Lucene search
K

81 matches found

NVD
NVD
added 2026/07/01 3:17 p.m.9 views

CVE-2026-6684

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS0.00205EPSS
Exploits2References4
EUVD
EUVD
added 2026/07/01 1:45 p.m.7 views

EUVD-2026-40994

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References4
CVE
CVE
added 2026/07/01 1:45 p.m.29 views

CVE-2026-6684

CVE-2026-6684 affects FatFs prior to R0.16 when GPT scanning is used with FF_LBA64 = 1. The issue stems from an unbounded loop count derived from the GPT header field GPTH_PtNum, leading to extremely long or effectively infinite mount-time scans (CWE-835: Loop with Unreachable Exit Condition). Af...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/06/24 9:32 p.m.11 views

CVE-2026-10642

The CVE-2026-10642 issue affects the Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) where pl011_irq_tx_enable() can spin in an unbounded loop when CTS hardware flow control is enabled and CTS is de-asserted by the peer. This causes the TX interrupt to remain masked and the controller to s...

6.5CVSS5.9AI score0.00185EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:49 p.m.6 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.8AI score0.00161EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:49 p.m.5 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dmcrypt: added condresched to dmcryptwrite. The loop in dmcryptwrite may run for an unlimited amount of time; therefore, condresched is needed in it. This commit fixes the following warnings: 3391.153255 C12 watchdog: BUG: sof...

5.5CVSS6.4AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.36 views

PT-2026-49562

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description A Denial of Service DoS issue exists in the @angular/common package. The formatNumber...

8.2CVSS5.8AI score0.00161EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/29 7:58 p.m.38 views

CVE-2026-46385 iskorotkov/avro: CPU Exhaustion in Avro Decoder

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS0.00378EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 5:33 p.m.9 views

GHSA-HH27-HF48-9F5Q LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 4:33 p.m.8 views

GHSA-W8J3-PQ8G-8M7W iskorotkov/avro: CPU Exhaustion in Decoder

CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration Summary The Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is...

8.7CVSS5.9AI score0.00378EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 3:33 p.m.5 views

GHSA-V25J-WQCW-FVHJ wger has an Uncontrolled Resource Consumption issue

Summary Any authenticated user can create a routine spanning an arbitrarily long date range e.g. 100 years and then trigger the datesequence computation via any of the routine detail endpoints. The server iterates once per day in an unbounded while loop with no maximum duration validation, causin...

6.5CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/05/04 7:16 p.m.19 views

CVE-2026-25863

Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hidehiddenmailfieldsregexcallback method reads an iteration count directly from user-supplied POST parameters without...

8.7CVSS0.00435EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 6:29 p.m.6 views

CVE-2026-25863 Conditional Fields for Contact Form 7 < 2.7.3 DoS via Uncontrolled Resource Consumption

Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hidehiddenmailfieldsregexcallback method reads an iteration count directly from user-supplied POST parameters without...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 6:29 p.m.15 views

CVE-2026-25863

Vulnerability summary (CVE-2026-25863): The WordPress plugin “Conditional Fields for Contact Form 7” (CF7 Conditional Fields), affected up to version 2.6.7, contains an uncontrolled resource consumption issue in Wpcf7cfMailParser.hide_hidden_mail_fields_regex_callback(). The method reads an itera...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.16 views

PT-2026-36894

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 11:5 p.m.6 views

MGASA-2026-0076 Updated zlib packages fix security vulnerability

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...

5.5CVSS5.8AI score0.00204EPSS
Exploits1References5
OSV
OSV
added 2026/03/09 3:15 p.m.2 views

DEBIAN-CVE-2025-69647

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...

6.2CVSS4.8AI score0.00152EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/03/09 12:0 a.m.6 views

CVE-2025-69647

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...

6.2CVSS5.9AI score0.00152EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/07 12:27 a.m.5 views

SUSE CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...

5CVSS5.8AI score0.00126EPSS
Exploits0References3
Rows per page
Query Builder