Lucene search
K

822 matches found

CVE
CVE
added 2026/06/10 8:13 p.m.27 views

CVE-2026-10142

CVE-2026-10142 affects kafka-python prior to 2.3.2. The vulnerability resides in the protocol parser, where an attacker can send a crafted 4-byte frame length via receive_bytes() without bounds validation. This can cause a multi-gigabyte memory allocation or an uncaught ValueError, leaving the co...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/10 8:13 p.m.9 views

CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.3AI score0.00348EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/09 11:1 p.m.34 views

CVE-2026-46411 FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:1 p.m.7 views

CVE-2026-46411 FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS5.6AI score0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-48170

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module task:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

5.5AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2026/05/31 9:8 a.m.7 views

Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError

Summary OTPHP\Factory::loadFromProvisioningUri parses an attacker-supplied otpauth:// URI and forwards every query key to OTP::setParameter$key, $value. setParameter resolves the name with propertyexists$this, $parameter and performs a dynamic write $this-$parameter = $value src/OTP.php:196-197...

5.3AI score
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/31 8:4 a.m.11 views

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date

...

5.5CVSS5.4AI score0.00127EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:49 p.m.10 views

CVE-2026-44902

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References2Affected Software4
EUVD
EUVD
added 2026/05/27 2:49 p.m.25 views

EUVD-2026-32538

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 4:16 a.m.10 views

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS0.00127EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/27 4:16 a.m.15 views

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 4:16 a.m.12 views

UBUNTU-CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References7
CVE
CVE
added 2026/05/27 2:25 a.m.34 views

CVE-2025-15649

CVE-2025-15649 affects IO::Uncompress::Unzip in Perl, with the vulnerability present in versions before 2.215. The issue arises when parsing a ZIP header with a malformed DOS date, where _dosToUnixTime() decodes the local-file-header date and calls Time::Local::timelocal() without an eval guard, ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 2:25 a.m.9 views

EUVD-2025-209949

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.8AI score0.00127EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/27 2:25 a.m.8 views

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43482

Name of the Vulnerable Software and Affected Versions IO::Uncompress::Unzip versions prior to 2.215 Description An uncaught exception occurs when parsing a zip header containing a malformed DOS date. The function dosToUnixTime decodes the last-modification date field of the local-file-header and...

5.5CVSS5.4AI score0.00127EPSS
Exploits0References18
Cvelist
Cvelist
added 2026/05/26 9:17 p.m.32 views

CVE-2026-43988 Vanetza: Remote Denial of Service via Uncaught Exception in ASN.1/OER Parsing

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

7.5CVSS0.00184EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 8:2 a.m.7 views

Uncaught Exception

Overview ts-deepmerge is an a deep merge function that automatically infers the return type based on your input, without mutating the source objects. Affected versions of this package are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods such as...

6.9CVSS5.5AI score0.00308EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/18 5:35 p.m.9 views

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder