Lucene search
K

485 matches found

RedHat Linux
RedHat Linux
added 5 days ago6 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS6AI score0.00761EPSS
Exploits0References9
CVE
CVE
added 2026/07/04 7:0 p.m.27 views

CVE-2026-14647

ONNX Runtime (onnxruntime) up to 1.21.x is affected by CVE-2026-14647 due to a weakness in convPoolShapeInference_opset19 in ONNX’s old.cc (onnx/defs/nn). The root cause is an out-of-bounds read introduced in this path, enabling remote exploitation. Public exploits exist per the description. Reme...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.5 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.7 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of...

9.8CVSS6.2AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.19 views

CVE-2026-14122

The CVE-2026-14122 entry describes an issue in Google Chrome on Windows affecting the WebAppInstalls component of Chromium. The root cause is insufficient validation of untrusted input, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. The vulnerability impacts C...

8.1CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.5 views

CVE-2026-14122

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...

8.1CVSS6AI score0.00239EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54397

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in WebAppInstalls allows a remote attacker to perform arbitrary read and write operations via a crafted HTML page. Recommendations Update Goog...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References448
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-512 Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...

10CVSS7.5AI score0.02592EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5264 Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus

Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.7 views

CVE-2026-37452

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component...

5.9AI score0.00398EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.15 views

EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2026-2405)

According to the versions of the libssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...

7.5CVSS5.3AI score0.00631EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.12.0 : libssh (EulerOS-SA-2026-2105)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...

8.2CVSS5.9AI score0.00631EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.12 views

CVE-2026-46830

Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...

5.3CVSS5.4AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 12:53 p.m.11 views

EUVD-2026-33301

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/28 10:25 p.m.8 views

CVE-2026-9911

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.5AI score0.00209EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/25 11:57 p.m.13 views

CVE-2026-42154

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Netatalk 后置链接漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.2 to 4.4.2 of Netatalk had a post-release vulnerability due to improper link resolution. This vulnerability could allo...

8.1CVSS6AI score0.00477EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of after-free in Media in Google Chrome before version 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.5AI score0.0055EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Chromium

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.1CVSS7.5AI score0.01442EPSS
Exploits0References2
Rows per page
Query Builder