Lucene search
+L

226 matches found

osv
osv
added 2026/06/29 11:14 a.m.7 views

BIT-PYTHON-MIN-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References10
osv
osv
added 2026/06/29 11:14 a.m.9 views

BIT-PYTHON-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References10
osv
osv
added 2026/06/29 11:10 a.m.8 views

BIT-LIBPYTHON-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References10
osv
osv
added 2026/06/23 11:16 p.m.3 views

DEBIAN-CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/23 10:2 p.m.6 views

CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0
osv
osv
added 2026/06/23 10:2 p.m.2 views

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.9AI score0.00433EPSS
Exploits0References12
nessus
nessus
added 2026/06/12 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-44496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular...

7.5CVSS5.9AI score0.00622EPSS
Exploits1References3
cvelist
cvelist
added 2026/06/08 2:0 a.m.47 views

CVE-2026-11478 kokke tiny-regex-c Pattern re.c matchstar redos

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS0.00113EPSS
Exploits0References7
nessus
nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2026-2033)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

6CVSS5.6AI score0.0056EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.11 views

PT-2026-49061

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.2.2 Description Bugsink stores every tag provided with an incoming event. An attacker can submit an event containing an unusually large number of custom tags, causing the ingestion process to spend excessive time...

4.3CVSS6.1AI score0.00056EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.12 views

Red Hat OpenShift Container Platform 安全漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Corporation that helps enterprises develop, deploy, and manage container-based applications across physical, virtual, and public cloud infrastructures. There is a security vulnerability in Red Hat OpenShift Container Platform...

5CVSS5.4AI score0.0023EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/29 2:21 p.m.11 views

CVE-2026-44378

A flaw was found in Botan, a C++ cryptography library. A remote attacker could exploit this vulnerability by sending specially crafted Basic Encoding Rules BER data with indefinite length encodings. This could cause quadratic behavior in the parser, leading to a denial of service DoS due to...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Block layer: The feature of freezing the request queue from within sysfs store callbacks has been removed. Freezing the request queue may cause a deadlock when combined with the dm-multipath driver and the queueifnopath option...

5.5CVSS5.9AI score0.00083EPSS
Exploits0References1
snyk
snyk
added 2026/05/07 12:19 a.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the decodeHuffmanEncodedLiteral function in the QPACK decoder, which allocates memory for a byte array based on a length value received from the network without verifying that sufficie...

8.7CVSS5.8AI score0.00437EPSS
Exploits1References2
ibm
ibm
added 2026/05/04 6:56 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873.

Summary IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerabl...

7.5CVSS6.6AI score0.00492EPSS
Exploits1Affected Software1
suse
suse
added 2026/04/30 5:22 p.m.3 views

Security update for python-Pygments

This update for python-Pygments fixes the following issues: CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

3.3CVSS5.8AI score0.00156EPSS
Exploits0References4
amazon
amazon
added 2026/04/30 12:0 a.m.20 views

Important: docker

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.8AI score0.08123EPSS
Exploits1
hackread
hackread
added 2026/04/28 8:53 p.m.8 views

Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

5.3AI score
Exploits0
osv
osv
added 2026/04/16 1:27 p.m.9 views

SUSE-SU-2026:21253-1 Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards...

9.2CVSS7.5AI score0.00519EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/04/09 10:30 p.m.7 views

CVE-2026-5986

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

6.9CVSS5.8AI score0.00372EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder