CVE-2026-49140

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...

CVE-2026-49140

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...

nanobot 安全漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained a security vulnerability. This vulnerability stemmed from a denial-of-service issue in the media download processing routine of the Matrix channel. It could allow...

CVE-2025-55268

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

CVE-2025-55268

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

CVE-2025-55268

CVE-2025-55268 pertains to HCL Aftermarket DPC and describes a spamming vulnerability that allows an actor to generate excessive spam, potentially consuming server bandwidth and processing resources and leading to a Denial of Service. The available sources identify the affected product and the ge...

CVE-2025-55268 HCL Aftermarket DPC is affected by Spamming Vulnerability

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS

Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...

Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2024:0732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0732-1 advisory. - A vulnerability in the privateDecrypt API of the crypto library, allowed a covert timing side-channel during PKCS1 v1.5 padding...

CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

UBUNTU-CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

Node.js: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A vulnerability in Node.js HTTP servers was discovered that allowed denial of service DoS attacks. By sending specially crafted HTTP requests with chunked encoding, an attacker could cause resource exhaustion on the server. The lack of limitations on chunk extension bytes enabled the server to re...

Prosodical Thoughts Prosody 授权问题漏洞

Prosodical Thoughts Prosody is a Prosodical Thoughts open source application . A modern XMPP communication server. A security vulnerability exists in Prosody prior to version 0.11.9. A remote attacker could exploit the vulnerability to use the server's bandwidth indefinitely...

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...

Threat Advisory - DTLS Amplification Distributed Denial of Service Attack on Citrix ADC and Citrix Gateway

Threat Information Citrix is aware of a DDoS attack pattern impacting Citrix ADCand Citrix Gateway. As part of this attack, an attacker or bots can overwhelm the Citrix ADCDTLS network throughput, potentially leading to outbound bandwidth exhaustion. The effect of this attack appears to be more...

Joyent Node.js and URONode Denial of Service Vulnerability

Joyent Node.js is a set of Joyent's web application platform built on top of Google V8 JavaScript engine. URONode is a wireless node for Linux systems. A denial of service vulnerability exists in Joyent Node.js version 0.3.2 and URONode versions prior to 1.0.5r3. A remote attacker could exploit...