Lucene search
K

276 matches found

RedhatCVE
RedhatCVE
added 2026/01/20 7:20 p.m.5 views

CVE-2025-69198

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

6.5CVSS5.6AI score0.00212EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/20 6:36 p.m.11 views

ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion

Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...

7.5CVSS5.7AI score0.00494EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2026/01/19 7:48 p.m.2 views

Missing Release of Resource after Effective Lifetime

Overview ChatterBot is a ChatterBot is a machine learning, conversational dialog engine Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the getresponse function. An attacker can cause persistent service unavailability by making concurre...

8.7CVSS5.6AI score0.00494EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/01/19 12:8 p.m.3 views

kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

A use-after-free vulnerability was found in the DWC3 USB controller driver in the Linux kernel. Multiple unsynchronized execution paths can invoke dwc3removerequests concurrently, leading to premature freeing of USB requests. When one path frees requests while another is still processing them, a...

5.9AI score0.00194EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.6 views

Pterodactyl Panel security vulnerabilities

Pterodactyl Panel is an open-source game server management panel developed by Pterodactyl. Versions of Pterodactyl Panel prior to 1.12.0 contained security vulnerabilities. These vulnerabilities stemmed from resource limit verification occurring early in the request cycle and failing to lock down...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 8:4 p.m.5 views

CVE-2026-23735

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

8.7CVSS5.4AI score0.00465EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/16 4:20 p.m.5 views

CVE-2021-47752

AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the...

8.7CVSS7.3AI score0.00491EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.27 views

CVE-2021-47752 AWebServer GhostBuilding 18 - Denial of Service (DoS)

AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the...

8.7CVSS0.00491EPSS
Exploits1References3
CVE
CVE
added 2026/01/15 3:52 p.m.20 views

CVE-2021-47752

CVE-2021-47752 affects AWebServer GhostBuilding 18. The vulnerability is a denial-of-service condition that allows remote attackers to overwhelm the server by issuing multiple concurrent HTTP requests, potentially targeting endpoints such as /mysqladmin and crashing or rendering the service unres...

8.7CVSS6.9AI score0.00491EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.5 views

Sylkat AWebServer GhostBuilding security vulnerability

Sylkat AWebServer GhostBuilding is a built-in website building assistant module from Sylkat Corporation. Version 18 of Sylkat AWebServer GhostBuilding contains a security vulnerability. This vulnerability arises from the possibility of overloading the server when multiple concurrent HTTP requests...

8.7CVSS5.8AI score0.00491EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:38 a.m.4 views

CVE-2026-21697

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS6.9AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 11:15 p.m.10 views

CVE-2026-21697

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS0.00363EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/07 10:55 p.m.2 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition via the Request function in the client.go file. An attacker can access or leak proxy configuration and potentially sensitive data by exploiting concurrent requests that mutate shared HTTP client properties without...

8.2CVSS6.8AI score0.00363EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/07 10:29 p.m.8 views

EUVD-2026-1381

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS6.4AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 10:29 p.m.22 views

CVE-2026-21697

CVE-2026-21697 affects the Go HTTP client library axios4go. Prior to version 0.6.4, a race condition mutates the shared default http.Client configuration during request execution without synchronization, directly altering Transport, Timeout, and CheckRedirect. This can enable leakage of proxy con...

8.2CVSS6.5AI score0.00363EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/07 10:29 p.m.2 views

CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS6.5AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2026/01/07 10:29 p.m.5 views

CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS6.6AI score0.00363EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-2093

Name of the Vulnerable Software and Affected Versions axios4go versions prior to 0.6.4 Description axios4go is a Go HTTP client library affected by a race condition in its shared HTTP client configuration. The global defaultClient is modified during request execution without proper synchronizatio...

8.2CVSS6.9AI score0.00363EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/12/18 5:29 a.m.4 views

CVE-2025-47350 Use After Free in DSP Service

Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application...

7.8CVSS6.7AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 11:4 p.m.6 views

CVE-2025-67505

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

8.4CVSS6.9AI score0.00185EPSS
Exploits0References1
Rows per page
Query Builder