489 matches found
PT-2026-35643
Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.81.16 through 1.83.6 Description An unauthenticated pre-auth SQL injection exists in the proxy API key verification process. The issue occurs because a database query mixes caller-supplied values directly into the query text...
PT-2026-34962
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the ksmbd component during the SPNEGO decoding process. When the ksmbd decode negTokenInit function processes the mechToken OCTET STRING element, the ksmbd neg...
CVE-2026-41343
OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...
CVE-2026-41343
OpenClaw is affected prior to version 2026.3.31. The vulnerability arises from a missing shared pre-auth concurrency budget on the public LINE webhook path, allowing remote attackers to flood the webhook endpoint with concurrent requests before signature verification, which can exhaust resources ...
PT-2026-34774
OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...
PT-2026-34270
Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with valid administrative credentials to execute arbitra...
SUSE CVE-2026-35512
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...
CVE-2026-35512
A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. This heap-based buffer overflow vulnerability, caused by insufficient validation of client-controlled size parameters, allows an out-of-bounds write via crafted Protocol Data Units PDUs. A remote attacker can exploit thi...
Exploit for Improper Access Control in Fortinet Forticlientems
CVE-2026-35616 — FortiClient EMS Pre-Auth Bypass Proof of Con...
Exploit for CVE-2026-39987
CVE-2026-39987 marimo is a reactive Python notebook. Prior to...
CVE-2026-35512 xrdp: Heap buffer overflow in EGFX channel
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...
EUVD-2026-23519
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...
EUVD-2026-22855
Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules.This issue affects BC-JAVA: before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion...
GHSA-CJ8J-37RH-8475 Bouncy Castle Uncontrolled Resource Consumption vulnerability
Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This issue affects BC-JAVA before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion...
CVE-2026-27890
Firebird CVE-2026-27890 is a pre-auth DoS flaw. In versions prior to 5.0.4, 4.0.7 and 3.0.14, during authentication the server assumes CNCT_specific_data segments arrive in strictly ascending order. If segments arrive out of order, the Array.grow() method computes a negative size, causing a SIGSE...
DEBIAN-CVE-2026-3505
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
CVE-2026-3505
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...
CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.
Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...