Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

ATTACKERKB
ATTACKERKBadded 4 days ago4 views

CVE-2026-41237

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.8AI score0.00044EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/13 12:0 a.m.3 views

PT-2026-25388

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev name len, causing a stack overflow in the driver and crashing the task o...

6.8CVSS5.9AI score0.00034EPSS
Exploits1References6
OSV
OSVadded 2026/01/22 1:53 a.m.3 views

CVE-2026-23963 Mastodon missing length limits on list names, filter names, and filter keywords

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...

4.3CVSS5.5AI score0.00109EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2026/01/02 9:16 p.m.5 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS5.9AI score0.00028EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2025/04/23 10:34 a.m.2 views

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

7.5CVSS5.7AI score0.00315EPSS
Exploits0References5
OSV
OSVadded 2016/08/07 9:59 p.m.2 views

DEBIAN-CVE-2016-6515

The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string...

7.5CVSS6.9AI score0.77091EPSS
Exploits5References1
OSV
OSVadded 2016/08/07 9:59 p.m.1 views

ALPINE-CVE-2016-6515

The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string...

7.5CVSS6.9AI score0.77091EPSS
Exploits5References1
OSV
OSVadded 2015/02/08 11:59 a.m.1 views

DEBIAN-CVE-2014-9667

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service integer overflow and out-of-bounds read or possibly have unspecified other impact via a crafted SFNT table...

6.8CVSS7.7AI score0.01771EPSS
Exploits1References1
Rows per page
Query Builder