Lucene search
K

5672 matches found

NVD
NVD
added 2026/02/12 7:15 p.m.19 views

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS0.00366EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/12 3:28 p.m.20 views

webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule

Summary An attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation does not enforce the draft-mandated limit of 1024 bytes on this field, allowing ...

7.5CVSS6.1AI score0.00413EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/12 8:45 a.m.10 views

BIT-NGINX-INGRESS-CONTROLLER-2026-24514 ingress-nginx Admission Controller denial of service

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...

6.5CVSS5.6AI score0.0046EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/02/12 12:38 a.m.5 views

SUSE CVE-2025-14831

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.4AI score0.00638EPSS
Exploits1References15
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.8 views

webtransport-go 安全漏洞

webtransport-go is an open-source Go language library developed by quic-go. Versions of webtransport-go prior to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the failure to remove closed streams from the internal session mapping, which could lead to unlimited memo...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/11 9:57 a.m.13 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2026-24513, CVE-2026-1580, CVE-2026-24514, CVE-2026-24512)

Summary IBM Cloud Kubernetes Service is affected by multiple Kubernetes Ingress Controller security vulnerabilities. - A user with access to create or update Ingress objects can use the rules.http.paths.path Ingress field to inject configuration into nginx CVE-2026-24512 - The...

8.8CVSS5.6AI score0.00501EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/09 2:51 p.m.7 views

CVE-2025-14831

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.4AI score0.00638EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/02/09 2:38 a.m.2 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability that stems from excessive CPU and memory consumption when processing specially crafted malicious certificates, whi...

5.3CVSS7.1AI score0.00638EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.15 views

SUSE CVE-2026-24514

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...

6.5CVSS5.4AI score0.0046EPSS
Exploits1References3
OSV
OSV
added 2026/02/06 12:41 a.m.26 views

CLEANSTART-2026-WK88787 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS8.1AI score0.0056EPSS
Exploits1References18
Veracode
Veracode
added 2026/02/05 9:30 a.m.6 views

Denial-of-Service (DoS)

llamaindex.core is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to uncontrolled memory consumption in SimpleDirectoryReader, where all files in a directory are loaded into memory before enforcing the numfileslimit, allowing large directories to exhaust memory and degrade or cra...

5.3CVSS5.5AI score0.0037EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.2 views

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3155 (ALAS-2026-3155)

The version of nerdctl installed on the remote host is prior to 2.2.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3155 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program ...

5.3CVSS6.8AI score0.00533EPSS
Exploits0References6
CNVD
CNVD
added 2026/02/05 12:0 a.m.9 views

Google Go Denial of Service Vulnerability (CNVD-2026-10649)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from an unrestricted number of query parameters, which can be exploited by an attacker to cause excessive memory...

7.5CVSS5.7AI score0.01945EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.1 views

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1400)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1400 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

5.3CVSS6.7AI score0.00533EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:7 p.m.4 views

CVE-2025-1823

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources...

3.5CVSS5.6AI score0.00216EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/04 9:7 p.m.10 views

CVE-2025-1823

IBM Jazz Reporting Service (Lifecycle Query Engine) contains CVE-2025-1823: an authenticated user with host-network access can trigger a denial of service by sending a specially crafted SQL query that consumes excessive memory. Affected versions are IBM Jazz Reporting Service 7.1 and 7.0.3 (7.1iF...

3.5CVSS5.6AI score0.00216EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/04 8:16 p.m.20 views

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

7.5CVSS0.00478EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.7 views

IBM Jazz Reporting Service 安全漏洞

The IBM Jazz Reporting Service JRS is a ready-to-use reporting component developed by the American multinational company IBM. This product includes functions such as report generation, data collection, and lifecycle queries. There is a security vulnerability in the IBM Jazz Reporting Service, whi...

3.5CVSS5.8AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

Melon 安全漏洞

Melon is a C-language code library developed by Niklaus Schen. Versions of Melon prior to 9df9292 contained security vulnerabilities. These vulnerabilities stemmed from the lack of a maximum length limit in the HTTP component, which could lead to denial-of-service attacks by consuming memory...

7.5CVSS5.9AI score0.00478EPSS
Exploits1References3
Rows per page
Query Builder