Lucene search
K

38423 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 8:6 p.m.1 views

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

6.5CVSS6.3AI score0.00582EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/03/26 8:6 p.m.2 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:52 p.m.10 views

CVE-2026-33535

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue...

4CVSS5.8AI score0.00141EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 7:52 p.m.24 views

CVE-2026-33535 ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue...

4CVSS0.00141EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 7:52 p.m.53 views

CVE-2026-33535

CVE-2026-33535 affects ImageMagick. The issue is an out-of-bounds write of a zero byte in the X11 display interaction path, leading to a crash. Affected releases include pre-patch versions 7.1.2-17/7.1.2-18? and 6.9.13-42/6.9.13-43 according to sources; the advisory notes that versions 7.1.2-18 a...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/26 7:50 p.m.6 views

vantuz (>=3.3.2 <=3.3.7) potentially affected by unknown CVE via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: unknown CVE Source advisory: OSV:GHSA-48VW-M3QC-WR99...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/26 7:17 p.m.2 views

CVE-2026-4923

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

5.9CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 7:17 p.m.3 views

DEBIAN-CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.3AI score0.00791EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/26 7:17 p.m.2 views

CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 7:17 p.m.5 views

UBUNTU-CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.8AI score0.00791EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/26 7:7 p.m.23 views

CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS0.00513EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 7:7 p.m.29 views

CVE-2026-33152

Summary: Tandoor Recipes before 2.6.0 configures Django REST Framework with BasicAuthentication as a default, while rate limiting (ACCOUNT_RATE_LIMITS: login: 5/m/ip) applies only to the HTML login endpoint at /accounts/login/. This means any API endpoint that accepts authenticated requests can b...

9.1CVSS5.8AI score0.00513EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 7:7 p.m.4 views

CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS5.8AI score0.00513EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:4 p.m.2 views

CVE-2026-33148

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC USDA FoodData Central search endpoint constructs an upstream API URL by directly interpolating the user-supplied query parameter into the URL string without...

6.5CVSS5.8AI score0.00467EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/26 7:3 p.m.7 views

CVE-2026-29055

CVE-2026-29055 affects Tandoor Recipes: in versions prior to 2.6.0, the image processing pipeline did not strip EXIF data, rescale, or validate sizes for WebP and GIF uploads, allowing sensitive EXIF metadata (GPS coordinates, camera model, timestamps, software) to be stored and served to all vie...

5.3CVSS5.9AI score0.00306EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 6:59 p.m.24 views

CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS0.00791EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/26 6:49 p.m.37 views

Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Summary A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of CONTINUATION frames, combined with a bypass of existing size-based mitigations using zero-byte frames, allows an user to...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 6:29 p.m.9 views

brace-expansion: Zero-step sequence causes process hang and memory exhaustion

Impact A brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. The loop in question:...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References12Affected Software1
Snyk
Snyk
added 2026/03/26 6:29 p.m.3 views

Infinite loop

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Infinite loop through the expand function when processing a brace pattern with a zero step value. An attacker can cause the process to hang and exhaust system memory by supplyin...

7.1CVSS5.9AI score0.0043EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 6:29 p.m.2 views

GHSA-F886-M6HF-6M8V brace-expansion: Zero-step sequence causes process hang and memory exhaustion

Impact A brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. The loop in question:...

6.5CVSS5.9AI score0.0043EPSS
Exploits0References12
Rows per page
Query Builder