8476 matches found
EUVD-2026-25012
mv: symlinks expanded during cross-device move resource exhaustion / data duplication...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
CVE-2026-24012
CVE-2026-24012 – Apache IoTDB Denial of Service via Resource Exhaustion Description: An interface fails to cap the time span and aggregation interval of queries. An attacker can request an extremely large time range with a tiny interval, causing the DataNode to build an enormous result set in mem...
EUVD-2026-41856
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...
CVE-2026-24012 Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...
EUVD-2026-41631
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources. Affected: Gitea core before 1.25.5; component: git grep handling. Root cause: missing/absent timeout for git grep operations. Impact: potential resource exhaustion ...
CVE-2026-9563
A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...
CVE-2026-20216
A flaw was found in ClamAV's InstallShield file format parser. An unauthenticated, remote attacker could exploit this vulnerability by submitting a specially crafted InstallShield file for scanning. This improper handling of temporary resources during file scanning could lead to the termination o...
react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests
A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...
Allocation of Resources Without Limits or Throttling
Overview github.com/elastic/fleet-server/v7/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitti...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting specially crafted requests, potentially causing the service to become unavailable. Remediation Upgrade...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting specially crafted requests, potentially causing the service to become unavailable. Remediation Upgrade...
CVE-2026-54399
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
CVE-2026-56148
Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...