Lucene search
+L

477 matches found

snyk
snyk
added 2026/04/16 9:30 p.m.9 views

Excessive Iteration

Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration in the incremental mode for PDF processing. An attacker can cause excessive resource consumption and...

6.5CVSS5.7AI score0.00214EPSS
Exploits0References2
snyk
snyk
added 2026/04/16 9:30 p.m.3 views

Excessive Iteration

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration in the incremental mode for PDF processing. An attacker can cause excessive resource consumption and...

6.5CVSS5.7AI score0.00214EPSS
Exploits0References2
github
github
added 2026/04/16 9:30 p.m.10 views

pypdf: Possible long runtimes for wrong size values in incremental mode

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes from PR...

6.5CVSS5.7AI score0.00214EPSS
Exploits0References6Affected Software1
ptsecurity
ptsecurity
added 2026/04/16 12:0 a.m.7 views

PT-2026-34566

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that causes long runtimes. This occurs when loading a PDF in incremental mode that contains a large /Size value in the trailer...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References19
osv
osv
added 2026/04/14 11:40 p.m.5 views

GHSA-HV4R-MVR4-25VW MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...

8.8CVSS5.9AI score0.00349EPSS
Exploits0References5
github
github
added 2026/04/14 11:40 p.m.14 views

MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...

8.8CVSS5.9AI score0.00349EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/04/14 12:4 a.m.4 views

GHSA-9C4Q-HQ6P-C237 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

8.8CVSS6.1AI score0.00418EPSS
Exploits0References5
github
github
added 2026/04/14 12:4 a.m.25 views

MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

8.8CVSS6AI score0.00418EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/04/14 12:0 a.m.9 views

PT-2026-34234

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. An attacker possessing a valid access key can write arbitrary...

8.8CVSS5.6AI score0.00349EPSS
Exploits0References10
hackerone
hackerone
added 2026/04/11 3:1 a.m.30 views

curl: Integer Overflow/Signedness Mismatch in Printf Precision for HTTP/2 Trailer Headers

BUG IN https://raw.githubusercontent.com/curl/curl/07a9b89fedaec60bdbc254f23f66149b31d2f8da/lib/http2.c c ifstream-bodystarted / This is a trailer / H2BUGFinfofdatas, "h2 trailer: %.s: %.s", namelen, name, valuelen, value; result = Curldynaddf&stream-trailerrecvbuf, "%.s: %.s\r\n", namelen, name,...

3.3CVSS6.2AI score0.00359EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/04/11 12:0 a.m.15 views

PT-2026-34231

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the Snowball auto-extract handler PutObjectExtractHandler. This issue allows a user with a valid access key to writ...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References11
susecve
susecve
added 2026/04/04 11:25 p.m.11 views

SUSE CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

5.3CVSS5.7AI score0.0044EPSS
Exploits0References4
veracode
veracode
added 2026/04/04 5:36 a.m.6 views

Memory Exhaustion

aiohttp is vulnerable to Memory Exhaustion. The vulnerability is due to insufficient restrictions in header/trailer handling, where unlimited trailer headers are accepted and an attacker can send a request or response with many trailers to cause uncapped memory usage...

7.5CVSS5.9AI score0.0044EPSS
Exploits0References3Affected Software2
redhatcve
redhatcve
added 2026/04/01 11:11 p.m.3 views

CVE-2026-22815

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for Python. Insufficient restrictions in header and trailer handling could allow a remote attacker to cause uncapped memory usage. This can lead to a Denial of Service DoS condition, making the affected web server...

7.5CVSS5.8AI score0.0044EPSS
Exploits0References6
nvd
nvd
added 2026/04/01 9:16 p.m.4 views

CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

7.5CVSS0.0044EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/04/01 9:16 p.m.4 views

CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

7.5CVSS5.9AI score0.0044EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/01 8:8 p.m.30 views

CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

6.9CVSS0.0044EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/04/01 8:8 p.m.2 views

CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.0044EPSS
Exploits0References3
debiancve
debiancve
added 2026/04/01 8:8 p.m.4 views

CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

7.5CVSS5.2AI score0.0044EPSS
Exploits0
osv
osv
added 2026/04/01 8:8 p.m.2 views

CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

6.9CVSS5.9AI score0.0044EPSS
Exploits0References5
Rows per page
Query Builder