64 matches found
CVE-2026-35225
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections...
CVE-2026-35227
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections...
CVE-2026-44579
Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...
CVE-2026-44579 Next.js: Denial of Service via connection exhaustion in applications using Cache Components
Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...
CVE-2026-44579 Next.js: Denial of Service via connection exhaustion in applications using Cache Components
Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...
PT-2026-39943
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections...
NPM: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
NPM: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components vulnerability discovered by ? in WordPress Npm next versions = 15.0.0, 15.5.16...
GHSA-MG66-MRH9-M8JX Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections ope...
CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory
Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...
CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory
Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...
Astra Linux - уязвимость в jetty9
Jetty is a Java-based web server and servlet engine. An HTTP/2 SSL connection that is established and becomes TCP congested may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the serve...
CVE-2026-31711 smb: server: fix active_num_conn leak on transport allocation failure
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix activenumconn leak on transport allocation failure Commit 77ffbcac4e56 "smb: server: fix leak of activenumconn in ksmbdtcpnewconnection" addressed the kthreadrun failure path. The earlier alloctransport == NULL...
CVE-2026-35225
Summary of CVE-2026-35225 (CODESYS EtherNet/IP adapter stack) : An unauthenticated remote attacker can exhaust all TCP connections, preventing legitimate clients from establishing new connections. Root cause cited in reports is improper timeout handling during connection management. Impact stated...
CVE-2026-35225 Improper timeout handling in CODESYS EtherNetIP
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections...
CVE-2026-40719
CVE-2026-40719 affects MaraDNS 3.5.0036, where the Deadwood component allows a remote attacker to exhaust connection slots by exploiting a zone whose authoritative nameserver address cannot be resolved. The issue impacts availability (CVE score 7.5, CVSS v3.1; network access, low complexity, no p...
CVE-2026-40719
Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved...
CVE-2021-47865
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...
EUVD-2026-3621
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...
ChatterBot resource management error vulnerability
ChatterBot is a machine learning dialogue engine developed by Gunther Cox, the individual developer of this chatbot creation tool. Versions of ChatterBot 1.2.10 and earlier contained a resource management vulnerability, which was caused by improper management of database sessions and connection...
CVE-2026-21874
NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation wh...