Lucene search
+L

443 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-43140

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00593EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/02 10:45 p.m.16 views

CVE-2025-20370

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...

4.9CVSS6.6AI score0.00525EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/30 6:30 p.m.29 views

Finance.js vulnerable to DoS via the IRR function’s depth parameter

Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...

7.5CVSS6.9AI score0.00496EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/30 12:0 a.m.2 views

CVE-2025-56571

Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...

6.5AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.4 views

PT-2025-40000

Name of the Vulnerable Software and Affected Versions Finance.js versions 4.1.0 Description A flaw exists in Finance.js version 4.1.0 that can lead to a Denial of Service DoS. This occurs due to improper handling of recursion/iteration limits within the IRR function’s depth parameter, potentially...

7.5CVSS6.5AI score0.00496EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2025/09/19 12:30 p.m.21 views

Grafana-Zabbix ReDoS vulnerability

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

4.3CVSS6.8AI score0.00323EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/09/18 9:21 a.m.3 views

CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS6AI score0.00271EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-3639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all...

7.5CVSS7.2AI score0.00841EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/28 9:31 p.m.14 views

HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

7.5CVSS6.8AI score0.00697EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/08/28 7:36 p.m.57 views

CVE-2025-6203 Vault unauthenticated denial of service through complex json payload

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

7.5CVSS0.00697EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-3283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all...

7.5CVSS7.2AI score0.01349EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/26 4:19 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.bowergithub.parallax:jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application...

8.7CVSS7.1AI score0.00658EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/26 4:19 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...

8.7CVSS6.8AI score0.00658EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-13333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which...

4.3CVSS5.1AI score0.02112EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/07/18 8:39 p.m.46 views

@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...

7AI score
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/07/08 8:18 a.m.6 views

Regular Expression Denial Of Service (ReDoS)

fastapi-guard is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient regex pattern matching due to use of poorly optimized regular expressions that cause polynomial-time backtracking on crafted inputs, leading to high CPU usage and service...

7.5CVSS6.2AI score0.00422EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/06/24 12:26 a.m.8 views

Regular Expression Denial Of Service (ReDoS)

com.powsybl, powsybl-commons is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex handling causing excessive backtracking, which allows an attacker to trigger high CPU usage and potentially crash or slow down the system...

6.3CVSS7AI score0.0035EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.14 views

Amazon Linux 2 : jetty (ALAS-2025-2871)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2871 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Tenable has extracted the precedin...

7.8CVSS6.9AI score0.53861EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.5 views

CVE-2023-36810

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of t...

6.5CVSS6.6AI score0.00625EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.8 views

CVE-2022-1100

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user...

4.3CVSS6.4AI score0.00886EPSS
Exploits0References1
Rows per page
Query Builder