Lucene search
K

386 matches found

OSV
OSV
added yesterday5 views

BIT-PROMETHEUS-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 6 days ago4 views

netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...

7.5CVSS6.8AI score0.00887EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added last week10 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS6AI score0.00761EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...

7.5CVSS5.9AI score0.00887EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.7 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References9
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5264 Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus

Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/25 5:48 a.m.1 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS6AI score0.00761EPSS
Exploits0References9
OSV
OSV
added 2026/06/21 8:46 a.m.9 views

ROOT-APP-MAVEN-CVE-2024-36124 CVE-2024-36124 in io.root.org.iq80.snappy:snappy - Patched by Root

Root has patched CVE-2024-36124 in the io.root.org.iq80.snappy:snappy package for Root:Maven. Multiple fixed versions available...

5.3CVSS6.2AI score0.00487EPSS
Exploits0
OSV
OSV
added 2026/06/18 10:30 a.m.10 views

ROOT-APP-MAVEN-CVE-2023-34453 CVE-2023-34453 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34453 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

5.9CVSS5.2AI score0.01707EPSS
Exploits1
OSV
OSV
added 2026/06/18 10:30 a.m.11 views

ROOT-APP-MAVEN-CVE-2023-34455 CVE-2023-34455 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34455 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.2AI score0.01762EPSS
Exploits1
OSV
OSV
added 2026/06/18 10:30 a.m.10 views

ROOT-APP-MAVEN-CVE-2023-34454 CVE-2023-34454 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34454 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

5.9CVSS5.3AI score0.01469EPSS
Exploits0
OSV
OSV
added 2026/06/18 10:30 a.m.10 views

ROOT-APP-MAVEN-CVE-2023-43642 CVE-2023-43642 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-43642 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.2AI score0.0104EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/11 12:56 p.m.2 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS6AI score0.00761EPSS
Exploits0References9
NVD
NVD
added 2026/06/10 8:17 p.m.14 views

CVE-2026-46683

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 7:53 p.m.2 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS5.9AI score0.00249EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 7:53 p.m.30 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 7:53 p.m.10 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS5.3AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 7:52 p.m.33 views

CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file...

7.5CVSS0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 7:52 p.m.22 views

CVE-2026-46643

CVE-2026-46643 affects KnLplabs Snappy (knplabs/knp-snappy) on POSIX, where escapeshellarg('/usr/bin/wkhtmltopdf') may still leave $command unescaped due to a faulty is_executable check. This allows command execution when the binary path is influenced by user input or environment data, as the saf...

7.5CVSS5.5AI score0.00152EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 7:52 p.m.13 views

EUVD-2026-36111

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file...

7.5CVSS5.5AI score0.00152EPSS
Exploits0References2
Rows per page
Query Builder