514976 matches found
CVE-2026-56151
Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...
CVE-2026-56150
Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...
CVE-2026-54399
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
CVE-2026-56148
Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...
CVE-2026-49087
Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...
CVE-2026-20244
A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...
CVE-2026-20217
A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in...
CVE-2026-20215
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...
CVE-2026-20216
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...
CVE-2026-20214
A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG...
CVE-2026-49090
Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...
CVE-2026-54428
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...
CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
CVE-2026-54399
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
EUVD-2026-41094
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
CVE-2026-49087
Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...
EUVD-2026-41088
Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...
CVE-2026-20243
A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ...
EUVD-2026-41086
A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ...
CVE-2026-56151 Improper Input Validation in Kibana Leading to Denial of Service
Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...