Lucene search
K

8 matches found

EUVD
EUVD
added 2026/04/09 12:31 a.m.15 views

EUVD-2026-20779

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...

8.7CVSS6AI score0.00508EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/09 12:31 a.m.6 views

Duplicate Advisory: Unfurl's unbounded zlib decompression allows decompression bomb DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h5qv-qjv4-pc5m. This link is maintained to preserve external references. Original Description Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote...

8.7CVSS5.8AI score0.00508EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/09 12:31 a.m.13 views

GHSA-C3F2-QG8V-25Q2 Duplicate Advisory: Unfurl's unbounded zlib decompression allows decompression bomb DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h5qv-qjv4-pc5m. This link is maintained to preserve external references. Original Description Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote...

8.7CVSS5.8AI score0.00508EPSS
Exploits1References6
NVD
NVD
added 2026/04/08 10:16 p.m.3 views

CVE-2026-40036

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...

8.7CVSS0.00508EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/08 9:35 p.m.7 views

CVE-2026-40036 Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...

8.7CVSS5.8AI score0.00508EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/08 9:35 p.m.22 views

CVE-2026-40036 Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...

8.7CVSS0.00508EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/04/08 9:35 p.m.8 views

CVE-2026-40036

Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...

8.7CVSS5.8AI score0.00508EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.8 views

PT-2026-31471

Name of the Vulnerable Software and Affected Versions Unfurl versions prior to 2026.04 Description Unfurl contains a flaw in the parse compressed.py component due to unbounded zlib decompression. Remote attackers can leverage this to cause a denial of service. Specifically, attackers can send...

8.7CVSS6AI score0.00508EPSS
Exploits1References15
Rows per page
Query Builder