8 matches found
CVE-2026-26076
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
authentik 授权问题漏洞
Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.10.4 and 2025.12.4 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the possibility of bypassing authentication when using malformed...
CVE-2026-25577 Emmett has an Unhandled CookieError Exception Causing Denial of Service
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause...
CVE-2026-25577 Emmett has an Unhandled CookieError Exception Causing Denial of Service
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause...
GHSA-X6CR-MQ53-CC76 Emmett-Core: Unhandled CookieError Exception Causing Denial of Service
Summary The cookies property in emmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. Details Location: emmettcore/http/wrappers/init.py line 64...
PT-2026-7320
Name of the Vulnerable Software and Affected Versions Emmett versions prior to 1.3.11 Description The cookies property in emmett core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 error...
mod_auth_openidc: DoS when using `OIDCSessionType client-cookie` and manipulating cookies
A flaw was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. Missing input validation in the modauthopenidcsessionchunks cookie value can make the server vulnerable to a denial of service attack. This issue may allow a remote attacke...
NULL Pointer Dereference
Overview Selenium.WebDriver is a .NET bindings for the Selenium WebDriver API Affected versions of this package are vulnerable to NULL Pointer Dereference due to an insufficient check on CookieWndProc function. An attacker can cause the application to crash by sending specially crafted data that...