Lucene search
+L

301 matches found

ibm
ibm
added 2 days ago13 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap (CVE-2026-6051)

Summary IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. Vulnerability Details CVEID:CVE-2026-6051 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a...

7.5CVSS6.1AI score0.00177EPSS
Exploits0Affected Software1
cve
cve
added 2026/07/08 3:22 p.m.8 views

CVE-2026-3144

CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The issue is the use of default credentials, which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. Exploitation details or a remediation/fix are not provided in ...

9.8CVSS5.9AI score0.00412EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2026/07/08 12:0 a.m.14 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS software allow an unauthenticated attacker with...

8.7CVSS7AI score0.00587EPSS
Exploits0References2
nvd
nvd
added 2026/07/07 5:16 p.m.8 views

CVE-2026-13019

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS0.0041EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 5:16 p.m.10 views

CVE-2026-13020

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

9.8CVSS0.00234EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.12 views

PT-2026-56204

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description Esri Portal for ArcGIS on Windows, Linux, and Kubernetes contains a flaw where a critical function lacks proper authentication. This allows a remote, unauthenticated attacker to access ...

9.8CVSS6AI score0.0041EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/07/02 11:5 p.m.10 views

CVE-2026-13383

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to a...

8.6CVSS6.1AI score0.00546EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/30 7:42 p.m.8 views

EUVD-2026-40393

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/23 3:5 p.m.10 views

CVE-2026-55767

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::valida...

5.8CVSS5.9AI score0.00111EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/06/10 12:43 p.m.7 views

CVE-2026-52759 Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory Allocation in Mach-O Parser

Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
nessus
nessus
added 2026/06/10 12:0 a.m.9 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS software allows an...

6.9CVSS5.5AI score0.00224EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/07 12:43 a.m.18 views

CVE-2026-44660

A flaw was found in UltraJSON, a fast JSON encoder and decoder. When the ujson.dump function attempts to write data to a file-like object and an error occurs during this operation, the memory allocated for the serialized JSON string is not properly released. This continuous failure to deallocate...

8.7CVSS5AI score0.00421EPSS
Exploits1References6
nessus
nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.12.1 : libpng (EulerOS-SA-2026-2079)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via pngcreatereadstruct...

8.3CVSS7.5AI score0.00955EPSS
Exploits3References4
snyk
snyk
added 2026/05/28 4:48 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parsing process. An attacker can cause excessive memory consumption b...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References2
nvd
nvd
added 2026/05/28 4:16 p.m.13 views

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS0.0013EPSS
Exploits0References3
osv
osv
added 2026/05/28 4:16 p.m.11 views

UBUNTU-CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/28 2:49 p.m.12 views

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/05/28 2:49 p.m.3 views

CVE-2026-48735 pypdf: Manipulated XMP metadata streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

6.9CVSS5.9AI score0.0013EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.10 views

PT-2026-44399

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.1 Description An attacker can craft a PDF file that causes excessive memory consumption during the parsing of large XMP metadata, which may contain numerous unnecessary elements. Recommendations Update to version...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References20
osv
osv
added 2026/05/27 9:16 p.m.6 views

DEBIAN-CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

7.5CVSS5.8AI score0.00421EPSS
Exploits1References1
Rows per page
Query Builder