Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-53433 1 Fzf 1 Fzf 2026-07-01 7.5 High
fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessive CPU usage during request handling.This allows a single malicious request to monopolize the single‑threaded HTTP server, blocking all other clients and resulting in denial of service. This issue was fixed in version 0.73.1.
CVE-2026-23955 2 Everest, Linuxfoundation 2 Everest-core, Everest 2026-04-18 4.2 Medium
EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be used by malicious operator to read unintended memory regions, including the heap and the stack. Version 2025.9.0 fixes the issue.
CVE-2025-61724 1 Golang 2 Go, Net 2026-01-29 5.3 Medium
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.