261 matches found
CVE-2026-27460
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...
CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...
CVE-2026-27460
The vulnerability (CVE-2026-27460) affects Tandoor Recipes prior to version 2.6.5, in the recipe import functionality. An authenticated user can trigger a Denial of Service by uploading a large ZIP file (ZIP bomb), causing server crash or significant performance degradation. Impact is availabilit...
PT-2026-32018
Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.5 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to version 2.6.5, a Denial of Service DoS issue exists in the recipe import...
SUSE CVE-2026-33481
Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...
CVE-2026-3114 Zip Bomb Denial of Service via Unrestricted Archive Decompression
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to validate decompressed archive entry sizes during file extraction which allows authenticated users with file upload permissions to cause a denial of service via crafted zip archives containing highly...
PT-2026-26768
Name of the Vulnerable Software and Affected Versions Syft versions prior to 1.42.3 Description Syft did not properly remove temporary files if temporary storage became full during a scan. This occurred when unpacking archives, specifically with large or highly compressed archives. The issue caus...
file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry
Summary A crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. In affected versions, the ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a...
SUSE-SU-2026:0859-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed unicode processing of header values could...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...
SUSE-SU-2026:0858-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed unicode processing of header values could...
aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could...
aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could...
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...
CVE-2026-25962
MarkUs (web application for student submissions and grading) is vulnerable prior to version 2.9.4 due to zip extraction without size or entry-count limits. This can allow a DoS via crafted zip uploads (e.g., for configuration or submissions). The issue is patched in version 2.9.4. If exploiting, ...
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...
RHEL 10 / 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Important) (RHSA-2026:3958)
The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3958 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
GHSA-24P2-J2JR-386W psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps
Summary A security review of the psdtools.compression module conducted against the fix/invalid-rle-compression branch, commits 7490ffa–2a006f5 identified the following pre-existing issues. The two findings introduced and fixed by those commits Cython buffer overflow, IndexError on lone repeat...
GO-2026-4548 Sliver has Potential Zip Bomb Denial of Service in GzipEncoder in github.com/bishopfox/sliver
Sliver has Potential Zip Bomb Denial of Service in GzipEncoder in github.com/bishopfox/sliver...