Total
1802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0241 | 1 Diaconou | 1 Encodedid\ | 2026-05-14 | N/A | 7.5 HIGH |
| encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter. | |||||
| CVE-2026-33812 | 1 Golang | 1 Image | 2026-05-13 | N/A | 6.1 MEDIUM |
| Parsing a malicious font file can cause excessive memory allocation. | |||||
| CVE-2026-44577 | 1 Vercel | 1 Next.js | 2026-05-13 | N/A | 5.9 MEDIUM |
| Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /_next/image endpoint that match the images.localPatterns configuration (by default, all patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5. | |||||
| CVE-2026-40863 | 1 Phpoffice | 1 Phpspreadsheet | 2026-05-13 | N/A | 7.5 HIGH |
| PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader (Reader\Xml) does not validate the ss:Index row attribute against the maximum allowed row count (AddressRange::MAX_ROW = 1,048,576). An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a <Row> element, which inflates the internal cachedHighestRow to ~1 billion. Any subsequent call to getRowIterator() without an explicit end row will attempt to iterate ~1 billion rows, causing CPU exhaustion and denial of service. This vulnerability is fixed in 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0. | |||||
| CVE-2026-44219 | 2026-05-13 | N/A | 3.7 LOW | ||
| ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py) call payload = json.loads(resp.read().decode('utf-8')) without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev (or a successful TLS MITM) could return a multi-GB response, exhausting the ciguard process's memory. This vulnerability is fixed in 0.8.2. | |||||
| CVE-2026-41227 | 2026-05-13 | N/A | 7.5 HIGH | ||
| On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2026-40423 | 2026-05-13 | N/A | 7.5 HIGH | ||
| When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2026-40629 | 2026-05-13 | N/A | 7.5 HIGH | ||
| When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2026-44931 | 2026-05-13 | N/A | N/A | ||
| The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd | |||||
| CVE-2026-39820 | 1 Golang | 1 Go | 2026-05-13 | N/A | 7.5 HIGH |
| Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. | |||||
| CVE-2017-5835 | 1 Libimobiledevice | 1 Libplist | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | |||||
| CVE-2017-9039 | 1 Gnu | 1 Binutils | 2026-05-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. | |||||
| CVE-2017-1227 | 1 Ibm | 1 Bigfix Platform | 2026-05-13 | 7.8 HIGH | 7.5 HIGH |
| IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906. | |||||
| CVE-2017-5850 | 1 Openbsd | 1 Openbsd | 2026-05-13 | 7.8 HIGH | 7.5 HIGH |
| httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. | |||||
| CVE-2017-12432 | 1 Imagemagick | 1 Imagemagick | 2026-05-13 | 7.1 HIGH | 6.5 MEDIUM |
| In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-0771 | 1 Google | 1 Android | 2026-05-13 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243. | |||||
| CVE-2017-0725 | 1 Google | 1 Android | 2026-05-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194. | |||||
| CVE-2017-12875 | 1 Imagemagick | 1 Imagemagick | 2026-05-13 | 7.1 HIGH | 6.5 MEDIUM |
| The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. | |||||
| CVE-2017-6713 | 1 Cisco | 1 Elastic Services Controller | 2026-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627. | |||||
| CVE-2017-12563 | 1 Imagemagick | 1 Imagemagick | 2026-05-13 | 7.1 HIGH | 6.5 MEDIUM |
| In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. | |||||