Lucene search
K

621 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-53433

A flaw was found in fzf, a command-line fuzzy finder. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a crafted POST request with many small segments to the --listen mode. The inefficient HTTP body processing, which uses repeated string concatenation, leads...

7.5CVSS5.8AI score
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-38060

js-toml vulnerable to CPU exhaustion via On^2 BigInt construction on radix-prefixed integer literals...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-38385

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 6 days ago33 views

CVE-2026-13311

The CVE affects the shell-quote library prior to version 1.8.5. The parse() function accumulates tokens by using Array.prototype.concat as a reduce accumulator, causing O(n^2) time relative to token count and enabling a potential denial of service by blocking the Node.js event loop with small, at...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-13311 shell-quote parse() is quadratic in token count, enabling denial of service

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS0.0036EPSS
Exploits0References2
NVD
NVD
added last week15 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:5 p.m.26 views

CVE-2026-49851 Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:5 p.m.9 views

CVE-2026-49851

Mistune (Python Markdown parser) prior to 3.3.0 is vulnerable to CPU exhaustion DoS due to quadratic-time behavior in parse_link_text when parsing many consecutive '[' characters. The code repeatedly scans input with a regex inside a loop, yielding O(n^2) runtime on affected inputs and enabling a...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/24 5:5 p.m.5 views

CVE-2026-49851 Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52033

Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description A CPU exhaustion Denial of Service DoS occurs due to superlinear approximately On² behavior in the parse link text function. When processing Markdown containing numerous consecutive characters, the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 1:16 p.m.9 views

CVE-2026-54892

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS0.00707EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/23 12:31 p.m.39 views

CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS0.00707EPSS
Exploits0References8
OSV
OSV
added 2026/06/23 12:31 p.m.4 views

EEF-CVE-2026-54892 Plug: quadratic-time decoding of nested query/body parameters enables denial of service

Summary Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decode\each/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-48511

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

7.5CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:14 p.m.24 views

CVE-2026-48511 MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

6.3CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:14 p.m.5 views

CVE-2026-48511

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 9:14 p.m.13 views

CVE-2026-48511

Summary: CVE-2026-48511 affects MessagePack for C# where ExpandoObjectFormatter.Deserialize inserts map entries into ExpandoObject via IDictionary.Add. This insertion pattern, coupled with ExpandoObject’s internal array-like member storage, can trigger repeated linear scans and array copies, caus...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 9:14 p.m.5 views

CVE-2026-48511 MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.21 views

CVE-2026-53539

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead...

7.5CVSS0.00263EPSS
Exploits0References1
Rows per page
Query Builder