Lucene search
+L

214 matches found

OSV
OSV
โ€ขadded 3 days agoโ€ข4 views

CVE-2026-55407 Buffa: Memory Exhaustion Denial of Service in decode_unknown_field via Unbounded Allocation

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decodeunknownfield function in buffa's protobuf decoder allocated heap memory in proportion to untrusted input unknown fields in the serialized protobuf without enforcing an...

6.3CVSS6.1AI score0.00565EPSS
Exploits0References6
OSV
OSV
โ€ขadded 5 days agoโ€ข4 views

UBUNTU-CVE-2026-50651

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score0.00617EPSS
Exploits0References6
CVE
CVE
โ€ขadded 2026/07/10 4:49 p.m.โ€ข10 views

CVE-2026-55780

NanaZip (7โ€‘Zip derivative) prior to version 6.5.1749.0 is vulnerable due to its .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp, which sizes the extraction buffer from the bundle entry Size field without validating against the real file size. This allows an attacker...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References3
Cvelist
Cvelist
โ€ขadded 2026/07/10 4:49 p.m.โ€ข36 views

CVE-2026-55780 NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS0.00112EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2026/07/10 4:49 p.m.โ€ข5 views

CVE-2026-55780 NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References5
Cvelist
Cvelist
โ€ขadded 2026/07/10 7:10 a.m.โ€ข29 views

CVE-2026-40006 Apache IoTDB: Unauthenticated heap-exhaustion DoS via unbounded allocation in IoTDB AirGap pipe receiver

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

0.00323EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2026/07/10 7:10 a.m.โ€ข13 views

CVE-2026-40006

CVE-2026-40006 affects Apache IoTDB: when pipe_air_gap_receiver_enabled is true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 without authentication. The readLength method reads an attacker-controlled 32-bit integer from the socket and passes it to new byte[length] with...

7.5CVSS6.1AI score0.00323EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2026/07/08 5:17 p.m.โ€ข3 views

DEBIAN-CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

7.5CVSS6.1AI score0.0037EPSS
Exploits1References1
Debian CVE
Debian CVE
โ€ขadded 2026/07/08 3:47 p.m.โ€ข7 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score0.0037EPSS
Exploits1
Positive Technologies
Positive Technologies
โ€ขadded 2026/07/08 12:0 a.m.โ€ข9 views

PT-2026-56498

Name of the Vulnerable Software and Affected Versions Immutable.js versions prior to 4.3.9 Immutable.js versions prior to 5.1.8 Description Certain functions mishandle an index or size within the range 2 30 to 2 31 in the setListBounds function located in src/List.js. This can lead to an empty Li...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/07/03 12:0 a.m.โ€ข10 views

Elasticsearch 8.0.x < 8.19.17 / 9.0.x < 9.3.6 / 9.4.x < 9.4.3 Multiple DoS

The version of Elasticsearch installed on the remote host is 8.0 prior to 8.19.17, 9.0 prior to 9.3.6, or 9.4.0 prior to 9.4.3. It is, therefore, affected by multiple denial of service vulnerabilities: - Uncontrolled recursion in Elasticsearch allows an authenticated user to submit a specially...

6.5CVSS6.2AI score0.00347EPSS
Exploits0References4
EUVD
EUVD
โ€ขadded 2026/07/01 4:35 p.m.โ€ข8 views

EUVD-2026-41088

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
OSV
OSV
โ€ขadded 2026/06/24 4:29 p.m.โ€ข2 views

CVE-2026-53031 bpf: Validate node_id in arena_alloc_pages()

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References7
AstraLinux
AstraLinux
โ€ขadded 2026/06/24 3:11 p.m.โ€ข9 views

Astra Linux โ€“ Vulnerability in Qemu

A flaw was discovered in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, resulting in uncontrolled memory allocation. This can lead to a denial of service attack on the host system, causing the QEMU process to terminate...

5.5CVSS7.1AI score0.00137EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/06/18 6:7 a.m.โ€ข10 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Eclipse Netty and Eclipse Vert.x Vulnerability Details CVEID:CVE-2026-45416 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and...

10CVSS5.7AI score0.00606EPSS
Exploits1Affected Software1
OSV
OSV
โ€ขadded 2026/06/17 2:6 p.m.โ€ข8 views

GHSA-6PR9-RP53-2PMC vLLM: OOM Denial of Service via Audio Decompression Bomb

Summary vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to 14.9GB of float32 PCM at decode time. Tested on vLLM v0.19.0. Details SpeechToTextProcessor rejects uploads over VLLMMAXAUDIOCLIPFILESIZEMB default 25MB based on...

6.5CVSS5.4AI score0.00243EPSS
Exploits0References9
CVE
CVE
โ€ขadded 2026/06/12 2:52 p.m.โ€ข59 views

CVE-2026-50011

Netty CVE-2026-50011 affects RedisArrayAggregator in Netty (prior to 4.1.135.Final and 4.2.15.Final). A RESP header can claim a large initial ArrayList capacity, taken from the wire before child messages exist, enabling unbounded pre-allocation. This can cause memory consumption issues. The issue...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References7Affected Software1
OSV
OSV
โ€ขadded 2026/06/12 2:52 p.m.โ€ข5 views

CVE-2026-50011 Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

7.5CVSS7AI score0.0038EPSS
Exploits0References9
SUSE Linux
SUSE Linux
โ€ขadded 2026/06/12 1:54 p.m.โ€ข27 views

Security update for qemu

This update for qemu fixes the following issues: CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. CVE-2026-2243: incorrect bounds check leads to heap...

8.8CVSS6.7AI score0.00143EPSS
Exploits1References26
SUSE Linux
SUSE Linux
โ€ขadded 2026/06/12 1:52 p.m.โ€ข10 views

Security update for qemu

This update for qemu fixes the following issues: CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files bsc1258509. CVE-2026-3195: heap buffer overflow when reading input audio in the virtio-snd device inp...

8.8CVSS7.4AI score0.00126EPSS
Exploits1References18
Rows per page
Query Builder