443 matches found
EUVD-2024-43140
Malicious code in bioql PyPI...
CVE-2025-20370
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...
Finance.js vulnerable to DoS via the IRR function’s depth parameter
Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...
CVE-2025-56571
Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...
PT-2025-40000
Name of the Vulnerable Software and Affected Versions Finance.js versions 4.1.0 Description A flaw exists in Finance.js version 4.1.0 that can lead to a Denial of Service DoS. This occurs due to improper handling of recursion/iteration limits within the IRR function’s depth parameter, potentially...
Grafana-Zabbix ReDoS vulnerability
Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...
CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
Linux Distros Unpatched Vulnerability : CVE-2022-3639
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all...
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...
CVE-2025-6203 Vault unauthenticated denial of service through complex json payload
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...
Linux Distros Unpatched Vulnerability : CVE-2022-3283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.bowergithub.parallax:jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...
Linux Distros Unpatched Vulnerability : CVE-2020-13333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which...
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser
Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...
Regular Expression Denial Of Service (ReDoS)
fastapi-guard is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regex pattern matching due to use of poorly optimized regular expressions that cause polynomial-time backtracking on crafted inputs, leading to high CPU usage and service...
Regular Expression Denial Of Service (ReDoS)
com.powsybl, powsybl-commons is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex handling causing excessive backtracking, which allows an attacker to trigger high CPU usage and potentially crash or slow down the system...
Amazon Linux 2 : jetty (ALAS-2025-2871)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2871 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Tenable has extracted the precedin...
CVE-2023-36810
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of t...
CVE-2022-1100
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user...