Lucene search
+L
VulnrichmentRecent

163890 matches found

Vulnrichment
Vulnrichment
•added 2026/06/11 5:2 a.m.•11 views

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/11 2:25 a.m.•12 views

CVE-2026-35273

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Updates Environment Management. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

9.8CVSS5.5AI score0.9233EPSS
Exploits3References1
Vulnrichment
Vulnrichment
•added 2026/06/11 1:27 a.m.•9 views

CVE-2026-2827 Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification'

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oumlocationnotification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

4.7CVSS5.7AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/11 12:0 a.m.•10 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

6.3AI score0.00329EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2026/06/10 10:29 p.m.•7 views

CVE-2026-47342 Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue...

5.2AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 10:23 p.m.•8 views

CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

4.3CVSS5.4AI score0.00279EPSS
Exploits1References4
Vulnrichment
Vulnrichment
•added 2026/06/10 10:23 p.m.•9 views

CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

5.5AI score0.00657EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 10:20 p.m.•11 views

CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS5.6AI score0.00289EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/10 10:20 p.m.•9 views

CVE-2026-46703 BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...

9.6CVSS6.3AI score0.00482EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/10 10:20 p.m.•8 views

CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/10 10:15 p.m.•8 views

CVE-2026-42568 Yamcs Vulnerable to LDAP Injection in LdapAuthModule

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...

4.3CVSS5.4AI score0.01027EPSS
Exploits3References3
Vulnrichment
Vulnrichment
•added 2026/06/10 10:13 p.m.•8 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/10 10:11 p.m.•9 views

CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS5.4AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/10 10:11 p.m.•10 views

CVE-2026-47734 Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

5.7CVSS5.4AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/10 10:7 p.m.•9 views

CVE-2026-53465 ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25...

6.2CVSS5.6AI score0.00112EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 10:7 p.m.•8 views

CVE-2026-53464 ImageMagick: Memory Leak in wand option parser when providing invalid arguments

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25...

4CVSS5.3AI score0.0011EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 10:5 p.m.•9 views

CVE-2026-53463 ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25...

4.3CVSS5.4AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 10:4 p.m.•8 views

CVE-2026-53462 ImageMagick: Use-After-Free when allocation in CheckPrimitiveExtent fails

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-...

5.9CVSS5.3AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 10:3 p.m.•9 views

CVE-2026-53461 ImageMagick: Out-of-bounds write in ICON decoder due to incorrect loop

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and...

7.5CVSS5.4AI score0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 10:2 p.m.•8 views

CVE-2026-53460 ImageMagick: Policy Bypass can trigger out-of-Memory condition

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 a...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 10:1 p.m.•10 views

CVE-2026-47712 Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/10 10:0 p.m.•11 views

CVE-2026-49219 ImageMagick: Policy Bypass can read disallowed files

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

5.5CVSS5.4AI score0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:59 p.m.•7 views

CVE-2026-49218 ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:58 p.m.•7 views

CVE-2026-48994 ImageMagick: Heap Buffer Over-Write in MAT decoder on 32-bit systems

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48...

5.9CVSS5.6AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:55 p.m.•9 views

CVE-2026-48734 ImageMagick: Stack Overflow in MVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

5.5CVSS5.4AI score0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:55 p.m.•8 views

CVE-2026-42305 Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...

8.8CVSS6.5AI score0.00635EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/10 9:54 p.m.•10 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:53 p.m.•10 views

CVE-2026-48733 ImageMagick: Infinite Loop in subimage-search with crafted image

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

4.7CVSS5.4AI score0.00092EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:52 p.m.•9 views

CVE-2026-48724 ImageMagick: Heap Buffer Underwrite in Floyd-Steinberg depth dithering

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24...

5.5CVSS5.6AI score0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:51 p.m.•9 views

CVE-2026-47166 ImageMagick: Heap Buffer Over-Read in distributed pixel cache server

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versio...

5.7CVSS5.6AI score0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:50 p.m.•7 views

CVE-2026-47165 ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...

4.1CVSS5.4AI score0.00109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:47 p.m.•8 views

CVE-2026-46693 ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue ha...

4.1CVSS5.3AI score0.00077EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:47 p.m.•9 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/10 9:46 p.m.•10 views

CVE-2026-46692 ImageMagick: Heap Buffer Over-Write in distributed pixel cache server

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in...

4.1CVSS5.5AI score0.00092EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:45 p.m.•8 views

CVE-2026-46559 ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

4CVSS5.5AI score0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:44 p.m.•4 views

CVE-2026-46557 ImageMagick: Stack overflow in fx operation

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:40 p.m.•8 views

CVE-2026-46521 ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

5.5CVSS5.3AI score0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:31 p.m.•9 views

CVE-2026-46520 ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23...

7.5CVSS5.3AI score0.00441EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:30 p.m.•8 views

CVE-2026-45664 ImageMagick: Policy Bypass in MNG coder could

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...

5.3CVSS5.3AI score0.00441EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:30 p.m.•9 views

CVE-2026-46522 ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the iss...

7.5CVSS5.4AI score0.01849EPSS
Exploits4References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:29 p.m.•5 views

CVE-2026-45624 ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in...

5.1CVSS5.7AI score0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:26 p.m.•9 views

CVE-2026-45359 ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...

5.7CVSS5.5AI score0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:26 p.m.•11 views

CVE-2026-45358 ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47...

5.3CVSS5.3AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:25 p.m.•9 views

CVE-2026-42326 ImageMagick: Heap Buffer Over-Read in IPTC encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 an...

5.1CVSS5.3AI score0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:25 p.m.•10 views

CVE-2026-45031 ImageMagick: Policy Bypass in PSD decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would...

5.3CVSS5.3AI score0.00495EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:22 p.m.•9 views

CVE-2026-2049 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.7AI score0.00615EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/10 9:22 p.m.•16 views

CVE-2026-46523 ImageMagick: Use-After-Free in MSL decoder.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...

6.2CVSS5.8AI score0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:18 p.m.•8 views

CVE-2026-46625 JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.4AI score0.00432EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/10 9:9 p.m.•8 views

CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/10 9:8 p.m.•10 views

CVE-2026-46679 libp2p: Memory DoS via subscription flood of unique topics

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References1
Total number of security vulnerabilities163890