Lucene search
+L

1171 matches found

osv
osv
added 2 days ago2 views

OPENSUSE-SU-2026:21339-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-59922: quadratic-time parsing on long runs of some markers in formatting.py can lead to DoS bsc1271117. - CVE-2026-59923: HTMLRenderer.safeurl does not block percent-encoded javascript URIs and allows for XSS bsc1271119. -...

7.5CVSS6.3AI score0.00366EPSS
Exploits8References19
ibm
ibm
added 2026/07/08 11:22 a.m.9 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a Denial of Service vulnerability due to pyasn1

Summary pyasn1 is used by IBM Cloud Pak for Data System 1.0 as a generic ASN.1 encoding and decoding library for Python applications. CVE-2026-30922 affects pyasn1's ASN.1 decoder, where processing of crafted payloads containing deeply nested SEQUENCE or SET tags with indefinite length markers...

7.5CVSS6.8AI score0.00803EPSS
Exploits1Affected Software1
osv
osv
added 2026/07/06 5:48 a.m.4 views

BIT-ELASTICSEARCH-2026-56148 Uncontrolled Recursion in Elasticsearch Leading to Denial of Service

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS6AI score0.00347EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/07/02 10:12 a.m.17 views

CVE-2026-44740

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

7.5CVSS6AI score0.00295EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/02 12:0 a.m.6 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

5.8AI score0.00451EPSS
Exploits0References4
cve
cve
added 2026/07/02 12:0 a.m.15 views

CVE-2026-38970

The provided data confirms a concrete vulnerability in pdfcpu

7.5CVSS5.8AI score0.00451EPSS
Exploits0References3
osv
osv
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

7.5CVSS5.9AI score0.00451EPSS
Exploits0References5
nvd
nvd
added 2026/07/01 5:16 p.m.7 views

CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS0.00347EPSS
Exploits0References1
osv
osv
added 2026/07/01 5:16 p.m.5 views

UBUNTU-CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/01 4:17 p.m.38 views

CVE-2026-56148 Uncontrolled Recursion in Elasticsearch Leading to Denial of Service

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS0.00347EPSS
Exploits0References1
euvd
euvd
added 2026/07/01 4:17 p.m.9 views

EUVD-2026-41065

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/01 4:17 p.m.6 views

CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/07/01 4:17 p.m.58 views

CVE-2026-56148

CVE-2026-56148 — Elasticsearch Uncontrolled Recursion (DoS) Affected software: Elasticsearch (8.x and 9.x lines). What is vulnerable: Uncontrolled recursion in query processing that can cause excessive resource consumption, leading to denial of service on a node. Exposed to authenticated users wi...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/07/01 4:17 p.m.4 views

CVE-2026-56148 Uncontrolled Recursion in Elasticsearch Leading to Denial of Service

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS6AI score0.00347EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.8 views

PT-2026-54863

Name of the Vulnerable Software and Affected Versions Elasticsearch versions prior to 8.19.17 Elasticsearch versions prior to 9.3.6 Elasticsearch versions prior to 9.4.3 Description An authenticated user can trigger a denial of service by submitting a specially crafted query. This occurs due to...

6.5CVSS5.7AI score0.00347EPSS
Exploits0References5
redhat
redhat
added 2026/06/30 9:4 a.m.2 views

postgresql: PostgreSQL: Denial of Service via uncontrolled recursion in SSL/GSS negotiation

A flaw was found in PostgreSQL. Uncontrolled recursion during SSL Secure Sockets Layer and GSS Generic Security Service negotiation allows an attacker to achieve a sustained denial of service. This can be exploited by an attacker with access to a PostgreSQL AFUNIX socket. If SSL and GSS are both...

7.5CVSS6AI score0.00471EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/29 7:10 p.m.6 views

CVE-2026-54888

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References5Affected Software2
cvelist
cvelist
added 2026/06/29 7:10 p.m.28 views

CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS0.00168EPSS
Exploits0References4
osv
osv
added 2026/06/29 7:10 p.m.5 views

EEF-CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Summary Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, ex\document\to\comrak\ast and...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References5
osv
osv
added 2026/06/29 7:10 p.m.4 views

CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS6AI score0.00168EPSS
Exploits0References10
Rows per page
Query Builder