CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

PT-2026-40027

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can upload a malicious Sieve script via the 'ManageSieve' service or local access to bypass configured CPU time limits for Sieve by up to 130 times the limit. This can lead to degrade...

GHSA-428G-F7CQ-PGP5 Marshmallow has DoS in Schema.load(many)

Impact Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. Patches 4.1.2, 3.26.2 Workarounds py Fail fast def loadmanyschema, data, kwargs: if not isinstancedata, list: raise ValidationError'Invalid...

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

[SECURITY] Fedora 39 Update: stalld-1.19.2-1.fc39

The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHEDDEADLINE policy. The default is to allow 10 microseconds...

DEBIAN-CVE-2023-25577

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

nodejs-minimatch: Regular expression denial-of-service

A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...

Check Point Software Firewall-1 4.0/1 4.1 Fragmented Packets DoS

No description provided by source. source: http://www.securityfocus.com/bid/1312/info By sending illegally fragmented packets directly to or routed through Check Point FireWall-1, it is possible to force the firewall to use 100% of available processor time logging these packets. The FireWall-1...

Microsoft Windows Universal Plug and Play service (UPNP) fails to limit the data returned in response to a NOTIFY message

Overview Microsoft Windows Universal Plug and Play UPnP is vulnerable to a denial-of-service attack that could negatively affect the performance of vulnerable machines. Description Universal Plug and Play UPnP is a system designed to allow network devices to operate together. One of the UPnP...