Lucene search
K

84 matches found

CVE
CVE
added yesterday5 views

CVE-2026-15711

The CVE describes a vulnerability in libsoup’s WebSocket frame parsing. The flaw stems from failing to validate length rules for WebSocket control frames as specified in RFC 6455 §5.5, allowing an oversized control frame to be sent by a remote, unauthenticated attacker. The parser does not termin...

7.5CVSS6.1AI score
Exploits0References3
CVE
CVE
added 2026/07/01 9:17 p.m.15 views

CVE-2026-54712

OpenTelemetry Java Instrumentation prior to 2.27.0 is affected. The issue resides in the RMI context propagation payload reader, which limits the number of context entries but does not limit the aggregate size of strings read, allowing an attacker who can reach a network-reachable RMI endpoint to...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 9:19 a.m.6 views

CVE-2026-53209

A flaw was found in the Bluetooth subsystem of the Linux kernel, specifically within the hcisync component. This vulnerability occurs when the hciadvbcastannoucement function attempts to prepend Broadcast Announcement service data to an existing advertising payload that is already at its maximum...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 8:39 a.m.1 views

CVE-2026-53209 Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References9
CVE
CVE
added 2026/06/22 4:31 p.m.77 views

CVE-2026-42127

CVE-2026-42127 is a Grafana vulnerability affecting the public dashboard query endpoint. The issue arises because the endpoint does not limit the request body size before processing, allowing unauthenticated attackers to trigger memory exhaustion by sending arbitrarily large JSON payloads. The re...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/22 4:31 p.m.4 views

CVE-2026-42127 Pre-authentication denial of service in the public dashboard query endpoint

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/04 12:42 p.m.15 views

CVE-2026-47306

A flaw was found in rlottie, an open-source library for rendering Lottie animations. A local attacker could exploit this vulnerability by tricking a user into processing an oversized serialized data payload. This could lead to uncontrolled recursion, resulting in a denial of service DoS condition...

6.1CVSS5.7AI score0.00103EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.1 DoS (ESA-2026-32)

The version of Kibana installed on the remote host is prior to 8.19.16, 9.3.5, or 9.4.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-32 advisory. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-13...

6.5CVSS5.5AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:39 a.m.8 views

BIT-ELK-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-33464

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 8:16 p.m.22 views

CVE-2026-33464

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:35 p.m.6 views

CVE-2026-33464

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 7:35 p.m.8 views

CVE-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 7:35 p.m.39 views

CVE-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 7:35 p.m.13 views

EUVD-2026-33010

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Elastic
Elastic
added 2026/05/28 7:24 p.m.16 views

Kibana 8.19.16, 9.3.5, 9.4.1 Security Update (ESA-2026-32)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to...

6.5CVSS5.7AI score0.00245EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44491

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Uncontrolled Resource Consumption in Kibana can lead to a denial of service via Excessive Allocation. An authenticated user with a low-privileged role can submit a specially crafted, oversized...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 12:44 p.m.17 views

CVE-2021-47944

The CVE-2021-47944 entry concerns memono Notepad 4.2, where a denial-of-service condition can be triggered by pasting excessively long character buffers into note fields. A payload of ~350,000 repeated characters pasted twice into a new note can crash the iOS version. The vulnerability is documen...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 8:16 p.m.7 views

CVE-2026-34461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.8CVSS0.00172EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/05 7:28 p.m.9 views

EUVD-2026-27461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.3CVSS6.5AI score0.00172EPSS
Exploits1References1
Rows per page
Query Builder