References3
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Concurrent Ruby - `AtomicReference#update` livelocks when the stored value is `Float::NAN`

Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...

8.2CVSS5.9AI score0.00278EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2026/06/16 7:32 p.m.10 views

Denial Of Service (DoS)

markdown-it is vulnerable to Denial of Service DoS. The vulnerability is due to quadratic-time processing in the smartquotes rule when typographer: true is enabled, which allows an attacker to supply specially crafted markdown containing consecutive quotation marks and consume excessive CPU...

5.3CVSS5.2AI score0.00306EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/12 12:0 p.m.20 views

RUSTSEC-2026-0179 Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service

A malicious, compromised, or man-in-the-middle server can supply an arbitrarily large SCRAM-SHA-256 PBKDF2 iteration count during authentication. The client runs it inline with no upper bound, pinning a tokio worker thread for minutes per connection, possibly stalling the whole async runtime...

8.7CVSS5.5AI score
Exploits0References4
EUVD
EUVD
added 2026/06/10 9:30 p.m.11 views

EUVD-2026-36162

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the iss...

7.5CVSS5.4AI score0.01849EPSS
Exploits4References1
CVE
CVE
added 2026/06/10 9:30 p.m.48 views

CVE-2026-46522

CVE-2026-46522 : ImageMagick’s MIFF decoder contains a missing input-length check in ReadMIFFImage, causing an infinite loop that can exhaust CPU. This affects pre-fix releases prior to 7.1.2.23 and 6.9.13-48. The issue’s impact is CPU exhaustion (availability) as described in multiple advisories...

7.5CVSS5.4AI score0.01849EPSS
Exploits4References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.4AI score0.00784EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40863

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

7.5CVSS5.5AI score0.00395EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/02 3:24 p.m.8 views

CVE-2026-45680 OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2026/06/02 8:1 a.m.16 views

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward

...

7.5CVSS5.4AI score0.00373EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

ImageMagick security vulnerabilities

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. ImageMagick has security vulnerabilities; these vulnerabilities stem from infinite loops in the MIFF decoder, which can lead to CPU...

5.8AI score0.01849EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

synapse 安全漏洞

Synapse is an open-source matrix main server developed by Element. Versions prior to 1.152.1 of Synapse contained a security vulnerability. This vulnerability occurred due to locally authenticated users being able to exhaust CPU resources, causing other requests to fail and leading to...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References1
Rows per page
Query Builder