CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/10 12:0 a.m.•9 views

PT-2026-48517

Name of the Vulnerable Software and Affected Versions s2n-quic versions prior to 1.8.2 Description Unbounded memory allocation in the CRYPTO frame reassembler allows an unauthenticated remote actor to cause a denial of service, resulting in degraded availability, by sending crafted QUIC Initial...

6.9CVSS5.3AI score0.00291EPSS

Exploits0References5

Snyk•added 2026/05/19 2:35 p.m.•11 views

Allocation of Resources Without Limits or Throttling

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...

9.2CVSS5.8AI score

EUVD•added 2026/05/13 9:32 p.m.•13 views

EUVD-2026-30138

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•9 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017795 advisory. The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large...

7.5CVSS6.9AI score0.09438EPSS

OSV•added 2026/05/07 1:54 a.m.•5 views

GHSA-FPF5-4JW8-67X8 rust-zserio has Unbounded Memory Allocation

Impact When deserializing arrays, strings or bytes blob types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allocate...

7.5CVSS5.8AI score

CVE•added 2026/05/03 11:55 p.m.•15 views

CVE-2026-6948

CVE-2026-6948 affects Velociraptor servers prior to version 0.76.4, where the VQLResponse Result-Set Writer can allocate memory unboundedly in the agent control channel. A compromised Velociraptor client can trigger an Out-Of-Memory (OOM) condition, crashing the server by sending crafted messages...

4.9CVSS5.8AI score0.00344EPSS

Vulnrichment•added 2026/04/24 8:0 a.m.•2 views

CVE-2026-21728 Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.2AI score0.00387EPSS

Snyk•added 2026/04/17 10:41 p.m.•1 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.8AI score0.00453EPSS

EUVD•added 2026/04/16 8:44 p.m.•2 views

EUVD-2026-23300

MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport...

8.7CVSS5.8AI score0.00495EPSS

OSV•added 2026/04/16 8:44 p.m.•6 views

GHSA-353C-V8X9-V7C3 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

8.7CVSS5.9AI score0.00495EPSS

CVE•added 2026/03/16 11:6 a.m.•25 views

CVE-2026-2456

Mattermost is affected by CVE-2026-2456 due to an unbounded memory allocation when handling responses from integration action endpoints. A authenticated attacker can cause server memory exhaustion and a denial of service by having a malicious integration server return an arbitrarily large respons...

5.7CVSS5.8AI score0.00165EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/11 8:16 p.m.•8 views

CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS0.001EPSS

EUVD•added 2026/03/11 12:38 a.m.•3 views

EUVD-2026-11329

Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing...

5.5CVSS5.8AI score0.001EPSS

Cvelist•added 2026/02/18 8:47 p.m.•19 views

CVE-2025-14876 Qemu-kvm: unbounded allocation in virtio-crypto

A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service DoS on the host system by causing the QEMU process to terminate...

5.5CVSS0.00137EPSS

RedhatCVE•added 2026/02/04 3:15 a.m.•6 views

CVE-2025-58346

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/sendaddts write operation, leading to kernel...

5.5CVSS5.6AI score0.00107EPSS

RedhatCVE•added 2026/02/04 3:15 a.m.•3 views

CVE-2025-58345

5.5CVSS5.6AI score0.00107EPSS

RedhatCVE•added 2026/02/04 3:15 a.m.•3 views

CVE-2025-58347

5.5CVSS5.6AI score0.00136EPSS