Lucene search
K

146 matches found

NVD
NVD
added 2026/05/04 8:16 p.m.20 views

CVE-2026-7768

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS0.00284EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/28 11:23 p.m.15 views

OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure

Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...

5.3CVSS5.4AI score0.00311EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/22 5:40 p.m.9 views

@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +90 more potentially affected by CVE-2026-41690 via i18next-http-middleware (>=3.0.2 <=3.9.2)

i18next-http-middleware NPM version =3.0.2, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.0, =0.0.1, =0.0.229 and more Source cves: CVE-2026-41690 Source advisory: SNYK:JS-I18NEXTHTTPMIDDLEWARE-16415526...

8.6CVSS5.7AI score0.0031EPSS
Exploits0
NVD
NVD
added 2026/03/18 1:16 a.m.5 views

CVE-2026-27980

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

7.5CVSS0.00683EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 12:23 a.m.5 views

CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

6.9CVSS5.8AI score0.00683EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 12:23 a.m.31 views

CVE-2026-27980

Next.js versions 10.0.0 through 16.1.6 expose an unbounded disk cache in the image optimization feature at /_next/image, allowing denial of service via cache growth. The root cause is a lack of an upper bound on the disk cache; the fix in v16.1.7 adds an LRU-backed disk cache and an eviction poli...

7.5CVSS5.8AI score0.00683EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/18 12:23 a.m.7 views

CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

6.9CVSS5.9AI score0.00683EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/17 4:17 p.m.9 views

Next.js: Unbounded next/image disk cache growth can exhaust storage

Summary The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. Impact An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impa...

7.5CVSS5.8AI score0.00683EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/migratedevice: Do not add the “folio” to be freed to the LRU list during migratedevicefinalize. If the migration succeeds, we call foliomigrateflags-memcgroupmigrate to migrate the memcg from the old to the new “folio”. This...

5.5CVSS6.4AI score0.00198EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005108)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005108 advisory. In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr Commit 73f576c04b94 mm: memcontrol: fix cgroup...

4.7CVSS6.6AI score0.00229EPSS
Exploits0References3
Fedora
Fedora
added 2026/01/20 1:42 a.m.8 views

[SECURITY] Fedora 43 Update: rust-lru-0.16.3-1.fc43

A LRU cache implementation...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/01/20 1:38 a.m.4 views

[SECURITY] Fedora 42 Update: rust-lru-0.16.3-1.fc42

A LRU cache implementation...

5.9AI score
Exploits0
UbuntuCve
UbuntuCve
added 2025/12/30 1:16 p.m.6 views

CVE-2023-54283

In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...

5.9AI score0.00177EPSS
Exploits0References10
OSV
OSV
added 2025/12/30 1:16 p.m.5 views

UBUNTU-CVE-2023-54283

In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...

5.7AI score0.00177EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2025/12/30 12:23 p.m.3 views

CVE-2023-54283

In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...

5.4AI score0.00177EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/12/30 12:8 p.m.4 views

CVE-2023-54165

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...

5.3AI score0.00155EPSS
Exploits0
OSV
OSV
added 2025/12/30 12:8 p.m.4 views

CVE-2023-54165 zsmalloc: move LRU update from zs_map_object() to zs_malloc()

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...

6.3AI score0.00155EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.8 views

PT-2025-53994

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-0 fbk3 rc3 hoangnhatpzsdynshrv41 10870 g85a9558a25de Description The Linux kernel contains an issue within the zsmalloc subsystem related to the timing of Least Recently Used LRU list updates. The LRU upda...

6.4AI score0.00155EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2025/12/25 9:3 a.m.8 views

bpf: Free special fields when update [lru_,]percpu_hash maps

...

5.5CVSS5.4AI score0.00171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-54033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: fix a memory leak in the LRU and LRUPERCPU hash maps The LRU and LRUPERCPU maps allocate a new element on update before locking the target hash table bucke...

5.9AI score0.00157EPSS
Exploits0References3
Rows per page
Query Builder