Lucene search
+L

204 matches found

Tenable Nessus
Tenable Nessus
added 2 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-49477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve contains a regular expressi...

7.5CVSS5.3AI score0.00601EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-56743 Cilium may unexpectedly allow ingress traffic from the local namespace when a Kubernetes NetworkPolicy is configured with an ipBlock match

Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom...

5.4CVSS0.00158EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-49477

A flaw was found in soupsieve, a CSS selector library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted, untrusted CSS selector strings. The flaw occurs due to a regular expression vulnerable to catastrophic backtracking when processing a...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-49476

A flaw was found in soupsieve, a CSS selector library used with Beautiful Soup 4. This vulnerability allows a remote attacker to cause a denial of service DoS by supplying a specially crafted CSS selector string. The parser allocates unbounded memory when compiling large, comma-separated selector...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-49476

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS0.00601EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS0.00601EPSS
Exploits0References3
OSV
OSV
added 5 days ago5 views

JLSEC-2026-664 Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector:...

Stack overflow vulnerability in astselectors.cpp in function Sass::CompoundSelector::hasrealparentref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service DoS. Also affects the command line driver for libsass, sassc 3.6.2...

7.5CVSS7AI score0.01252EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/07/09 1:37 p.m.7 views

Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists

Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile or Beautiful Soup's .select / .selectone can caus...

7.5CVSS6AI score0.00601EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.11 views

PT-2026-56839

Name of the Vulnerable Software and Affected Versions soupsieve affected versions not specified Description The CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists. An attacker can provide a crafted CSS selector string to soupsieve.compi...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.9 views

PT-2026-56840

Name of the Vulnerable Software and Affected Versions soupsieve affected versions not specified Description The CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracking, which occurs when the regex engine takes an exponential amount of time to process...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2026/07/01 9:0 a.m.4 views

soupsieve: Soupsieve: Denial of Service via crafted CSS selector strings

A flaw was found in soupsieve, a CSS selector library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted, untrusted CSS selector strings. The flaw occurs due to a regular expression vulnerable to catastrophic backtracking when processing a...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 9:0 a.m.3 views

soupsieve: python-soupsieve: Soupsieve: Denial of Service via crafted CSS selector string

A flaw was found in soupsieve, a CSS selector library used with Beautiful Soup 4. This vulnerability allows a remote attacker to cause a denial of service DoS by supplying a specially crafted CSS selector string. The parser allocates unbounded memory when compiling large, comma-separated selector...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References7
OSV
OSV
added 2026/06/22 3:58 p.m.5 views

CVE-2026-55602 http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...

6.9CVSS6AI score0.0034EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/07 12:53 a.m.3 views

soupsieve: Soupsieve: Denial of Service via crafted CSS selector strings

A flaw was found in soupsieve, a CSS selector library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted, untrusted CSS selector strings. The flaw occurs due to a regular expression vulnerable to catastrophic backtracking when processing a...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/01 10:26 a.m.9 views

Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive...

8.2CVSS5.5AI score0.00328EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 9:11 a.m.13 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.17.0 shipped with IBM Cloud Pak for Business Automation iFixes for April 2026

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation April 2026 security fixes update this dependency beyond 4.17.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...

9.1CVSS7.2AI score0.03992EPSS
Exploits7Affected Software2
OSV
OSV
added 2026/05/24 6:16 a.m.9 views

DEBIAN-CVE-2026-9358

A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The...

5.3CVSS4.7AI score0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/24 5:30 a.m.15 views

EUVD-2026-31571

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/24 5:30 a.m.16 views

CVE-2026-9358

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References4
CVE
CVE
added 2026/05/24 5:30 a.m.56 views

CVE-2026-9358

The CVE-2026-9358 vulnerability affects postcss up to 7.1.1, specifically the toString function in src/selectors/container.js of the AST Serialization component. A manipulated input can cause uncontrolled recursion, enabling a remote DoS. Public exploitation is indicated, with PoC-like details ci...

5.3CVSS4.7AI score0.00325EPSS
Exploits0References7
Rows per page
Query Builder