Lucene search
K

256 matches found

NVD
NVD
added 2 days ago3 views

CVE-2026-49477

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracking when processing an attribute selector with an unterminated quoted value in...

7.5CVSS0.00601EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...

7.5CVSS0.00601EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added last week8 views

Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser

Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the VALUE regex pattern in cssparser.py enters exponential...

7.5CVSS5.9AI score0.00601EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 1:12 p.m.5 views

OESA-2026-2722 dovecot security update

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. Security Fixes: Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRA...

7.5CVSS5.8AI score0.00454EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 5:8 p.m.3 views

OPENSUSE-SU-2026:21109-1 Security update for dovecot24

This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipelines bsc1265146. - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40016: Sieve: contains/: matches ONxM substring...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References10
OSV
OSV
added 2026/06/19 5:4 p.m.2 views

SUSE-SU-2026:22185-1 Security update for dovecot24

This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipelines bsc1265146. - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40016: Sieve: contains/: matches ONxM substring...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/06/17 12:10 p.m.8 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.5AI score0.00703EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.10 views

Debian dla-4556 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...

7.5CVSS5.5AI score0.0079EPSS
Exploits6References18
Ubuntu
Ubuntu
added 2026/06/02 12:42 p.m.15 views

USN-8365-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...

9.1CVSS5.9AI score0.00454EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/25 7:33 a.m.15 views

CVE-2026-40016

A flaw was found in Dovecot. A remote or local attacker could upload a malicious Sieve script through the ManageSieve service, or locally, to bypass configured CPU time limits for Sieve scripts. This allows the attacker to consume excessive server resources, leading to a degradation of server...

6.5CVSS5.8AI score0.00338EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.9 views

Parser-Free Querying of Security Logs

Security analysts routinely query system logs to detect threats and investigate incidents, but each log source uses its own semi-structured format: logs are cheap to produce, but expensive to use. The standard approach, building per-source parsers to normalize logs into structured schemas, is...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/20 2:1 a.m.14 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-40016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configure...

6.5CVSS5.9AI score0.00338EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/14 3:35 p.m.9 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 2:6 p.m.10 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00703EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.17 views

SUSE CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 3:31 p.m.38 views

EUVD-2026-29470

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 2:17 p.m.12 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS0.00338EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/12 2:17 p.m.17 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 2:17 p.m.15 views

UBUNTU-CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References4
Rows per page
Query Builder