Lucene search
K

4059 matches found

Nuclei
Nuclei
added 14 hours ago18 views

Kubernetes API Server - YAML Parsing DoS (Billion Laughs)

The Kubernetes API server is vulnerable to a denial of service attack via YAML/JSON parsing. An attacker can send a specially crafted YAML/JSON payload that causes exponential memory consumption Billion Laughs attack, leading to API server crash. id: CVE-2019-11253 info: name: Kubernetes API Serv...

7.5CVSS6.7AI score0.25939EPSS
Exploits2References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-43087

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS6.5AI score
Exploits0References11
CVE
CVE
added yesterday5 views

CVE-2026-55175

Spinnaker CVE-2026-55175 affects Rosco/Kustomize bake operations where unsafe YAML tag processing in rosco manifests can lead to remote code execution on rosco pods. Affected versions are prior to 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 across release lines; fixes are available in 2026.1.1, 20...

7.5CVSS6.5AI score
Exploits0References11
CVE
CVE
added yesterday10 views

CVE-2026-44795

CVE-2026-44795 affects Spinnaker (Cloud deployments/baking paths) where unsafe YAML processing bypasses safe deserialization via a non-safe constructor, enabling arbitrary Java class loading and remote code execution. Affected versions precede fixed releases and include 2026.1.0, 2026.0.3, 2025.4...

8.8CVSS6.3AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-59868

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU ti...

7.5CVSS6AI score0.00291EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-59870

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS5.9AI score0.00291EPSS
Exploits1References6
CVE
CVE
added 2 days ago14 views

CVE-2026-47826

The CVE-2026-47826 issue affects the BOSH CLI tool, specifically a blobs.yml path traversal flaw that enables an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions are all prior to v7.10.4. The vulnerability stems from how blobs.yml paths are resolved, enabl...

8.8CVSS7.3AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS0.00291EPSS
Exploits1References3
NVD
NVD
added 3 days ago8 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0035EPSS
Exploits0References5
Debian CVE
Debian CVE
added 3 days ago4 views

CVE-2026-59868

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS6.5AI score0.00291EPSS
Exploits0
CVE
CVE
added 3 days ago7 views

CVE-2026-59868

Affected software : js-yaml (JavaScript YAML parser/dumper). Vulnerability : from 5.0.0 up to, but not including, 5.2.0, enabling merge keys can cause quadratic CPU time on parsing a document, when a chain of mappings uses merge keys where each mapping merges the previous one. Impact : consumes e...

5.3CVSS6AI score0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-59868 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS0.00291EPSS
Exploits0References3
Debian CVE
Debian CVE
added 3 days ago4 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS6AI score0.0035EPSS
Exploits0
CVE
CVE
added 3 days ago8 views

CVE-2026-59869

js-yaml (JavaScript YAML parser) is affected by a resource-consumption issue in merge-key chains that can cause quadratic CPU time as documents grow linearly. Affected versions are 3.0.0–3.14.x and 4.0.0–4.2.x; the issue is fixed in 3.15.0 and 4.3.0. Impact is described as high availability (A:H)...

7.5CVSS6AI score0.0035EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0035EPSS
Exploits0References5
CVE
CVE
added 3 days ago8 views

CVE-2026-59870

CVE-2026-59870 affects js-yaml prior to 5.2.1. The YAML11_SCHEMA’s handling of the !!omap tag in omap.ts performs a linear duplicate-key scan on each insertion, causing O(n^2) CPU usage when yaml.load() parses crafted ordered-map documents. Red Hat and NVD entries confirm this results in CPU-inte...

7.5CVSS6AI score0.00291EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42300

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

5.3CVSS6AI score0.00291EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-56490

Name of the Vulnerable Software and Affected Versions js-yaml versions 3.0.0 through 3.14.x js-yaml versions 4.0.0 through 4.2.x Description js-yaml can consume quadratic CPU time when parsing a document that grows linearly in size. This occurs when a chain of mappings utilizes merge keys, where...

7.5CVSS6AI score0.0035EPSS
Exploits0References9
NVD
NVD
added 4 days ago10 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS0.00195EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-42201

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder