Lucene search
K

101 matches found

OSV
OSV
added 2026/01/28 6:51 p.m.6 views

CVE-2025-68659 Discourse has DoS vulnerability in username change endpoint

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2026/01/08 3:15 p.m.5 views

CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

9.2CVSS0.00227EPSS
Exploits1References1
CVE
CVE
added 2026/01/08 2:16 p.m.70 views

CVE-2026-22028

CVE-2026-22028 affects Preact where a regression in 10.26.5 weakened JSON serialization protection, allowing JSON payloads to be mis-parsed as valid VNodes and potentially leading to HTML injection and script execution if CSP or other mitigations are not in place. Affected versions include 10.26....

9.2CVSS6.3AI score0.00227EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/10/28 11:51 a.m.5 views

BIT-VAULT-2025-12044 Vault Vulnerable to Denial of Service Due to Rate Limit Regression

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS6.5AI score0.00517EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 12:15 a.m.6 views

CVE-2025-11447

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

7.5CVSS0.00773EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/27 12:5 a.m.3 views

CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...

7.5CVSS6.5AI score0.00773EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/10/27 12:5 a.m.7 views

CVE-2025-11447

Removed by vendor...

7.5CVSS7.5AI score0.00773EPSS
Exploits0
Snyk
Snyk
added 2025/10/23 9:31 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/http is an a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate limits. An attacker can cause service disruption by...

8.7CVSS6.7AI score0.00697EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/23 9:31 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/command is a tool for secrets management, encryption as a service, and privileged access management. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate...

8.7CVSS6.9AI score0.00697EPSS
Exploits0References2
OSV
OSV
added 2025/10/23 9:31 p.m.4 views

GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS6.8AI score0.00517EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/23 9:31 p.m.13 views

Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS6.8AI score0.00517EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/10/23 8:15 p.m.7 views

CVE-2025-12044

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS0.00517EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/23 7:15 p.m.2 views

CVE-2025-12044 Vault Vulnerable to Denial of Service Due to Rate Limit Regression

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS6.4AI score0.00517EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

HashiCorp Vault Enterprise 安全漏洞

HashiCorp Vault Enterprise is an enterprise information archiving platform from HashiCorp, Inc. in the United States. A security vulnerability exists in HashiCorp Vault Enterprise that stems from not applying rate limiting when processing JSON payloads, which could lead to a denial of service...

7.5CVSS8.8AI score0.00517EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-10128

Malware in sbrugna...

7.5CVSS7.4AI score0.00961EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-10094

Malware in sbrugna...

7.5CVSS7.5AI score0.00961EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7331

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.44708EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2022-45038

Malicious code in bioql PyPI...

10CVSS9.1AI score0.01601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.3 views

PT-2025-36648

HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault...

7.5CVSS6.9AI score0.00697EPSS
Exploits0References6
OSV
OSV
added 2025/05/30 1:48 p.m.5 views

OESA-2025-1562 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

7.5CVSS6.6AI score0.00586EPSS
Exploits1References2
Rows per page
Query Builder