GHSA-W7VC-732C-9M39 PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

!NOTE Practical impact depends on whether request body-size limits are enforced upstream proxy/web-server/framework. Deployments with typical body-size caps ≤2 MB bound the amplifier significantly; deployments accepting larger token inputs are more exposed. When verifying detached JWS tokens usin...

CVE-2026-44894

A flaw was found in Netty, specifically within the netty-codec-classes-quic component's NoQuicTokenHandler. A remote attacker can exploit this vulnerability by sending an Initial packet with any non-empty token bytes and a spoofed victim's IP address. This improper token validation causes the Net...

CVE-2026-44894 Netty's Default QUIC token handler accepts any client-supplied token

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

Improper Verification of Source of a Communication Channel

Overview Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel due to improper validation in the validateToken function. An attacker can cause the server to treat unvalidated client addresses as validated by supplying any non-empty token...

PT-2026-47605

Name of the Vulnerable Software and Affected Versions Netty ionettyincubatorcodecquic affected versions not specified Description The NoQuicTokenHandler component fails to properly validate tokens when no specific token handler is set by the application. Specifically, the validateToken function...

GHSA-3QPQ-R242-JQJ7 phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc Workarounds No. References...

EUVD-2026-25688

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation...

CVE-2026-42255

Technitium DNS Server shows a vulnerability in versions before 15.0: DNS traffic amplification via cyclic name server delegation. The CVE-2026-42255 entry documents this issue (CVSS v3.1 base score 7.2, HIGH) with network-attack potential and no user interaction. Affected component is the DNS ser...

PT-2026-31016

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.36.0 through 1.40.0 Description The OpenTelemetry-Go implementation is susceptible to a remote request amplification issue due to the way it handles multi-value baggage headers. Specifically, the extractMultiBaggage...

Fedora 44 : libmaxminddb (2026-814fe58971)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-814fe58971 advisory. libmaxminddb 1.13.1 - Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 - MMDBgetentrydatalist now validates that the claimed array/map size is...

USN-7047-1: libvirt vulnerabilities

It was discovered that libvirt parsed user-provided XML files before performing ACL checks. An attacker could possibly use this issue to cause libvirt to consume memory, resulting in a denial of service. CVE-2025-12748 It was discovered that libvirt incorrectly handled permissions on external...

GHSA-83JG-M2PM-4JXJ Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification

Summary A Server-Side Request Forgery SSRF vulnerability in Cowrie's emulated shell mode allows unauthenticated attackers to abuse the honeypot as an amplification vector for HTTP-based denial-of-service attacks against arbitrary third-party hosts. Details When Cowrie operates in emulated shell...

mDNS Service Amplification Attack (UDP) - Active Check

A publicly accessible service supporting the Multicast DNS mDNS protocol can be exploited to participate in a Distributed Denial of Service DDoS attack. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

EUVD-2018-10664

Malware in sbrugna...

EUVD-2022-4175

Malicious code in bioql PyPI...

EUVD-2021-34091

Malicious code in bioql PyPI...

EUVD-2024-37389

Malicious code in bioql PyPI...

EUVD-2022-46031

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-10995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found...

GO-2025-3743 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification in github.com/coredns/coredns

CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification in github.com/coredns/coredns...