Lucene search
K

3463 matches found

NVD
NVD
added 2026/04/06 3:17 p.m.3 views

CVE-2026-31063

UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

4.5CVSS0.00235EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 12:0 a.m.16 views

CVE-2026-31065

CVE-2026-31065 affects UTT Aggressive 520W, v3v1.7.7-180627. A buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function is described, enabling a crafted input to cause a Denial of Service (DoS). No further exploit details or patch/version remediation are provided i...

4.5CVSS6.2AI score0.00229EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/04/02 4:45 p.m.24 views

CVE-2026-34826

CVE-2026-34826 affects Rack prior to 2.2.23, 3.1.21, and 3.2.6. Rack::Utils.get_byte_ranges does not cap the number of individual byte ranges in the HTTP Range header, allowing an attacker to send many small overlapping ranges that trigger disproportionate CPU, memory, I/O, and bandwidth usage in...

7.5CVSS6.5AI score0.0038EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/27 7:55 p.m.10 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS8.4AI score0.01125EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2026:1058-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1058-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to 'MadeYouReset' DoS attack bsc1243895. -...

10CVSS7.1AI score0.99999EPSS
Exploits107References94
Cvelist
Cvelist
added 2026/03/26 1:24 p.m.23 views

CVE-2018-25215 Excel Password Recovery Professional 8.2.0.0 Local Buffer Overflow DoS

Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data...

6.8CVSS0.00176EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/03/26 9:46 a.m.3 views

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...

10CVSS7AI score0.99999EPSS
Exploits107References100
Cvelist
Cvelist
added 2026/03/25 4:24 p.m.27 views

CVE-2026-26233 Denial of Service via HTTP/2 single packet attack on login endpoint

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

4.3CVSS0.00305EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:2 p.m.83 views

CVE-2026-20086

Cisco IOS XE Wireless Controller Software (Catalyst CW9800 Family) is affected by a DoS vulnerability in CAPWAP packet processing. An unauthenticated, remote attacker can send a malformed CAPWAP packet to trigger an unexpected device reload, resulting in service disruption. Root cause: improper h...

8.6CVSS5.9AI score0.00354EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 12:30 p.m.1 views

OPENSUSE-SU-2026:20413-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/24 11:27 a.m.21 views

CVE-2019-25642 Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the threadid parameter of forum-thread.php, the subject parameter of...

8.8CVSS0.00267EPSS
Exploits0References3
Rosalinux
Rosalinux
added 2026/03/22 8:49 p.m.4 views

Advisory ROSA-SA-2026-3230

software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.4 affected versions avahi-0.8-12.git35bb1b.4 CVE-ID: CVE-2025-68276 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Avahi mDNS/DNS-SD. An unprivileged local user can cause an avahi-daemon DoS crash by...

6.5CVSS6.8AI score0.00331EPSS
Exploits0
OSV
OSV
added 2026/03/20 2:43 a.m.6 views

CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

7.1CVSS6.3AI score0.00404EPSS
Exploits0References6
NVD
NVD
added 2026/03/18 8:16 a.m.8 views

CVE-2026-22319

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack...

4.9CVSS0.00339EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-30922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursio...

7.5CVSS6.8AI score0.00679EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/17 6:31 a.m.5 views

EUVD-2026-12534

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/16 5:33 p.m.2 views

SUSE CVE-2025-61154

Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service DoS via the function decompressR2004section at decode.c...

6.5CVSS6AI score0.00218EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: pcs (UTSA-2026-006185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006185 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...

7.5CVSS5.9AI score0.00667EPSS
Exploits0References4
OSV
OSV
added 2026/03/13 7:47 p.m.6 views

CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/12 4:45 p.m.23 views

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS0.00606EPSS
Exploits0References1
Rows per page
Query Builder