Lucene search
K

486 matches found

SUSE CVE
SUSE CVE
added 2026/06/04 2:29 a.m.12 views

SUSE CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

3.1CVSS5.1AI score0.00287EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.18 views

SUSE CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

7.5CVSS5.7AI score0.00295EPSS
Exploits0References6
OSV
OSV
added 2026/06/03 2:16 a.m.7 views

DEBIAN-CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

2.3CVSS4.4AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-45899

A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

3.1CVSS5.1AI score0.00287EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/30 11:45 p.m.10 views

CVE-2026-10156

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handleamfinfo in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nfinfopool can lead to resource consumption. The attack may be performed from...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 7:35 p.m.11 views

CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

5.8AI score0.00353EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 4:37 p.m.3 views

CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

5.3CVSS6AI score0.00791EPSS
Exploits0References11
NVD
NVD
added 2026/05/27 2:17 p.m.21 views

CVE-2026-7528

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

7.5CVSS0.00215EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/05/25 12:0 a.m.5 views

The vulnerability of the activesupport component in the Ruby on Rails software framework allows a hacker to trigger a service failure.

The vulnerability of the activesupport component in the Ruby on Rails software framework is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.3AI score0.0061EPSS
Exploits0References12Affected Software4
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:1 p.m.14 views

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References5
NVD
NVD
added 2026/05/17 11:17 p.m.27 views

CVE-2026-8769

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS0.00561EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.19 views

PT-2026-41781

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing check in the MNG coder allows for reading more images than the list limit policy permits, which can lead to excessive resource consumption...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References131
Microsoft CVE
Microsoft CVE
added 2026/05/15 8:2 a.m.22 views

Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

...

8.7CVSS5.8AI score0.00431EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.12 views

SUSE CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

5.9CVSS5.8AI score0.0068EPSS
Exploits0References9
OSV
OSV
added 2026/05/13 7:17 p.m.11 views

DEBIAN-CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.19 views

CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS0.00455EPSS
Exploits0References5
OSV
OSV
added 2026/05/13 4:16 p.m.10 views

PYSEC-2026-142

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

7.5CVSS5.8AI score0.0068EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.13 views

go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion

Impact Multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2026/05/13 3:17 p.m.10 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0
OSV
OSV
added 2026/05/13 3:17 p.m.2 views

CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS6.3AI score0.0068EPSS
Exploits0References50
Rows per page
Query Builder