7682 matches found
CVE-2026-50525
A flaw was found in .NET where uncontrolled allocation of resources can lead to a Denial of Service DoS. An unauthorized remote attacker could exploit this vulnerability by continuously requesting resources without limits or throttling, causing the affected system to become unresponsive or crash...
EUVD-2026-45108
OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...
The vulnerability of the NGINX Plus and NGINX Open Source HTTP-server directives allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of the NGINX Plus and NGINX Open Source HTTP-server directives is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by sending a specially crafted HTTP request...
PT-2026-60781
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...
CVE-2026-57896
An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product...
CVE-2026-57896
The CVE-2026-57896 relates to an out-of-bounds read in AutomationDirect Productivity Suite exploitable via a crafted IOCTL request from a local attacker, potentially causing kernel memory corruption with information disclosure and disruption. Affected component/behavior is the Productivity Suite’...
CVE-2026-57896
An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product...
EUVD-2026-45035
An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product...
Vulnerability of the DOM component: Core and HTML browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird, allowing attackers to cause service failures.
The vulnerability of the DOM component: The Core and HTML browsers of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable because they allow memory to be used after it is released. Exploiting this vulnerability could enable a malicious actor to cause service interruption...
CVE-2026-15685
A flaw was found in Ollama. This vulnerability allows remote attackers to create a denial-of-service DoS condition on affected installations. The issue occurs within the downloadBlob function due to improper validation of user-supplied data, which can lead to memory access beyond the bounds of an...
CVE-2026-49445
Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...
CVE-2026-49445
Cilium CVE-2026-49445 : When L7 is enabled, embedded or standalone Envoy creates a world-accessible admin.sock on cluster nodes, enabling a local attacker to access Envoy admin endpoints, potentially expose TLS secrets, disrupt traffic, or terminate Envoy. Affected are Cilium releases prior to 1....
CVE-2026-49445 Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access
Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...
CVE-2026-49445 Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access
Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...
CVE-2026-8919
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...
CVE-2026-8919
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...
CVE-2026-8919
CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...
The vulnerability of the Open Asset Import Library’s 3D model import library (Assimp) lies in buffer overflows in dynamic memory, allowing attackers to execute arbitrary code and cause system failures.
The vulnerability of the Open Asset Import Library Assimp, a library for importing 3D models, is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service interruptions...
Azure Active Directory Denial of Service Vulnerability
Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network...
CVE-2026-51537
A flaw was found in OpENer. An out-of-bounds read vulnerability exists in the Connection Manager when processing malformed ForwardOpen requests. A remote attacker can send a specially crafted Ethernet/IP ENIP frame with an insufficient Common Industrial Protocol CIP ForwardOpen/LargeForwardOpen...