Lucene search
K

515526 matches found

NVD
NVD
added 1 hour ago2 views

CVE-2026-4249

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS
Exploits0References1
CVE
CVE
added 2 hours ago7 views

CVE-2026-4249

The CVE-2026-4249 affects multiple WSO2 products where the throttling event handling accepts unvalidated JSON payloads. The underlying issue is insufficient validation of the structure/content, enabling an unauthenticated remote attacker to inject malicious JSON that can cause a persistent denial...

8.6CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-4249 Denial of Service via Malicious JSON Payloads in Throttling Events in Multiple WSO2 Products Causing Persistent Service Disruption

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 hours ago4 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS7.5AI score0.00668EPSS
Exploits0References5
CVE
CVE
added 2 hours ago11 views

CVE-2026-44937

Summary: An unauthenticated webhook vulnerability in SUSE Rancher Fleet (versions prior to 0.15.2, 0.14 prior to 0.14.6, 0.13 prior to 0.13.11, 0.12 prior to 0.12.15) allows forging webhook requests via regex-based injection from unsanitized repository URL components, potentially enabling DoS or ...

8.3CVSS6AI score
Exploits0References1
CVE
CVE
added 3 hours ago4 views

CVE-2026-56810

CVE-2026-56810 affects mint: a memory-denial vulnerability in Mint.HTTP1.decode_body/5 where chunked HTTP response bodies are buffered in an unbounded data_buffer until the entire declared chunk length completes. The chunk size is parsed with no upper bound, enabling a remote attacker to send an ...

8.7CVSS6AI score
Exploits0References4
NVD
NVD
added 3 hours ago5 views

CVE-2026-9165

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS
Exploits0References2
CVE
CVE
added 3 hours ago3 views

CVE-2026-58226

CVE-2026-58226 affects the hpax component of elixir-mint. The vulnerability is in Elixir.HPAX.Types:decode_remaining_integer/3 , which decodes HPACK integers without an upper bound, allowing an unauthenticated attacker to trigger excessive CPU and transient memory via a small HTTP/2 header block....

8.7CVSS6.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 3 hours ago3 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS7AI score0.00805EPSS
Exploits0References10
EUVD
EUVD
added 4 hours ago6 views

EUVD-2026-41859

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS5.9AI score
Exploits0References2
CVE
CVE
added 4 hours ago7 views

CVE-2026-9165

Summary : A flaw in Red Hat Advanced Cluster Security for Kubernetes (RHACS) Central allows unbounded GraphQL query depth on the authenticated GraphQL API, enabling a token-authenticated user to issue deeply nested queries that exhaust resources and cause a denial of service to the management pla...

7.7CVSS5.9AI score
Exploits0References2
CVE
CVE
added 4 hours ago5 views

CVE-2026-24012

CVE-2026-24012 concerns Apache IoTDB: an Uncontrolled Resource Consumption vulnerability where an interface allows extremely large time ranges with minimal aggregation intervals, forcing a DataNode to build an enormous in-memory result set, exhausting Java heap and crashing the DataNode process. ...

6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 7 hours ago6 views

undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...

7.5CVSS5.9AI score0.00612EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 7 hours ago7 views

nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames

A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service...

7.5CVSS5.9AI score0.00656EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 7 hours ago5 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS5.9AI score0.02445EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 7 hours ago6 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS6AI score0.00287EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 7 hours ago2 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.6AI score0.00426EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 7 hours ago3 views

kernel: netfilter: flowtable: strictly check for maximum number of actions

A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...

7.8CVSS5.9AI score0.00141EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 7 hours ago2 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.2AI score0.004EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 7 hours ago3 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References5
Rows per page
Query Builder