Lucene search
K

11 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-59887

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS0.00346EPSS
Exploits0References3
CVE
CVE
added 6 days ago7 views

CVE-2026-59868

The CVE-2026-59868 Issue: js-yaml (JavaScript YAML parser/dumper) is vulnerable when merge keys are enabled. From versions 5.0.0 up to 5.2.0, a chain of mappings using merge keys can cause quadratic CPU time on documents that grow linearly, leading to DoS under some inputs. A fix was released in ...

7.5CVSS6AI score0.00291EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0035EPSS
Exploits1References5
CVE
CVE
added 6 days ago13 views

CVE-2026-59869

js-yaml (JavaScript YAML parser) is affected by a resource-consumption issue in merge-key chains that can cause quadratic CPU time as documents grow linearly. Affected versions are 3.0.0–3.14.x and 4.0.0–4.2.x; the issue is fixed in 3.15.0 and 4.3.0. Impact is described as high availability (A:H)...

7.5CVSS6AI score0.0035EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 6 days ago6 views

CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS6.5AI score0.00358EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:14 p.m.5 views

CVE-2026-48511

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51395

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The ExpandoObjectFormatter.Deserialize function populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. Because...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/10 8:17 p.m.15 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00378EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/10 5:54 p.m.3 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00378EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/12 6:13 a.m.5 views

EUVD-2025-203029

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

7.5CVSS6.3AI score0.00378EPSS
Exploits0References3
OSV
OSV
added 2024/08/19 7:15 p.m.6 views

AZL-47860 CVE-2024-7592 affecting package python3 for versions less than 3.9.19-4

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS6.7AI score0.02303EPSS
Exploits1References1
Rows per page
Query Builder