3462 matches found
CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...
CVE-2026-28395
OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl...
CVE-2026-29074
CVE-2026-29074 affects SVGO (SVG Optimizer), a Node.js library/CLI for optimizing SVGs. Versions 2.1.0–before 2.8.1, 3.0.0–before 3.3.3, and before 4.0.1 accept XML with custom entities without guards against entity expansion/recursion, enabling DoS via entity expansion that can stall or crash th...
Cisco Nexus 3600 9500-R Series Switching Platforms Layer 2 Loop DoS (cisco-sa-nxos-ether-dos-Kv8YNWZ4)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability with the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated,...
RHEL 10 : grafana (RHSA-2026:3831)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3831 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509:...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
PT-2026-23024
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: brotli (UTSA-2026-005387)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005387 advisory. Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...
CVE-2026-1876 Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series Ethernet module
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition on the products by continuously sending UDP packets to the products. A...
Security update 5.1.2 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Backported security patches for Salt vendored tornado: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header paramete...
SUSE-SU-2026:0623-1 Security update for python-tornado
This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. - CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904...
Linux Distros Unpatched Vulnerability : CVE-2025-14905
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This...
CLSA-2026-1771248733 Fix CVE(s): CVE-2025-68618, CVE-2025-69204
SECURITY UPDATE: Malicious SVG file resulted in a DoS attack - debian/patches/CVE-2025-68618.patch: fix DOS when processing a specially crafted malicious SVG file - CVE-2025-68618 SECURITY UPDATE: WriteSVGImage function, using an int variable to store numberattributes caused an integer overflow a...
CVE-2025-1924
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...
CVE-2025-54147
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
PT-2026-7545
Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A flaw exists in Qsync Central that, if exploited by a remote attacker with a user account, could lead to a denial-of-service DoS attack. The issue is a NULL pointer dereference...
CVE-2026-0958
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...
Important: Red Hat Security Advisory: brotli security update
An update for brotli is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.13 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16480)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16480 advisory. - Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30....