CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

Cvelist•added 2026/05/25 2:0 p.m.•30 views

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS0.00049EPSS

Exploits1References4

OpenVAS•added 2026/03/30 12:0 a.m.•2 views

Fedora: Security Advisory (FEDORA-2026-c5273647fa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS5.9AI score0.00044EPSS

Exploits0References3

Tenable Nessus•added 2026/03/28 12:0 a.m.•3 views

Fedora 43 : mongo-c-driver (2026-cc129df978)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cc129df978 advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

3.7CVSS6AI score0.00044EPSS

Exploits0References2

OSV•added 2025/11/03 9:18 p.m.•2 views

CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

5.5CVSS6.8AI score

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-37285

Malicious code in bioql PyPI...

9.6CVSS6.6AI score0.00646EPSS

Exploits0References2

OSV•added 2025/02/28 3:32 p.m.•1 views

OESA-2025-1196 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starti...

6.5CVSS6.6AI score0.00139EPSS

Exploits0References2

Github Security Blog•added 2025/02/10 5:42 p.m.•32 views

Possible DoS by memory exhaustion in net-imap

Summary There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is connected, a malicious server can send can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser...

6.5CVSS6.4AI score0.00139EPSS

Exploits0References10Affected Software1

Snyk•added 2025/02/10 4:41 p.m.•2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS through the response parser which uses Rangetoa to convert the uid-set data into arrays of integers, without limitations on the expanded size of the ranges. Details Denial of Service DoS describes a family of...

7.1CVSS7AI score0.00139EPSS

Exploits0References2

Snyk•added 2025/02/10 4:41 p.m.•2 views

Denial of Service (DoS)

Overview org.jruby:jruby-stdlib is a JRuby Lib Setup package. Affected versions of this package are vulnerable to Denial of Service DoS through the response parser which uses Rangetoa to convert the uid-set data into arrays of integers, without limitations on the expanded size of the ranges...

7.1CVSS6.8AI score0.00139EPSS

Exploits0References2

OSV•added 2025/02/10 4:15 p.m.•1 views

DEBIAN-CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

6.5CVSS6.6AI score0.00139EPSS

Exploits0References1

NVD•added 2025/02/10 4:15 p.m.•5 views

CVE-2025-25186

6.5CVSS0.00139EPSS

Exploits0References4

Debian CVE•added 2025/02/10 3:55 p.m.•9 views

CVE-2025-25186

6.5CVSS6.6AI score0.00139EPSS

Exploits0

Vulnrichment•added 2025/02/10 3:55 p.m.•17 views

CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion

6.5CVSS6.3AI score0.00139EPSS

Exploits0References4

CVE•added 2025/02/10 3:55 p.m.•295 views

CVE-2025-25186

CVE-2025-25186 concerns Net::IMAP in Ruby. The DoS arises from the IMAP response parser reading highly compressed uid-set data without limiting expansion, potentially exhausting memory while a client remains connected. Fixed in versions 0.3.8, 0.4.19, 0.5.6, and later; affected range includes 0.3...

6.5CVSS6.2AI score0.00139EPSS

Exploits0References4

RubySec•added 2025/02/10 12:0 a.m.•16 views

Possible DoS by memory exhaustion in net-imap

6.5CVSS6.4AI score0.00139EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/02/05 8:38 a.m.•4 views

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

9.6CVSS6.9AI score0.00646EPSS

Exploits0References1

NVD•added 2024/06/24 5:15 p.m.•25 views

CVE-2024-38373

9.6CVSS0.00646EPSS

Exploits0References2

Vulnrichment•added 2024/06/24 4:23 p.m.•15 views

CVE-2024-38373 FreeRTOS-Plus-TCP Buffer Over-Read in DNS Response Parser

9.6CVSS7.1AI score0.00646EPSS

Exploits0References2

Cvelist•added 2024/06/24 4:23 p.m.•20 views

CVE-2024-38373 FreeRTOS-Plus-TCP Buffer Over-Read in DNS Response Parser