UBUNTU-CVE-2026-32739

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

PT-2026-36986

Name of the Vulnerable Software and Affected Versions Net::IMAP affected versions not specified Description Net::IMAP::ResponseReader exhibits quadratic time complexity when processing large responses containing numerous string literals. A hostile server can send specially crafted responses that...

CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

CVE-2026-33983 FreeRDP: Progressive Codec Quant BYTE Underflow - UB + CPU DoS

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

Mattermost fails to properly handle very long passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

CVE-2026-24458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

PT-2026-25699

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.3.0 and earlier Mattermost versions 11.2.2 and earlier Mattermost versions 10.11.10 and earlier Description The software does not correctly manage very long passwords. This allows an attacker to exhaust server resources,...

NewStart CGSL MAIN 6.06 (SP) : python3 Multiple Vulnerabilities (NS-SA-2026-0032)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has python3 packages installed that are affected by multiple vulnerabilities: - Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path whi...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

bind9: bind: SIG(0) can be used to exhaust CPU resources

A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG0...

Suricata 安全漏洞

Suricata is a suite of network intrusion detection system IDS, intrusion prevention system IPS, and network security monitoring engine developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

DoS против MS ISA (UDP flood)

Флуд фрагементированными UDP-пакетами приводит к полной загрузке процессора...