Lucene search
+L

504 matches found

Cvelist
Cvelist
added yesterday14 views

CVE-2026-54463 websocket-driver: Memory exhaustion via abuse of protocol length headers

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an...

6.9CVSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-49855

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks, allowing a malicious server accessed by SimpleAsyncHTTPClient or an...

7.5CVSS6.1AI score0.00691EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/09 9:14 p.m.9 views

CVE-2026-39197

A flaw was found in Vector. A remote attacker could send a specially crafted compressed request to Vector's HTTP ingest sources, causing unbounded memory allocation during decompression and leading to a Denial of Service DoS. Mitigation Restrict network access to Vector's HTTP and gRPC ingest...

7.5CVSS6AI score0.00289EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 11:50 p.m.8 views

CVE-2026-55079 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

4.9CVSS6AI score0.00611EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 4:59 p.m.2 views

SUSE-SU-2026:22575-1 Security update for alloy

This update for alloy fixes the following issues: Update to version 1.17.0. Security issues fixed: - CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service bsc1267185. - CVE-2026-25681: golang.org/x/net/html: parsing...

10CVSS6.8AI score0.00533EPSS
Exploits5References37
NVD
NVD
added 2026/07/06 11:16 a.m.10 views

CVE-2026-56810

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS0.00344EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 9:17 a.m.31 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS0.00344EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.7 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 5:16 p.m.21 views

CVE-2026-56149

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS0.00324EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:59 p.m.7 views

CVE-2026-57204 pypdf: Missing stream length values ignore defined limits

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS5.9AI score0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 9:49 a.m.13 views

CVE-2026-53917

CVE-2026-53917 describes an unbounded memory allocation vulnerability in OpenWire property unmarshalling in Apache ActiveMQ and related builds. An authenticated user can send a crafted OpenWire Message with a very large encoded size value for a message property map, causing OpenWire maps to be un...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-56018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup free...

7.5CVSS6.2AI score0.00609EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 7:7 p.m.12 views

CVE-2026-53429

Affected software: mdex (0.11.0–0.12.3) and mdex_native (0.1.0–0.2.3). Root cause: native rendering path leaks memory by Box::leak of literal strings for each MDEx.EscapedTag node, with no cap on literal size or node count, causing unbounded memory growth per render and across renders. Trigger: r...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 6:52 p.m.26 views

CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS0.00142EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:52 p.m.4 views

CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS6.1AI score0.00142EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:9 a.m.4 views

Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation

...

5.5CVSS6.1AI score0.00102EPSS
Exploits0
NVD
NVD
added 2026/06/26 12:16 a.m.9 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS0.00094EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 8:17 p.m.10 views

CVE-2026-46602

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

7.5CVSS0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 8:17 p.m.5 views

DEBIAN-CVE-2026-46602

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder