Lucene search
+L

35 matches found

nvd
nvd
added 2 days ago7 views

CVE-2026-61449

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS0.00247EPSS
Exploits0References2
euvd
euvd
added 2 days ago4 views

EUVD-2026-44647

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS6.1AI score0.00247EPSS
Exploits0References2
cve
cve
added 2026/07/06 2:24 p.m.20 views

CVE-2026-58203

CVE-2026-58203 affects pydantic-settings, specifically NestedSecretsSettingsSource. From 2.12.0 through 2.14.2, when secrets_nested_subdir is true, a directory entry that is a symbolic link to outside secrets_dir is followed, enabling reading files outside the configured directory and bypassing s...

5.3CVSS6AI score0.00138EPSS
Exploits0References1Affected Software1
astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The payload size has been sanitized to prevent member overflow. In functions qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by the firmware is used to calculate the copy length for the...

5.8AI score0.00168EPSS
Exploits0References2
osv
osv
added 2026/06/19 10:10 p.m.28 views

GHSA-4XGF-CPJX-PC3J pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

Summary NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is followed, so files outside the configured directory are read into settings value...

5.3CVSS5.9AI score0.00138EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.11 views

PT-2026-55944

Name of the Vulnerable Software and Affected Versions pydantic-settings versions 2.12.0 through 2.14.1 Description The NestedSecretsSettingsSource reads secret values from files within a configured secrets dir. When the secrets nested subdir variable is set to true, the system follows symbolic...

5.3CVSS6AI score0.00138EPSS
Exploits0References9
euvd
euvd
added 2026/06/15 9:55 p.m.11 views

EUVD-2026-37012

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS5.3AI score0.00344EPSS
Exploits0References4
hackerone
hackerone
added 2026/05/13 10:42 p.m.35 views

curl: HTTP/2 proxy CONNECT tunnel unbounded 1xx chain (missing Curl_bump_headersize cap in cf-h2-proxy.c)

A malicious HTTPS-on-HTTP/2 proxy can grow a libcurl client's resident set without bound during the CONNECT phase by streaming 1xx informational responses. The CVE-2023-38039 cap MAXHTTPRESPHEADERSIZE, 300 KiB, enforced through Curlbumpheadersize is not applied on the HTTP/2 proxy path. The HTTP/...

7.5CVSS6.6AI score0.62246EPSS
Exploits1
cve
cve
added 2026/05/12 7:40 p.m.21 views

CVE-2026-44219

CVE-2026-44219 affects the ciguard static security auditor. The two SCA HTTP clients (osv.py and endoflife.py) call payload = json.loads(resp.read().decode('utf-8')) without a maximum bytes cap, allowing a hostile or compromised endoflife.date / OSV.dev (or a TLS MITM) to return multi-GB response...

3.7CVSS5.8AI score0.00301EPSS
Exploits0References1
osv
osv
added 2026/05/05 10:17 p.m.5 views

GHSA-XW8C-RRVX-F7XQ ciguard: SCA HTTP client reads response body without size cap

Summary Both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev or a successful TLS MITM could return a multi-GB response,...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
github
github
added 2026/05/05 10:17 p.m.8 views

ciguard: SCA HTTP client reads response body without size cap

Summary Both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev or a successful TLS MITM could return a multi-GB response,...

3.7CVSS5.9AI score0.00301EPSS
Exploits0References5Affected Software1
github
github
added 2026/05/05 9:57 p.m.10 views

OpAMP client reads unbounded HTTP response bodies

Summary When receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server i...

7.5CVSS6AI score0.00311EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.11 views

PT-2026-37315

Name of the Vulnerable Software and Affected Versions ciguard versions 0.6.0 through 0.8.1 Description Both SCA HTTP clients in src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call the function json.loads on response data without a maximum-bytes cap. A hostile or...

3.7CVSS5.8AI score0.00301EPSS
Exploits0References12
nvd
nvd
added 2026/03/24 2:16 p.m.7 views

CVE-2026-33418

DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...

7.5CVSS0.00376EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/20 12:0 a.m.14 views

PT-2026-26757

Name of the Vulnerable Software and Affected Versions @dicebear/converter versions prior to 9.4.2 Description The ensureSize function in @dicebear/converter previously used a regex-based method to limit SVG width and height attributes to 2048px to prevent denial of service. This limitation could ...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References4
astralinux
astralinux
added 2026/03/03 9:29 a.m.14 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser could accumulate unbounded data when the header block of a multipart part never ended with the required blank line CRLFCRLF. The parser continuously stored incoming bytes in memory...

7.5CVSS6.6AI score0.00868EPSS
Exploits0References3
nessus
nessus
added 2026/02/10 12:0 a.m.5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005324)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005324 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart...

7.5CVSS8.3AI score0.00868EPSS
Exploits0References4
osv
osv
added 2026/02/04 5:16 p.m.8 views

UBUNTU-CVE-2026-23059

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...

5.8AI score0.00168EPSS
Exploits0References16
cve
cve
added 2026/02/04 4:7 p.m.19 views

CVE-2026-23059

In the Linux kernel CVE-2026-23059, the vulnerable code paths are in Scsi qla2xxx logic, specifically qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(). The frame_size reported by firmware could exceed the 64-byte iocb member in struct purex_item, causing cross-boundary memcpy writes and Fo...

5.3AI score0.00168EPSS
Exploits0References4
nvd
nvd
added 2025/10/07 3:16 p.m.3 views

CVE-2025-61772

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...

7.5CVSS0.00868EPSS
Exploits0References4
Rows per page
Query Builder