13124 matches found
SUSE CVE-2026-23216
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...
PT-2026-20908
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...
go-ethereum 安全漏洞
go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.17.0 contained security vulnerabilities; these vulnerabilities allowed attackers to cause high memory usage by sending specially crafted P2P messages...
GHSA-WGVP-VG3V-2XQ3 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...
GHSA-689V-6XWF-5JF3 Go Ethereum affected by DoS via malicious p2p message
Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...
Go Ethereum affected by DoS via malicious p2p message
Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...
CVE-2019-25396
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAXDISKUSAGE or MAXDOWNLOADRATE paramete...
CVE-2019-25396
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAXDISKUSAGE or MAXDOWNLOADRATE paramete...
CVE-2019-25396 IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAXDISKUSAGE or MAXDOWNLOADRATE paramete...
Malicious code in questpro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 be333f6f44c50eba4d7a7c11754e048bdc2ed092ae58cee1e88cb24225d4d151 When using the package, user's Discord tokens are silently exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2026-936 Malicious code in questpro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 be333f6f44c50eba4d7a7c11754e048bdc2ed092ae58cee1e88cb24225d4d151 When using the package, user's Discord tokens are silently exfiltrated. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
CVE-2026-23216
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...
CVE-2026-23216
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...
CVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...
CVE-2026-23216
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...
CVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...
CVE-2026-23216
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount In iscsitdecconnusagecount, the function calls complete while holding the conn-connusagelock. As soon as complete is invoked, the waiter such as...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
CVE-2026-1452
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
AZL-78024 CVE-2026-27171 affecting package openjpeg2 2.3.1-12
zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...