CVE-2026-60081
DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocat
CVSS
7.5
Alto
EPSS
0.6%
p46
KEV
—
Exploit Today
14
0-100
Publicado: 14 jul 2026 · Última mod.: 15 jul 2026 · CWE-770
0.2%EPSS · 30 días0.6%
2026-07-152026-07-17
DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.
- github.comhttps://github.com/perl5-dbi/dbi/commit/6764e755e83ee1ebb1b40760e5b53eb50960bd7a.patch
- github.comhttps://github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4
- metacpan.orghttps://metacpan.org/release/HMBRAND/DBI-1.651/changes
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2026/07/14/14
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-217107.5 ALT97.8%
——29A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.
When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.
* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**3dCVE-2026-261307.5 ALT85.0%
——25Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.3dCVE-2026-489337.5 ALT84.9%
——25A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.2dCVE-2026-455917.5 ALT82.4%
——25Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.3dCVE-2021-366307.5 ALT80.5%
——24DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.9dCVE-2025-97847.5 ALT80.3%
——24A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).18d